«

I have tacacs running but do not get it working via http.
does anyone had luck with that ?

Even tried to use "ip http authen aaa" but it failed to authenticate.

normal tacacs for telnet/console is working fine

any idea ??

Marcel,
Are you having problems on the XL and 2950 switches? What version
of IOS is running on each platform. I seem to remember that there was
a problem in older IOS versions for the XLs (35xx and 29xx) where
tacacs authentication for the CVSM (the GUI web interface) was not
working. I cannot recall which version of code fixed it. It was a bug
which was eventually fixed in a code revision. Answer back with which
switches and IOS versions you are encountering this issue - maybe
someone with CCO access can kindly dig it up, or maybe I can find it
in release notes.

-Robert

(MarcelM) wrote in message news:<. com>...
> I have tacacs running but do not get it working via http.
> does anyone had luck with that ?
>
> Even tried to use "ip http authen aaa" but it failed to authenticate.
>
> normal tacacs for telnet/console is working fine
>
> any idea ??

Marcel,

I just had the same problem. What corrected my problem is using the following...

aaa authentication login default group tacacs+ local
aaa authentication enable default group tacacs+ enable
aaa authorization exec default group tacacs+
aaa authorization commands 15 default group tacacs+ if-authenticated
ip http authentication aaa
ip http server

-Scott


(Robert B. Phillips II) wrote in message news:< om>...
> Marcel,
> Are you having problems on the XL and 2950 switches? What version
> of IOS is running on each platform. I seem to remember that there was
> a problem in older IOS versions for the XLs (35xx and 29xx) where
> tacacs authentication for the CVSM (the GUI web interface) was not
> working. I cannot recall which version of code fixed it. It was a bug
> which was eventually fixed in a code revision. Answer back with which
> switches and IOS versions you are encountering this issue - maybe
> someone with CCO access can kindly dig it up, or maybe I can find it
> in release notes.
>
> -Robert
>
> (MarcelM) wrote in message news:<. com>...
> > I have tacacs running but do not get it working via http.
> > does anyone had luck with that ?
> >
> > Even tried to use "ip http authen aaa" but it failed to authenticate.
> >
> > normal tacacs for telnet/console is working fine
> >
> > any idea ??

Hi Robert,

Yes i have tested with both 3500&2950 Serie switches.
the 3500 is running c3500xl-c3h2s-mz.120-5.WC7.bin.
I just opened a CCO case at Cisco, will see if they can help me

Hi Scott

I have it setup like you mentioned, except i do not have the third line
but even if i add that it doesn't work
Have opened a case at cisco, hope they can advice me more.




(Scott) wrote in message news:<. com>...
> Marcel,
>
> I just had the same problem. What corrected my problem is using the following...
>
> aaa authentication login default group tacacs+ local
> aaa authentication enable default group tacacs+ enable
> aaa authorization exec default group tacacs+
> aaa authorization commands 15 default group tacacs+ if-authenticated
> ip http authentication aaa
> ip http server
>
> -Scott
>
>
> (Robert B. Phillips II) wrote in message news:< om>...
> > Marcel,
> > Are you having problems on the XL and 2950 switches? What version
> > of IOS is running on each platform. I seem to remember that there was
> > a problem in older IOS versions for the XLs (35xx and 29xx) where
> > tacacs authentication for the CVSM (the GUI web interface) was not
> > working. I cannot recall which version of code fixed it. It was a bug
> > which was eventually fixed in a code revision. Answer back with which
> > switches and IOS versions you are encountering this issue - maybe
> > someone with CCO access can kindly dig it up, or maybe I can find it
> > in release notes.
> >
> > -Robert
> >
> > (MarcelM) wrote in message news:<. com>...
> > > I have tacacs running but do not get it working via http.
> > > does anyone had luck with that ?
> > >
> > > Even tried to use "ip http authen aaa" but it failed to authenticate.
> > >
> > > normal tacacs for telnet/console is working fine
> > >
> > > any idea ??