I'm tryng to access CMS of a Cisco 3550 SMI IOS 12.1(11)EA1 with this aaa configuration:

aaa new-model

aaa authentication login login-pwd group tacacs+ enable

aaa authentication enable default group tacacs+ enable

aaa accounting exec accounting start-stop group tacacs+

aaa accounting commands 15 accounting start-stop group tacacs+

aaa accounting system default start-stop group tacacs+

tacacs-server host <A.B.C.D>

tacacs-server attempts 5

tacacs-server timeout 10

tacacs-server key <********>

line vty 0 4

accounting commands 15 accounting

accounting exec accounting

login authentication login-pwd

ip http server

ip http authentication aaa

If i use tacacs+ to access the switch via vty 0 4 i use the username and password (privilege level = 15) configured in ACS 3.0 with no problem (sh tacacs confirms this). But if use the same username and password (or the password only) to access the web console of the switch it doesn't work:

AUTHORIZATION REQUIRED

Browser not authentication capable or authentication failed.

The browser is ie 6.0 sp1 jre plug-in is 1.31, switch ip address is in trusted sites all java is enabled (everything is configured as reported in the document troubleshooting CMS).

If i remove aaa (no aaa new model) and set ip http authentication enable i can access the web console using the enable password with no problem (i also tried netscape 7.0 but with no results).

I do not use any proxy.

I'm getting crazy (very close to open a TAC)