cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
213
Views
5
Helpful
2
Replies
npritchett
Beginner

Can't authenticate to HTTP after 12.3(4)JA upgrade

I have a collection of Aironet 1200's with IOS 12.2 that are configured to use TACACS+ for HTTP authentication.

After upgrading to 12.3(4)JA I can no longer authenticate to the HTTP server. Telnet and SSH still work normally.

Any suggestions?

1 ACCEPTED SOLUTION

Accepted Solutions
sstudsdahl
Enthusiast

What method of authentication are you using for your console connection? Cisco changed the way that HTTP authentication works in the 12.3 version of IOS. In 12.2, the login method applied to your VTY lines, was also used for the HTTP authentication method. In 12.3, the authentication method is the same as is applied to your "line con 0" configuration. If you are just using a password configured under the "line con 0", you will need to replace the login method that uses the TACACS+ authentication methods in order to get TACACS+ to work for the HTTP.

HTH

Steve

View solution in original post

2 REPLIES 2
sstudsdahl
Enthusiast

What method of authentication are you using for your console connection? Cisco changed the way that HTTP authentication works in the 12.3 version of IOS. In 12.2, the login method applied to your VTY lines, was also used for the HTTP authentication method. In 12.3, the authentication method is the same as is applied to your "line con 0" configuration. If you are just using a password configured under the "line con 0", you will need to replace the login method that uses the TACACS+ authentication methods in order to get TACACS+ to work for the HTTP.

HTH

Steve

View solution in original post

Okay, I see. I use the same authentication method, TACACS+, for both...

aaa authentication login RemoteAdmin group tacacs+ local

ip http server

ip http authentication aaa

line vty 0 4

login authentication RemoteAdmin

password 7 {.....}

So now I need to do thus with my http authentication statement...

ip http authentication aaa login-authentication RemoteAdmin

That seems to do the trick. Thank you.

Create
Recognize Your Peers
Content for Community-Ad