08-04-2008 08:17 AM - edited 03-10-2019 04:00 PM
Hi,
I am unable to access the Cisco Wireless Access point using http(GUI)mode. after tacacs implementation. But i am able to access the same devices using telnet with tacacs user id.
Need some help in this...
08-04-2008 08:49 AM
Look at the 'ip http authentication' command.
Regards
Farrukh
08-04-2008 08:54 AM
Yes,
The command is already there
if i remove the tacacs(no aaa new-model) from the device then it is working through http also.
08-04-2008 09:06 AM
It is ip http authentication aaa?
Can you post output of show ip http server all?
REgards
Farrukh
08-04-2008 09:38 AM
LASAOAP1#sh ip http server all
HTTP server status: Enabled
HTTP server port: 80
HTTP server authentication method: aaa
HTTP server access class: 0
HTTP server base path: flash:/c1200-k9w7-mx.123-2.JA2/html/level/1;zflash:/c1200
-k9w7-mx.123-2.JA2/html/level/1;flash:/c1200-k9w7-mx.123-2.JA2/html/level/15;zfl
ash:/c1200-k9w7-mx.123-2.JA2/html/level/15;flash:/c1200-k9w7-mx.123-2.JA2/html;z
flash:/c1200-k9w7-mx.123-2.JA2/html;flash:
Maximum number of concurrent server connections allowed: 5
Server idle time-out: 120 seconds
Server life time-out: 120 seconds
Maximum number of requests allowed on a connection: 60
HTTP secure server capability: Present
HTTP secure server status: Disabled
HTTP secure server port: 443
HTTP secure server ciphersuite: 3des-ede-cbc-sha des-cbc-sha rc4-128-md5 rc4-128
-sha
HTTP secure server client authentication: Disabled
HTTP secure server trustpoint:
HTTP server application session modules:
Session module Name Handle Description
Homepage_Server 3 IOS Homepage Server
HTTP IFS Server 1 HTTP based IOS File Server
WEB_EXEC 2 HTTP based IOS EXEC Server
HTTP server current connections:
local-ipaddress:port remote-ipaddress:port in-bytes out-bytes
HTTP server statistics:
Accepted connections total: 4
HTTP server history:
local-ipaddress:port remote-ipaddress:port in-bytes out-bytes end-time
100.193.1.240:80 192.168.15.243:14879 389 191 17:16:03 08/04
100.193.1.240:80 192.168.15.243:15112 436 191 17:16:13 08/04
100.193.1.240:80 192.168.15.243:15289 4011 54809 17:18:08 08/04
100.193.1.240:80 192.168.15.243:15488 5596 55155 17:18:28 08/04
08-04-2008 10:23 AM
Can you also show the aaa method-lists? Are you using the 'default' one for login?
show run | inc aaa
If not, you need to add that to the following command:
ip http authentication aaa ?
Regards
Farrukh
08-04-2008 08:31 PM
Hi,
Thanks for your reply;
i have tried the command in other access point and it is working there. but now the problem for me is. with the TACACS user name & Password iam able to telnet to the device with full access but using http i am getting readonly access only.
Is somthing i have to add additionally.
08-04-2008 09:53 PM
Please try assigning privlege level 15 to the admin users in the TACACS server.
Regards
Farrukh
08-04-2008 10:16 PM
Hi,
the user is already having Privlege 15.the same tacacs user is having full access using telnet for the same device.
08-04-2008 10:20 PM
Then please attach the AAA/TACACS configs from troublesome AP's CLI and the following debugs:
debug ip http authentication
debug tacacs
debug aaa authentication
Regards
Farrukh
08-05-2008 01:58 AM
Hi,
I observed that my tacacs user is logging into the device using http but he is getting the Priv-level = 1,the user is already having the Priv-level = 15. please advise me
Aug 5 09:53:29.492: HTTP: Authentication username = 'gkc' priv-level = 1 auth-t
ype = aaa
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide