Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Cisco Wireless Access point are not working after TACACS Implementation

Hi,

I am unable to access the Cisco Wireless Access point using http(GUI)mode. after tacacs implementation. But i am able to access the same devices using telnet with tacacs user id.

Need some help in this...

10 REPLIES

Re: Cisco Wireless Access point are not working after TACACS Imp

Look at the 'ip http authentication' command.

Regards

Farrukh

New Member

Re: Cisco Wireless Access point are not working after TACACS Imp

Yes,

The command is already there

if i remove the tacacs(no aaa new-model) from the device then it is working through http also.

Re: Cisco Wireless Access point are not working after TACACS Imp

It is ip http authentication aaa?

Can you post output of show ip http server all?

REgards

Farrukh

New Member

Re: Cisco Wireless Access point are not working after TACACS Imp

LASAOAP1#sh ip http server all

HTTP server status: Enabled

HTTP server port: 80

HTTP server authentication method: aaa

HTTP server access class: 0

HTTP server base path: flash:/c1200-k9w7-mx.123-2.JA2/html/level/1;zflash:/c1200

-k9w7-mx.123-2.JA2/html/level/1;flash:/c1200-k9w7-mx.123-2.JA2/html/level/15;zfl

ash:/c1200-k9w7-mx.123-2.JA2/html/level/15;flash:/c1200-k9w7-mx.123-2.JA2/html;z

flash:/c1200-k9w7-mx.123-2.JA2/html;flash:

Maximum number of concurrent server connections allowed: 5

Server idle time-out: 120 seconds

Server life time-out: 120 seconds

Maximum number of requests allowed on a connection: 60

HTTP secure server capability: Present

HTTP secure server status: Disabled

HTTP secure server port: 443

HTTP secure server ciphersuite: 3des-ede-cbc-sha des-cbc-sha rc4-128-md5 rc4-128

-sha

HTTP secure server client authentication: Disabled

HTTP secure server trustpoint:

HTTP server application session modules:

Session module Name Handle Description

Homepage_Server 3 IOS Homepage Server

HTTP IFS Server 1 HTTP based IOS File Server

WEB_EXEC 2 HTTP based IOS EXEC Server

HTTP server current connections:

local-ipaddress:port remote-ipaddress:port in-bytes out-bytes

HTTP server statistics:

Accepted connections total: 4

HTTP server history:

local-ipaddress:port remote-ipaddress:port in-bytes out-bytes end-time

100.193.1.240:80 192.168.15.243:14879 389 191 17:16:03 08/04

100.193.1.240:80 192.168.15.243:15112 436 191 17:16:13 08/04

100.193.1.240:80 192.168.15.243:15289 4011 54809 17:18:08 08/04

100.193.1.240:80 192.168.15.243:15488 5596 55155 17:18:28 08/04

Re: Cisco Wireless Access point are not working after TACACS Imp

Can you also show the aaa method-lists? Are you using the 'default' one for login?

show run | inc aaa

If not, you need to add that to the following command:

ip http authentication aaa ?

Regards

Farrukh

New Member

Re: Cisco Wireless Access point are not working after TACACS Imp

Hi,

Thanks for your reply;

i have tried the command in other access point and it is working there. but now the problem for me is. with the TACACS user name & Password iam able to telnet to the device with full access but using http i am getting readonly access only.

Is somthing i have to add additionally.

Re: Cisco Wireless Access point are not working after TACACS Imp

Please try assigning privlege level 15 to the admin users in the TACACS server.

Regards

Farrukh

New Member

Re: Cisco Wireless Access point are not working after TACACS Imp

Hi,

the user is already having Privlege 15.the same tacacs user is having full access using telnet for the same device.

Re: Cisco Wireless Access point are not working after TACACS Imp

Then please attach the AAA/TACACS configs from troublesome AP's CLI and the following debugs:

debug ip http authentication

debug tacacs

debug aaa authentication

Regards

Farrukh

New Member

Re: Cisco Wireless Access point are not working after TACACS Imp

Hi,

I observed that my tacacs user is logging into the device using http but he is getting the Priv-level = 1,the user is already having the Priv-level = 15. please advise me

Aug 5 09:53:29.492: HTTP: Authentication username = 'gkc' priv-level = 1 auth-t

ype = aaa

344
Views
0
Helpful
10
Replies