Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
745
Views
0
Helpful
2
Replies

:: Admin Access in Aironet through ACS ::

alahmadi_sami
Level 1
Level 1

‎12-19-2004 05:40 AM - edited ‎03-10-2019 01:56 PM

Hi,

I have more than 100 Cisco APs (350, & 1200) all of them are IOS AP. I configured the Admin Access to the APs through the ACS 3.3.1 with TACACS+ mapped to AD. What's happening is:

Admin users can login to the APs through CL (Command Line) BUT they can't login through the GUI "Web Interface". In booth cases, the ACS shows the admin users had Passed Authentication.

How can I enable the authentication from admin users through ACS in Web Interface & Command line at the same time?

Thanks

Labels:
0 Helpful
2 Replies 2

paddyxdoyle
Level 6
Level 6

‎12-21-2004 03:51 AM

Hi,

It looks like a bug, i've just tried this using RADIUS authentication against our ACS server and indeed my access request is accepted by the ACS server however i am presented with "The page cannot be displayed" in my browser window.

Dec 21 11:48:05.082: RADIUS: User-Name [1] 9 "pjdoyle"

Dec 21 11:48:05.082: RADIUS: Calling-Station-Id [31] 15 "*.*.*.*"

Dec 21 11:48:05.082: RADIUS: User-Password [2] 18 *

Dec 21 11:48:05.090: RADIUS: Received from id 21843/144 192.168.74.12:1645, Acce

ss-Accept, len 62

This was tested on an AP350 running c350-k9w7-mx.122-15.JA

Rgds

PD

0 Helpful

paddyxdoyle
Level 6
Level 6
In response to paddyxdoyle

‎12-21-2004 04:39 AM

Actually, i've just got it to work!

You also need to configure on your AP:

"aaa authorization exec default group radius"

If you do "debug ip http authentication" you should now see similar to:

Dec 21 12:37:31.284: HTTP: Authentication for url '/' '/' level 1 privless '/'

Dec 21 12:37:31.284: HTTP: Authentication username = 'pjdoyle' priv-level = 1 au

th-type = aaa

Dec 21 12:37:33.061: setting privlevel to 1

Dec 21 12:37:33.061: HTTP: Authentication for url '/config.js' '/config.js' leve

l 1 privless '/config.js'

Dec 21 12:37:33.061: HTTP: Authentication username = 'pjdoyle' priv-level = 1 au

th-type = aaa

Dec 21 12:37:33.285: setting privlevel to 1

Dec 21 12:37:33.285: HTTP: Authentication for url '/appsui.js' '/appsui.js' leve

l 1 privless '/appsui.js'

Dec 21 12:37:33.285: HTTP: Authentication username = 'pjdoyle' priv-level = 1 au

th-type = aaa

Dec 21 12:37:33.445: setting privlevel to 1

Dec 21 12:37:33.445: HTTP: Authentication for url '/sitewide.js' '/sitewide.js'

level 1 privless '/sitewide.js'

Dec 21 12:37:33.445: HTTP: Authentication username = 'pjdoyle' priv-level = 1 au

th-type = aaa

Dec 21 12:37:33.717: setting privlevel to 1

Dec 21 12:37:33.717: HTTP: Authentication for url '/images/sitewide_print_off.gi

f' '/images/sitewide_print_off.gif' level 1 privless '/images/sitewide_print_of

f.gif'

Wheras before i added the "aaa authorization line" i was seeing:

Dec 21 12:36:47.500: setting privlevel to 1

Dec 21 12:36:47.500: HTTP: Authentication for url '/' '/' level 1 privless '/'

Dec 21 12:36:47.500: HTTP: Authentication username = 'pjdoyle' priv-level = 1 au

th-type = aaa

Dec 21 12:36:47.512: HTTP: Authentication failed

Better go and do some work now :)

Paddy

0 Helpful
Customers Also Viewed These Support Documents