Tacacs validation via HTTP (3500&2950 Series Switches)

Discussion in 'Cisco' started by MarcelM, Sep 2, 2004.

  1. MarcelM

    MarcelM Guest

    I have tacacs running but do not get it working via http.
    does anyone had luck with that ?

    Even tried to use "ip http authen aaa" but it failed to authenticate.

    normal tacacs for telnet/console is working fine

    any idea ??
     
    MarcelM, Sep 2, 2004
    #1
    1. Advertisements

  2. Marcel,
    Are you having problems on the XL and 2950 switches? What version
    of IOS is running on each platform. I seem to remember that there was
    a problem in older IOS versions for the XLs (35xx and 29xx) where
    tacacs authentication for the CVSM (the GUI web interface) was not
    working. I cannot recall which version of code fixed it. It was a bug
    which was eventually fixed in a code revision. Answer back with which
    switches and IOS versions you are encountering this issue - maybe
    someone with CCO access can kindly dig it up, or maybe I can find it
    in release notes.

    -Robert
     
    Robert B. Phillips II, Sep 7, 2004
    #2
    1. Advertisements

  3. MarcelM

    Scott Guest

    Marcel,

    I just had the same problem. What corrected my problem is using the following...

    aaa authentication login default group tacacs+ local
    aaa authentication enable default group tacacs+ enable
    aaa authorization exec default group tacacs+
    aaa authorization commands 15 default group tacacs+ if-authenticated
    ip http authentication aaa
    ip http server

    -Scott
     
    Scott, Sep 10, 2004
    #3
  4. MarcelM

    MarcelM Guest

    Hi Robert,

    Yes i have tested with both 3500&2950 Serie switches.
    the 3500 is running c3500xl-c3h2s-mz.120-5.WC7.bin.
    I just opened a CCO case at Cisco, will see if they can help me :)
     
    MarcelM, Sep 10, 2004
    #4
  5. MarcelM

    MarcelM Guest

    Hi Scott

    I have it setup like you mentioned, except i do not have the third line
    but even if i add that it doesn't work :(
    Have opened a case at cisco, hope they can advice me more.
     
    MarcelM, Sep 10, 2004
    #5
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.