Tacacs validation via HTTP (3500&2950 Series Switches)

Discussion in 'Cisco' started by MarcelM, Sep 2, 2004.

  1. MarcelM

    MarcelM Guest

    I have tacacs running but do not get it working via http.
    does anyone had luck with that ?

    Even tried to use "ip http authen aaa" but it failed to authenticate.

    normal tacacs for telnet/console is working fine

    any idea ??
    MarcelM, Sep 2, 2004
    #1
    1. Advertising

  2. Marcel,
    Are you having problems on the XL and 2950 switches? What version
    of IOS is running on each platform. I seem to remember that there was
    a problem in older IOS versions for the XLs (35xx and 29xx) where
    tacacs authentication for the CVSM (the GUI web interface) was not
    working. I cannot recall which version of code fixed it. It was a bug
    which was eventually fixed in a code revision. Answer back with which
    switches and IOS versions you are encountering this issue - maybe
    someone with CCO access can kindly dig it up, or maybe I can find it
    in release notes.

    -Robert

    (MarcelM) wrote in message news:<>...
    > I have tacacs running but do not get it working via http.
    > does anyone had luck with that ?
    >
    > Even tried to use "ip http authen aaa" but it failed to authenticate.
    >
    > normal tacacs for telnet/console is working fine
    >
    > any idea ??
    Robert B. Phillips II, Sep 7, 2004
    #2
    1. Advertising

  3. MarcelM

    Scott Guest

    Marcel,

    I just had the same problem. What corrected my problem is using the following...

    aaa authentication login default group tacacs+ local
    aaa authentication enable default group tacacs+ enable
    aaa authorization exec default group tacacs+
    aaa authorization commands 15 default group tacacs+ if-authenticated
    ip http authentication aaa
    ip http server

    -Scott


    (Robert B. Phillips II) wrote in message news:<>...
    > Marcel,
    > Are you having problems on the XL and 2950 switches? What version
    > of IOS is running on each platform. I seem to remember that there was
    > a problem in older IOS versions for the XLs (35xx and 29xx) where
    > tacacs authentication for the CVSM (the GUI web interface) was not
    > working. I cannot recall which version of code fixed it. It was a bug
    > which was eventually fixed in a code revision. Answer back with which
    > switches and IOS versions you are encountering this issue - maybe
    > someone with CCO access can kindly dig it up, or maybe I can find it
    > in release notes.
    >
    > -Robert
    >
    > (MarcelM) wrote in message news:<>...
    > > I have tacacs running but do not get it working via http.
    > > does anyone had luck with that ?
    > >
    > > Even tried to use "ip http authen aaa" but it failed to authenticate.
    > >
    > > normal tacacs for telnet/console is working fine
    > >
    > > any idea ??
    Scott, Sep 10, 2004
    #3
  4. MarcelM

    MarcelM Guest

    Hi Robert,

    Yes i have tested with both 3500&2950 Serie switches.
    the 3500 is running c3500xl-c3h2s-mz.120-5.WC7.bin.
    I just opened a CCO case at Cisco, will see if they can help me :)
    MarcelM, Sep 10, 2004
    #4
  5. MarcelM

    MarcelM Guest

    Hi Scott

    I have it setup like you mentioned, except i do not have the third line
    but even if i add that it doesn't work :(
    Have opened a case at cisco, hope they can advice me more.




    (Scott) wrote in message news:<>...
    > Marcel,
    >
    > I just had the same problem. What corrected my problem is using the following...
    >
    > aaa authentication login default group tacacs+ local
    > aaa authentication enable default group tacacs+ enable
    > aaa authorization exec default group tacacs+
    > aaa authorization commands 15 default group tacacs+ if-authenticated
    > ip http authentication aaa
    > ip http server
    >
    > -Scott
    >
    >
    > (Robert B. Phillips II) wrote in message news:<>...
    > > Marcel,
    > > Are you having problems on the XL and 2950 switches? What version
    > > of IOS is running on each platform. I seem to remember that there was
    > > a problem in older IOS versions for the XLs (35xx and 29xx) where
    > > tacacs authentication for the CVSM (the GUI web interface) was not
    > > working. I cannot recall which version of code fixed it. It was a bug
    > > which was eventually fixed in a code revision. Answer back with which
    > > switches and IOS versions you are encountering this issue - maybe
    > > someone with CCO access can kindly dig it up, or maybe I can find it
    > > in release notes.
    > >
    > > -Robert
    > >
    > > (MarcelM) wrote in message news:<>...
    > > > I have tacacs running but do not get it working via http.
    > > > does anyone had luck with that ?
    > > >
    > > > Even tried to use "ip http authen aaa" but it failed to authenticate.
    > > >
    > > > normal tacacs for telnet/console is working fine
    > > >
    > > > any idea ??
    MarcelM, Sep 10, 2004
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Fred Atkinson

    Pruning on 3500 and 3550 series switches

    Fred Atkinson, Nov 1, 2005, in forum: Cisco
    Replies:
    1
    Views:
    1,093
  2. Replies:
    1
    Views:
    1,457
    Vivek
    Nov 14, 2005
  3. Jimmy
    Replies:
    3
    Views:
    1,719
    Render Me
    Sep 12, 2005
  4. JohnF

    ? Cisco Catalyst 3500 XL Series Switches

    JohnF, Jul 21, 2006, in forum: Computer Support
    Replies:
    26
    Views:
    2,972
  5. milan_9211

    HTTP SOAP/HTTP GET/HTTP POST

    milan_9211, Jan 10, 2011, in forum: Software
    Replies:
    0
    Views:
    3,058
    milan_9211
    Jan 10, 2011
Loading...

Share This Page