cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Join Customer Connection to register!
385
Views
0
Helpful
0
Replies
lcnorwood
Beginner

AAA authentication for http management

I have a few switches that aren't able to use AAA/Radius authentication to log into the  HTTP/HTTPS management of my switches.   Others are able to

The switches that work are on: 122-50.SE3

The switches that don't work are on:122-58.SE1

All switches can use AAA to login via telnet.

AAA Code on the old switches:

aaa new-model

aaa group server radius RadiusServers

server 10.150.1.13 auth-port 1812 acct-port 1813

server 10.150.1.12 auth-port 1812 acct-port 1813

aaa authentication login AuthGroup group RadiusServers local

aaa authorization exec default group RadiusServers if-authenticated local

aaa accounting connection AuthGroup start-stop group RadiusServers

line vty 0 4

login authentication AuthGroup

ip http server

ip http authentication aaa login-authentication AuthGroup

ip http authentication aaa exec-authorization AuthGroup

AAA Code on the new switches:

aaa new-model

aaa group server radius RadiusServers

server 10.150.1.13 auth-port 1812 acct-port 1813

server 10.150.1.12 auth-port 1812 acct-port 1813

aaa authentication login AuthGroup group RadiusServers local

aaa authorization exec default group RadiusServers if-authenticated

aaa accounting connection AuthGroup start-stop group RadiusServers

line vty 0 4

login authentication AuthGroup

ip http server

ip http authentication aaa login-authentication AuthGroup

ip http authentication aaa exec-authorization AuthGroup

The  aaa authorization exec default group RadiusServers if-authenticated  command on the newer ios has the local option depricated from it.

Struggling a little with this one.   Any help would be greatly appreciated.

0 REPLIES 0