02-19-2015 05:57 AM - edited 03-10-2019 10:28 PM
I have a tacacs+ server configured (tac_plus freeware). I have an AP configured to use tacacs+ then local as the default authentication method. Username/password authentication works fine at the SSH/vty and Console login prompts. However, it fails when trying to access the web interface. When trying to access http://[access point ip]/ it prompts for a login:
The server [ap ip] is asking for your username and password. The server reports that it is from Level_15_access.
If I put in my tacacs credentails, the authentication prompt just pops up again.
If I add ip http authentication aaa login-authentication [name of authentication list], it will permit access. I was under the impression that I shouldn't need to add this if tacacs is configured as the default authentication method.
Current Config:
aaa new-model ! ! aaa authentication login default group tacacs+ local aaa authentication login TACAL group tacacs+ local aaa authorization exec default group tacacs+ local aaa authorization commands 15 default group tacacs+ local aaa accounting commands 15 default start-stop group tacacs+ aaa session-id common
tacacs-server host [tacacs+ server IP] key 7 [password] tacacs-server directed-request
ip http server ip http authentication aaa login-authentication TACAL ip http secure-server ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag !
Solved! Go to Solution.
02-19-2015 05:41 PM
It has been a while since I have done AAA on the HTTP part of a switch. However, looking at my notes i only used:
ip http authentication aaa
Basically without specifying the method. Give that a try and let me know if it works. If it doesn't do a debug on tacacs authentications and post the output here.
Thank you for rating helpful posts!
02-19-2015 05:41 PM
It has been a while since I have done AAA on the HTTP part of a switch. However, looking at my notes i only used:
ip http authentication aaa
Basically without specifying the method. Give that a try and let me know if it works. If it doesn't do a debug on tacacs authentications and post the output here.
Thank you for rating helpful posts!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide