cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
881
Views
0
Helpful
10
Replies

Cisco Wireless Access point are not working after TACACS Implementation

chaitu_kranthi
Level 1
Level 1

Hi,

I am unable to access the Cisco Wireless Access point using http(GUI)mode. after tacacs implementation. But i am able to access the same devices using telnet with tacacs user id.

Need some help in this...

10 Replies 10

Farrukh Haroon
VIP Alumni
VIP Alumni

Look at the 'ip http authentication' command.

Regards

Farrukh

Yes,

The command is already there

if i remove the tacacs(no aaa new-model) from the device then it is working through http also.

It is ip http authentication aaa?

Can you post output of show ip http server all?

REgards

Farrukh

LASAOAP1#sh ip http server all

HTTP server status: Enabled

HTTP server port: 80

HTTP server authentication method: aaa

HTTP server access class: 0

HTTP server base path: flash:/c1200-k9w7-mx.123-2.JA2/html/level/1;zflash:/c1200

-k9w7-mx.123-2.JA2/html/level/1;flash:/c1200-k9w7-mx.123-2.JA2/html/level/15;zfl

ash:/c1200-k9w7-mx.123-2.JA2/html/level/15;flash:/c1200-k9w7-mx.123-2.JA2/html;z

flash:/c1200-k9w7-mx.123-2.JA2/html;flash:

Maximum number of concurrent server connections allowed: 5

Server idle time-out: 120 seconds

Server life time-out: 120 seconds

Maximum number of requests allowed on a connection: 60

HTTP secure server capability: Present

HTTP secure server status: Disabled

HTTP secure server port: 443

HTTP secure server ciphersuite: 3des-ede-cbc-sha des-cbc-sha rc4-128-md5 rc4-128

-sha

HTTP secure server client authentication: Disabled

HTTP secure server trustpoint:

HTTP server application session modules:

Session module Name Handle Description

Homepage_Server 3 IOS Homepage Server

HTTP IFS Server 1 HTTP based IOS File Server

WEB_EXEC 2 HTTP based IOS EXEC Server

HTTP server current connections:

local-ipaddress:port remote-ipaddress:port in-bytes out-bytes

HTTP server statistics:

Accepted connections total: 4

HTTP server history:

local-ipaddress:port remote-ipaddress:port in-bytes out-bytes end-time

100.193.1.240:80 192.168.15.243:14879 389 191 17:16:03 08/04

100.193.1.240:80 192.168.15.243:15112 436 191 17:16:13 08/04

100.193.1.240:80 192.168.15.243:15289 4011 54809 17:18:08 08/04

100.193.1.240:80 192.168.15.243:15488 5596 55155 17:18:28 08/04

Can you also show the aaa method-lists? Are you using the 'default' one for login?

show run | inc aaa

If not, you need to add that to the following command:

ip http authentication aaa ?

Regards

Farrukh

Hi,

Thanks for your reply;

i have tried the command in other access point and it is working there. but now the problem for me is. with the TACACS user name & Password iam able to telnet to the device with full access but using http i am getting readonly access only.

Is somthing i have to add additionally.

Please try assigning privlege level 15 to the admin users in the TACACS server.

Regards

Farrukh

Hi,

the user is already having Privlege 15.the same tacacs user is having full access using telnet for the same device.

Then please attach the AAA/TACACS configs from troublesome AP's CLI and the following debugs:

debug ip http authentication

debug tacacs

debug aaa authentication

Regards

Farrukh

Hi,

I observed that my tacacs user is logging into the device using http but he is getting the Priv-level = 1,the user is already having the Priv-level = 15. please advise me

Aug 5 09:53:29.492: HTTP: Authentication username = 'gkc' priv-level = 1 auth-t

ype = aaa

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: