06-20-2022 07:04 AM
I have a 2960x switch that I have setup for Radius login with Duo security. When logging into the console or any other means no problem, I login, two factor authenticate and its in; however, when I try to log into the webUI , I type in any registered username/password, receive the Duo response showing a successful login and then am immediately taken back to the login. I have tried removing the two factor with the same results. Tried changing from radius to local login, created an internal username/password, same results. The switch will accept the user information and show it in the running config, but no matter what, it just loops back to the login screen. The only way to login to the webUI is to use the secret with no username. That however creates a security risk due to it automatically logging in with the highest privilege. It also does not work with Duo and in our industry multi factor authentication is required by law on all administrator accounts. I have attached my running config for reference as well. Thank you.
06-20-2022 07:17 AM
Hi
If you use:
ip http authentication local
When try with local username and pass, does not work?
06-20-2022 07:34 AM
It does not work with the local username/password, but will work using no username with the secret.
06-21-2022 01:50 AM
Would you post the output of
ip http authentication ?
What is the result if you remove
ip http authentication aaa
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide