Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Authenticating HTTP with TACACS+

We have configured aaa authentication through a tacacs+ server in a catalyst switch. It works fine with console and telnet, but not with http access.

We see that console and telnet access makes that the catalyst uses tcp 49 port (tacacs+), but http access uses 49 udp port.

Our ACS works with 49 tcp (tacacs+), but not with 49 udp.

What's the problem? How can we solve it?

TIA

2 REPLIES
Silver

Re: Authenticating HTTP with TACACS+

I think you are using the old HTTP authentication command thats why its using UDP port 49, try using the following command

aaa authentication login default group tacacs+ enable

ip http authentication aaa

Silver

Re: Authenticating HTTP with TACACS+

Older version used to support XTACACS which used UDP port 49 rather than TCP/49 used for TACACS+. Please refer to this link and make sure that you have the config set up properly.

http://www.cisco.com/en/US/tech/tk583/tk642/technologies_tech_note09186a0080094ea4.shtml

102
Views
0
Helpful
2
Replies