AAA to wireless access point

Unanswered Question
Mar 24th, 2009

I have trying to use AAA and a TACACS server to authenitcate user admin access to an access point (Aironet 1200). I am having trouble getting access through the http server to work. I can console and ssh to the device and use my ACS user account to authenticate. When access the device via a browser, I am prompted for a username/password to get level 1 access. I am permitted access. When I access other pages in the browser configuration, I am prompted for a level 15 username/password. I fail at this point. My ACS account is allowed level 15 access. The ACS logs indicate my user account is not in the database or has been locked. My account isn't locked. My configure looks like this:

aaa authentication login default group tacacs+ local

aaa authentication login eap_methods group rad_eap

aaa authentication login mac_methods local

aaa authorization exec default local

aaa accounting network acct_methods start-stop group rad_acct

no ip http server

ip http authentication aaa

ip http secure-server

ip http help-path


tacacs-server host

tacacs-server timeout 2

tacacs-server directed-request

tacacs-server key *****

Any ideas?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
rmeans Tue, 03/24/2009 - 08:10

found my problem.

aaa authorization exec default local

should be

aaa authorization exec default group tacacs+ local


This Discussion