Experts,
My switches are able to successfully authenticate user access against ACS 5.1 via SSH with TACACS+, but I am not able to authenticate via HTTPS with TACACS+. I don't even get a log in ACS when attempting to authenticate via HTTPS.
Here is my AAA config, followed by a debug:
aaa new-model
aaa authentication login ACCESS group tacacs+ local
aaa authorization console
aaa authorization config-commands
aaa authorization exec ACCESS group tacacs+
aaa authorization commands 1 Priv1 group tacacs+ none
aaa authorization commands 15 Priv15 group tacacs+ none
aaa authorization network ACCESS group tacacs+
aaa accounting exec ACCESS start-stop group tacacs+
aaa accounting commands 0 ACCESS start-stop group tacacs+
aaa accounting commands 1 ACCESS start-stop group tacacs+
aaa accounting commands 15 ACCESS start-stop group tacacs+
aaa session-id common
ip http authentication aaa login-authentication ACCESS
ip http authentication aaa exec-authorization ACCESS
ip http authentication aaa command-authorization 1 Priv1
ip http authentication aaa command-authorization 15 Priv15
ip http secure-server
no ip http server
tacacs-server host X.X.X.X key 7
tacacs-server timeout 3
tacacs-server directed-request
Debug:
47w4d: HTTP AAA Login-Authentication List name: ACCESS
47w4d: HTTP AAA Exec-Authorization List name: ACCESS
47w4d: HTTP: Authentication failed for level 15
Shell authorization profiles are working in ACS when SSHing to devices (Priv1 and Priv15), and I can't figure out why its not working for HTTPS.
Any ideas?
