Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
793
Views
0
Helpful
3
Replies

ACS 4.0 and CNA 5.0

pacsniffing
Level 1
Level 1

‎04-11-2007 01:39 PM - edited ‎03-10-2019 03:05 PM

I have cisco ACS 4.0 running and it works nicely, but when i try to access the devices using Cisco Network Assitant 5.0 i get a continuous prompt as if my account isn't being authenticated. the account that i'm using has level 15 privilege on all devices on the network and if i use it to telnet into the devices all works well. any ideas that help me to resolve this issue would be greatly appreciated.

Labels:
0 Helpful
3 Replies 3

Craig Balfour
Level 1
Level 1

‎04-12-2007 01:56 AM

Cisco Network Assistant (CNA) uses the switches web interface to communicate with the switch, so the first step is to confirm that you can authenticate successfully with the switches web interface by pointing your web browser at the switches IP address.

If the authentication fails your problem is most likely that the authentication for the http or https service on the device is not correctly setup.

To fix this do the following:

ip http authentication aaa

ip http server

This will configure the http service to use your AAA settings to for its authentication.

0 Helpful

Vivek Santuka
Cisco Employee
Cisco Employee
In response to Craig Balfour

‎04-12-2007 05:43 AM

Hi,

I would also suggest adding :-

"aaa authorization exec default group tacacs+ local" on all devices and give the user "Privilege Level" 15 on ACS.

Regards,

Vivek

0 Helpful

pacsniffing
Level 1
Level 1
In response to Vivek Santuka

‎04-12-2007 06:11 AM

Thanks for both suggestions, will try them out today. please find blow the config that i have on the devices:

aaa new-model

aaa authentication banner ^CCC Unauthorized use is Prohibited ^C

aaa authentication fail-message ^CCC Failed Login ^C

aaa authentication login default group tacacs+ local none

aaa authentication enable default group tacacs+ line enable none

aaa authorization exec default group tacacs+ if-authenticated

aaa accounting exec default start-stop group tacacs+

aaa accounting commands 0 default start-stop group tacacs+

aaa accounting commands 1 default start-stop group tacacs+

aaa accounting commands 15 default start-stop group tacacs+

i removed the none from behind local in the event that the server should become inaccessible and added a local user with level 15 privileges, but when i disconnected the switch from the network to test i was unable to access, kept getting an authentication failure error. thanks in advance for all your help.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents