Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Catalyst 2950 failed http authentication with tacacs+

I have a 2950 running IOS 12.1.13(EA1) with the following config.

I have a tacacs+ server setup for authentication for the switch. When I telnet into the switch, it prompts me for username and password which works fine. When i add the authentication for http management side of the switch. It says 'authentication failed' I have tried creating different username and password it still fails. If i use the local authentication instead of the tacacs+ for logging in using a web browser it will work fine. I have download the java client from cisco's website but still same problem. I also use the "debug ip http authentication" but messages are no assistance.

Can anyone explain this? is there something wrong with the config?

-------------------------------------------

aaa new-model

aaa authentication login default group tacacs+ local

aaa authorization exec default if-authenticated

aaa authorization network default if-authenticated

aaa accounting exec default start-stop group tacacs+

aaa accounting commands 15 default start-stop group tacacs+

aaa accounting connection default start-stop group tacacs+

ip http server

ip http authentication aaa tacacs+

---------------------------------------

1 REPLY
Silver

Re: Catalyst 2950 failed http authentication with tacacs+

Try changing ip http authentication aaa tacacs+ to

ip http authentication aaa

tacacs-server host single-connection

tacacs-server key ********

Also take a look at the outputs of debug ip http and debug aaa authentication which might give you some messages.

320
Views
0
Helpful
1
Replies
CreatePlease to create content