cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
851
Views
2
Helpful
4
Replies

ip http authentication aaa login-authentication doesnt work

tcole1970
Level 1
Level 1

I have "ip tacacs source-interface Vlan1 " in my config because without it enabled I cant ssh in with tacacs. However, with that line in the config, I cant access via https unless I have the line "ip http authentication local"

4 Replies 4

Jagdeep Gambhir
Level 10
Level 10

For http access , the user should have privilege level 15. This is how you enable it on acs.

Bring users/groups in at level 15

1. Go to user or group setup in ACS

2. Drop down to "TACACS+ Settings"

3. Place a check in "Shell (Exec)"

4. Place a check in "Privilege level" and enter "15" in the adjacent field

Regards,

~JG

Do rate helpful posts

This is NOT the problem. All other switches except for the 10 we have to put the "ip tacacs source-interface Vlan1" work just fine when accessed via https using tacacs.

Then this is something you should have included in your first port.

Thanks for using rating system.

One small query, suppose you don't have the "ip http authentication local" statement in your config ... now when you try to login via HTTP, do you see any logs ( failed attempts or successfull) on the ACS server ?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: