I am unable to access the Cisco Wireless Access point using http(GUI)mode. after tacacs implementation. But i am able to access the same devices using telnet with tacacs user id.
Need some help in this...
The command is already there
if i remove the tacacs(no aaa new-model) from the device then it is working through http also.
LASAOAP1#sh ip http server all
HTTP server status: Enabled
HTTP server port: 80
HTTP server authentication method: aaa
HTTP server access class: 0
HTTP server base path: flash:/c1200-k9w7-mx.123-2.JA2/html/level/1;zflash:/c1200
Maximum number of concurrent server connections allowed: 5
Server idle time-out: 120 seconds
Server life time-out: 120 seconds
Maximum number of requests allowed on a connection: 60
HTTP secure server capability: Present
HTTP secure server status: Disabled
HTTP secure server port: 443
HTTP secure server ciphersuite: 3des-ede-cbc-sha des-cbc-sha rc4-128-md5 rc4-128
HTTP secure server client authentication: Disabled
HTTP secure server trustpoint:
HTTP server application session modules:
Session module Name Handle Description
Homepage_Server 3 IOS Homepage Server
HTTP IFS Server 1 HTTP based IOS File Server
WEB_EXEC 2 HTTP based IOS EXEC Server
HTTP server current connections:
local-ipaddress:port remote-ipaddress:port in-bytes out-bytes
HTTP server statistics:
Accepted connections total: 4
HTTP server history:
local-ipaddress:port remote-ipaddress:port in-bytes out-bytes end-time
188.8.131.52:80 192.168.15.243:14879 389 191 17:16:03 08/04
184.108.40.206:80 192.168.15.243:15112 436 191 17:16:13 08/04
220.127.116.11:80 192.168.15.243:15289 4011 54809 17:18:08 08/04
18.104.22.168:80 192.168.15.243:15488 5596 55155 17:18:28 08/04
Can you also show the aaa method-lists? Are you using the 'default' one for login?
show run | inc aaa
If not, you need to add that to the following command:
ip http authentication aaa ?
Thanks for your reply;
i have tried the command in other access point and it is working there. but now the problem for me is. with the TACACS user name & Password iam able to telnet to the device with full access but using http i am getting readonly access only.
Is somthing i have to add additionally.
the user is already having Privlege 15.the same tacacs user is having full access using telnet for the same device.
Then please attach the AAA/TACACS configs from troublesome AP's CLI and the following debugs:
debug ip http authentication
debug aaa authentication
I observed that my tacacs user is logging into the device using http but he is getting the Priv-level = 1,the user is already having the Priv-level = 15. please advise me
Aug 5 09:53:29.492: HTTP: Authentication username = 'gkc' priv-level = 1 auth-t
ype = aaa