ip http authentication aaa login-authentication doesnt work

Unanswered Question
Jul 22nd, 2008
User Badges:

I have "ip tacacs source-interface Vlan1 " in my config because without it enabled I cant ssh in with tacacs. However, with that line in the config, I cant access via https unless I have the line "ip http authentication local"

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 1 (2 ratings)
Jagdeep Gambhir Wed, 07/23/2008 - 05:01
User Badges:
  • Red, 2250 points or more

For http access , the user should have privilege level 15. This is how you enable it on acs.

Bring users/groups in at level 15

1. Go to user or group setup in ACS

2. Drop down to "TACACS+ Settings"

3. Place a check in "Shell (Exec)"

4. Place a check in "Privilege level" and enter "15" in the adjacent field



Do rate helpful posts

tcole1970 Wed, 07/23/2008 - 07:19
User Badges:

This is NOT the problem. All other switches except for the 10 we have to put the "ip tacacs source-interface Vlan1" work just fine when accessed via https using tacacs.

Jagdeep Gambhir Wed, 07/23/2008 - 13:30
User Badges:
  • Red, 2250 points or more

Then this is something you should have included in your first port.

Thanks for using rating system.

dhananjoy chowdhury Wed, 07/23/2008 - 14:02
User Badges:
  • Silver, 250 points or more

One small query, suppose you don't have the "ip http authentication local" statement in your config ... now when you try to login via HTTP, do you see any logs ( failed attempts or successfull) on the ACS server ?


This Discussion