Solved: Re: Can't authenticate to HTTP after 12.3(4)JA upgrade

npritchett · ‎04-27-2005

I have a collection of Aironet 1200's with IOS 12.2 that are configured to use TACACS+ for HTTP authentication.

After upgrading to 12.3(4)JA I can no longer authenticate to the HTTP server. Telnet and SSH still work normally.

Any suggestions?

sstudsdahl · ‎04-28-2005

What method of authentication are you using for your console connection? Cisco changed the way that HTTP authentication works in the 12.3 version of IOS. In 12.2, the login method applied to your VTY lines, was also used for the HTTP authentication method. In 12.3, the authentication method is the same as is applied to your "line con 0" configuration. If you are just using a password configured under the "line con 0", you will need to replace the login method that uses the TACACS+ authentication methods in order to get TACACS+ to work for the HTTP.

HTH

Steve

View solution in original post

sstudsdahl · ‎04-28-2005

What method of authentication are you using for your console connection? Cisco changed the way that HTTP authentication works in the 12.3 version of IOS. In 12.2, the login method applied to your VTY lines, was also used for the HTTP authentication method. In 12.3, the authentication method is the same as is applied to your "line con 0" configuration. If you are just using a password configured under the "line con 0", you will need to replace the login method that uses the TACACS+ authentication methods in order to get TACACS+ to work for the HTTP.

HTH

Steve

npritchett · ‎04-28-2005

Okay, I see. I use the same authentication method, TACACS+, for both...

aaa authentication login RemoteAdmin group tacacs+ local

ip http server

ip http authentication aaa

line vty 0 4

login authentication RemoteAdmin

password 7 {.....}

So now I need to do thus with my http authentication statement...

ip http authentication aaa login-authentication RemoteAdmin

That seems to do the trick. Thank you.