1. Home
  2. Cisco Systems
  3. HTTP access and AAA.

HTTP access and AAA.

Hi all,

i'm trying to control access to the webserver of the router using aaa model. My tentative are not successful.

The configuration is

! version 12.4 no service pad service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Router ! boot-start-marker boot-end-marker ! aaa new-model ! aaa authentication login default local aaa authorization auth-proxy default local ! aaa session-id common ! resource policy ! ip subnet-zero ip cef ! ip auth-proxy inactivity-timer 10 ip auth-proxy name MIA http inactivity-time 10 ip admission inactivity-timer 10 ! username a privilege 15 password 0 a ! interface ATM0 no ip address shutdown no atm ilmi-keepalive dsl operating-mode auto ! interface FastEthernet0 ! interface FastEthernet1 ! interface FastEthernet2 ! interface FastEthernet3 ! interface Vlan1 ip address 192.168.31.203 255.255.255.0 ip auth-proxy MIA ! ip classless ! ! ip http server ip http authentication aaa no ip http secure-server ! ! ! control-plane ! ! line con 0 no modem enable line aux 0 line vty 0 4 ! scheduler max-task-time 5000 end

- - - - - - - - - - - -

and i obtain the following messages:

Router#

*Mar 3 18:34:57.804: HTTP AAA picking up console Login-Authentication List name: default *Mar 3 18:34:57.804: HTTP AAA picking up console Exec-Authorization List name: default *Mar 3 18:34:57.804: AAA/AUTHEN/LOGIN (00000000): Pick method list 'default' *Mar 3 18:34:57.804: AAA/IPC(00000000): Sending authen/author message to AAA server pid 69 *Mar 3 18:34:57.804: AAA/LOCAL/LOGIN(00000000): check username/password *Mar 3 18:34:57.804: AAA/AUTHOR (00000000): Method list id=0 not configured. Skip author *Mar 3 18:34:57.804: HTTP: Authentication failed for level 15

having these debugs enabled

Router#sh deb General OS: AAA Authentication debugging is on AAA Authorization debugging is on AAA Administrative debugging is on AAA IPC Manager debugs debugging is on AAA Local debugs debugging is on HTTP Server: HTTP Server Authentication debugging is on Router#

Where am I wrong?

TIA

Alex.

Reply to
AM
Loading thread data ...

router(config)#ip http authentication ? aaa Use AAA access control methods enable Use enable passwords local Use local username and passwords tacacs Use tacacs to authorize user

name: default

server pid 69

Skip author

Reply to
john smith

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.