I have cisco ACS 4.0 running and it works nicely, but when i try to access the devices using Cisco Network Assitant 5.0 i get a continuous prompt as if my account isn't being authenticated. the account that i'm using has level 15 privilege on all devices on the network and if i use it to telnet into the devices all works well. any ideas that help me to resolve this issue would be greatly appreciated.
Cisco Network Assistant (CNA) uses the switches web interface to communicate with the switch, so the first step is to confirm that you can authenticate successfully with the switches web interface by pointing your web browser at the switches IP address.
If the authentication fails your problem is most likely that the authentication for the http or https service on the device is not correctly setup.
To fix this do the following:
ip http authentication aaa
ip http server
This will configure the http service to use your AAA settings to for its authentication.
aaa authentication login default group tacacs+ local none
aaa authentication enable default group tacacs+ line enable none
aaa authorization exec default group tacacs+ if-authenticated
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 0 default start-stop group tacacs+
aaa accounting commands 1 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
i removed the none from behind local in the event that the server should become inaccessible and added a local user with level 15 privileges, but when i disconnected the switch from the network to test i was unable to access, kept getting an authentication failure error. thanks in advance for all your help.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :