Resolution

In order to configure HTTP access to switch, this configuration is required on switch with Cisco IOS  Software Release 12.2(37)SE:

      tacacs-server host key
   ip tacacs source-interface vlan

   aaa cache profile admin_cache
   all

   aaa group server tacacs+ tac_admin
   server
   cache expiry 1
   cache authorization profile admin_cache
   cache authentication profile admin_cache

   ip http server
   ip http authentication aaa

   aaa authentication login CON-HTTP cache tac_admin group tac_admin local
   aaa authorization exec CON-HTTP cache tac_admin group tac_admin local

   line con 0
   login authentication CON-HTTP
   authorization exec CON-HTTP

For Cisco IOS Software Release 12.2(25r)SE1, refer to these commands:

    tacacs-server host key
  ip tacacs source-interface vlan

  aaa group server tacacs+ tac_admin
  server

  ip http server
  ip http authentication aaa

  aaa authentication login CON-HTTP cache tac_admin group tac_admin local
  aaa authorization exec CON-HTTP cache tac_admin group tac_admin local

  line con 0
  login authentication CON-HTTP
  authorization exec CON-HTTP

Note: On ACS, make sure that under Group user Shell(exec) is checked, Privilege Level is checked, and that value is 15.

Also check if the TACACS+ server Configuration is present. If TACACS+ server Configuration is not present configure the same.

If the authentication failed with TACACS+, then it will try to authenticate with local database. This kind of authentication will give priviledge level 1.

For more information on TACACS+ server Configuration, refer to | Identifying the TACACS+ Server Host and Setting the Authentication Key

For more information on configuring a priviledge level, refer to | Setting the Privilege Level for a Command