cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
722
Views
0
Helpful
2
Replies

Https with aaa tacacs on 3750 -> impossible to connect

DWAM_2
Level 3
Level 3

Hello,

here is my configuration of 3750 :

aaa new-model

aaa group server tacacs+ ACCES

server 10.99.4.1

server 10.99.4.2

!

aaa authentication login default local group ACCES

aaa authentication enable default enable group ACCES

aaa authorization exec default local group ACCES

aaa accounting send stop-record authentication failure

aaa accounting exec default start-stop group ACCES

aaa accounting commands 1 default start-stop group ACCES

aaa accounting commands 15 default start-stop group ACCES

and

no ip http server

ip http authentication aaa

ip http secure-server

and

tacacs-server host 10.99.4.1

tacacs-server host 10.99.4.2

tacacs-server timeout 3

tacacs-server directed-request

tacacs-server key XYZP

No problem to connect with ssh but it doesn't work with https !

When I debug aaa , http and tacacs, it seems that 3750 doesn't send something to acs.

The version is :

"flash:c3750-ipbasek9-mz.122-25.SEE1/c3750-ipbasek9-mz.122-25.SEE1.bin"

Thank you for your help.

2 Replies 2

b.speltz
Level 4
Level 4

try enabling ip http server authentication

Hi,

Enter the following commands on the switch and let me know if it helps

ip http authentication aaa login-authentication

and ip http authentication aaa exec-authorization.

Thanks

Gagan

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: