Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Cisco Support Community site will be in read only mode on Dec14, 2017 from 12:01am PST to 11:30am for standard maintenance. Sorry for the inconvenience.

New Member

ACS 4.0 and CNA 5.0

I have cisco ACS 4.0 running and it works nicely, but when i try to access the devices using Cisco Network Assitant 5.0 i get a continuous prompt as if my account isn't being authenticated. the account that i'm using has level 15 privilege on all devices on the network and if i use it to telnet into the devices all works well. any ideas that help me to resolve this issue would be greatly appreciated.

3 REPLIES

Re: ACS 4.0 and CNA 5.0

Cisco Network Assistant (CNA) uses the switches web interface to communicate with the switch, so the first step is to confirm that you can authenticate successfully with the switches web interface by pointing your web browser at the switches IP address.

If the authentication fails your problem is most likely that the authentication for the http or https service on the device is not correctly setup.

To fix this do the following:

ip http authentication aaa

ip http server

This will configure the http service to use your AAA settings to for its authentication.

Cisco Employee

Re: ACS 4.0 and CNA 5.0

Hi,

I would also suggest adding :-

"aaa authorization exec default group tacacs+ local" on all devices and give the user "Privilege Level" 15 on ACS.

Regards,

Vivek

New Member

Re: ACS 4.0 and CNA 5.0

Thanks for both suggestions, will try them out today. please find blow the config that i have on the devices:

aaa new-model

aaa authentication banner ^CCC Unauthorized use is Prohibited ^C

aaa authentication fail-message ^CCC Failed Login ^C

aaa authentication login default group tacacs+ local none

aaa authentication enable default group tacacs+ line enable none

aaa authorization exec default group tacacs+ if-authenticated

aaa accounting exec default start-stop group tacacs+

aaa accounting commands 0 default start-stop group tacacs+

aaa accounting commands 1 default start-stop group tacacs+

aaa accounting commands 15 default start-stop group tacacs+

i removed the none from behind local in the event that the server should become inaccessible and added a local user with level 15 privileges, but when i disconnected the switch from the network to test i was unable to access, kept getting an authentication failure error. thanks in advance for all your help.

516
Views
0
Helpful
3
Replies
CreatePlease to create content