04-11-2007 01:39 PM - edited 03-10-2019 03:05 PM
I have cisco ACS 4.0 running and it works nicely, but when i try to access the devices using Cisco Network Assitant 5.0 i get a continuous prompt as if my account isn't being authenticated. the account that i'm using has level 15 privilege on all devices on the network and if i use it to telnet into the devices all works well. any ideas that help me to resolve this issue would be greatly appreciated.
04-12-2007 01:56 AM
Cisco Network Assistant (CNA) uses the switches web interface to communicate with the switch, so the first step is to confirm that you can authenticate successfully with the switches web interface by pointing your web browser at the switches IP address.
If the authentication fails your problem is most likely that the authentication for the http or https service on the device is not correctly setup.
To fix this do the following:
ip http authentication aaa
ip http server
This will configure the http service to use your AAA settings to for its authentication.
04-12-2007 05:43 AM
Hi,
I would also suggest adding :-
"aaa authorization exec default group tacacs+ local" on all devices and give the user "Privilege Level" 15 on ACS.
Regards,
Vivek
04-12-2007 06:11 AM
Thanks for both suggestions, will try them out today. please find blow the config that i have on the devices:
aaa new-model
aaa authentication banner ^CCC Unauthorized use is Prohibited ^C
aaa authentication fail-message ^CCC Failed Login ^C
aaa authentication login default group tacacs+ local none
aaa authentication enable default group tacacs+ line enable none
aaa authorization exec default group tacacs+ if-authenticated
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 0 default start-stop group tacacs+
aaa accounting commands 1 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
i removed the none from behind local in the event that the server should become inaccessible and added a local user with level 15 privileges, but when i disconnected the switch from the network to test i was unable to access, kept getting an authentication failure error. thanks in advance for all your help.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: