Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

CNA authentication - tacacs

Hi there,

I am trying to get CNA working on a 2960S-24PS-L

I am running CNA versionb 5.8(9) and we use tacacs for authentication.

Haven't managed to get it working. I can telnet to it using my TACACS credentials fine but CNA doesnt work.

Didnt see an option for ip http authentication tacacs or group so went with ip authentication aaa

Anyone seen this problem before?

I also tried to adding

aaa authentication enable default group DSLWG-TACACS

When I add the command above then debugs shows:

LINZJQ-03N-2C29-01#

AAA/BIND(00000026): Bind i/f

AAA/AUTHEN/LOGIN (00000026): Pick method list 'Permanent Local'

Current config:

aaa group server tacacs+ DSLWG-TACACS

server x.x.x.x

aaa authentication login CLI group DSLWG-TACACS enable

aaa authorization console

aaa authorization exec CLI group DSLWG-TACACS if-authenticated

aaa authorization commands 1 CLI group DSLWG-TACACS if-authenticated

aaa authorization commands 5 CLI group DSLWG-TACACS if-authenticated

aaa authorization commands 15 CLI group DSLWG-TACACS if-authenticated

aaa accounting exec CLI start-stop group DSLWG-TACACS

aaa accounting commands 1 default start-stop group DSLWG-TACACS

aaa accounting commands 1 CLI start-stop group DSLWG-TACACS

aaa accounting commands 5 CLI start-stop group DSLWG-TACACS

aaa accounting commands 15 default start-stop group DSLWG-TACACS

aaa accounting commands 15 CLI start-stop group DSLWG-TACACS

ip http server

ip http authentication aaa

no ip http secure-server

Thanks

  • LAN Switching and Routing
139
Views
0
Helpful
0
Replies