Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

How to configure authentication for HTTP access to the switch with Cisco Secure ACS

Resolution

In order to configure HTTP access to switch, this configuration is required on switch with Cisco IOS  Software Release 12.2(37)SE:

      tacacs-server host key
   ip tacacs source-interface vlan

   aaa cache profile admin_cache
   all

   aaa group server tacacs+ tac_admin
   server
   cache expiry 1
   cache authorization profile admin_cache
   cache authentication profile admin_cache

   ip http server
   ip http authentication aaa

   aaa authentication login CON-HTTP cache tac_admin group tac_admin local
   aaa authorization exec CON-HTTP cache tac_admin group tac_admin local

   line con 0
   login authentication CON-HTTP
   authorization exec CON-HTTP

For Cisco IOS Software Release 12.2(25r)SE1, refer to these commands:

    tacacs-server host key
  ip tacacs source-interface vlan

  aaa group server tacacs+ tac_admin
  server

  ip http server
  ip http authentication aaa

  aaa authentication login CON-HTTP cache tac_admin group tac_admin local
  aaa authorization exec CON-HTTP cache tac_admin group tac_admin local

  line con 0
  login authentication CON-HTTP
  authorization exec CON-HTTP

Note: On ACS, make sure that under Group user Shell(exec) is checked, Privilege Level is checked, and that value is 15.

Also check if the TACACS+ server Configuration is present. If TACACS+ server Configuration is not present configure the same.

If the authentication failed with TACACS+, then it will try to authenticate with local database. This kind of authentication will give priviledge level 1.

For more information on TACACS+ server Configuration, refer to | Identifying the TACACS+ Server Host and Setting the Authentication Key

For more information on configuring a priviledge level, refer to | Setting the Privilege Level for a Command

Comments
New Member

Hi cisco-admin,

I've tried your configuration on Catalyst 3750E running IOS version 12.2(52)SE and it works. But when i tried to configure it on Catalyst 3560G running IOS version 12.2(50)SE5, it doesn't work. i've upgraded the IOS to latest version 12.2(58)SE2, however it's still no luck. Maybe do you have any idea?

Thanks.

13347
Views
0
Helpful
1
Comments