Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

CMS & ACS 3.0 problem

I use Windows NT4 Server SP6a Internet Explorer 6.1 SP1 configured as reported in the document Troubleshooting CMS.

I use ACS 3.0 with TACACS+ to authenticate vty login and privileged access to catalyst switches 2900XL, 2950, 3500, 3550.

I use CiscoView 5.1 with java plug-in 1.31.

Under CiscoView if i double clic on a Catalyst switch the browser open a new windows tryng to connect to the web server of the Catalyst. At this time i'm asked for a username and a password.

If the switch is configured without tacacs+ (no aaa new-model) i can login using the enable password in both fields as usual.

If the switch is configured ti use ACS 3.0 tacacs+ server for authentication the browser keeps asking for username and password indefinitely.

It seems like the browser cannot perform tacacs+ authentication. Is that possible. Is there anything i can do to solve the problem and use both CMS and ACS 3.0?

Thank You

The problem is

2 REPLIES
Community Member

Re: CMS & ACS 3.0 problem

Is the command ip http authentication aaa added to the configuration of the catalyst switches? do you use the latest ciscoview package? and make sure that the (Tacacs) user has privilege 15 level

Anonymous
N/A

Re: CMS & ACS 3.0 problem

no the command ip http authentication aaa was not issued.

I tried it but it still doesn't work (keeps asking username and password indefinitely). I also tried ip http authentication tacacs but nothing...

Tacacs+ authentication works correctly for vty login an console.

Following the aaa configuration on the switch:

aaa new-model

aaa authentication login login-pwd group tacacs+ enable

aaa authentication enable default group tacacs+ enable

aaa accounting exec accounting start-stop group tacacs+

aaa accounting commands 15 accounting start-stop group tacacs+

aaa accounting system default start-stop group tacacs+

ip http authentication aaa (i also tried ip http authentication tacacs)

If i issue the command no aaa new-model everything works fine but i lose tacacs+ authentication.

The user has privilege level = 15 (i have no problem for login and enable authentication on vty).

The package are the last ones (every thing is updated with the last patches) but the problem is the http server, the problem infact is exactly the same if i launch http:// or if i connect to it with ciscoview and double clic on the devise (it's exactly the same, a new browser windows pops-up with the address of the catalyst).

Thank You for Your help.

I attended MCNS 3.0 and then i received ACS 3.0 which is a great aaa server but i'm founding difficulties to integrate in my network. Your help is very much appreciated.

64
Views
0
Helpful
2
Replies
CreatePlease to create content