Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
376
Views
0
Helpful
1
Replies

IOS Access Point Bombards TACACS+ Server with Requests

ganeshp
Level 1
Level 1

‎02-18-2005 02:07 AM - edited ‎07-04-2021 10:28 AM

Problem: When using the web GUI to manage an IOS access point such as the AP350, AP1100, or AP1200, and when using TACACS+ to authenticate the HTTP accesses, the access point will send numerous authentication requests to the TACACS+ server for each web page accessed.

Workaround given by cisco was to use single-connection tacacs server.

My question:

How to implement this command? Is it as below

"tacacs-server host x.x.x.x single-connection port 49 key test".

I've tried using this command but still getting numerous authentication request.

Any help?

regards,

Ganesh

Labels:
0 Helpful
1 Reply 1

gwcrook
Level 1
Level 1

‎02-20-2005 02:44 AM

We experienced similar problems. We were instructed to use local authentication at the current time. Something about HTTP requiring authentication for each part of the page that accesses data. The configuration line is:

ip http authentication local

The single connection did not help. We were also advised that if we required ACS HTTP authentication to use RADIUS because it scaled better than TACACS and would not be as impacted as TACACS. If neither of these are an option, another workaround is to, disable logging "passed authentications". We tested this and it prevented our ACS server from pegging the cpu, memory and I/O write queues. We opted for local authentication because the lack of "passed authentication" logs impacted our troubleshooting.

Good Luck

Gerry

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card