07-22-2008 10:58 AM - edited 03-10-2019 03:59 PM
I have "ip tacacs source-interface Vlan1 " in my config because without it enabled I cant ssh in with tacacs. However, with that line in the config, I cant access via https unless I have the line "ip http authentication local"
07-23-2008 05:01 AM
For http access , the user should have privilege level 15. This is how you enable it on acs.
Bring users/groups in at level 15
1. Go to user or group setup in ACS
2. Drop down to "TACACS+ Settings"
3. Place a check in "Shell (Exec)"
4. Place a check in "Privilege level" and enter "15" in the adjacent field
Regards,
~JG
Do rate helpful posts
07-23-2008 07:19 AM
This is NOT the problem. All other switches except for the 10 we have to put the "ip tacacs source-interface Vlan1" work just fine when accessed via https using tacacs.
07-23-2008 01:30 PM
Then this is something you should have included in your first port.
Thanks for using rating system.
07-23-2008 02:02 PM
One small query, suppose you don't have the "ip http authentication local" statement in your config ... now when you try to login via HTTP, do you see any logs ( failed attempts or successfull) on the ACS server ?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide