cancel
Showing results for 
Search instead for 
Did you mean: 

TACACS

 
Jeff-the-Dude
Occasional Contributor

TACACS

I have some Aruba 5412R switches deployed and I have successfully configured aaa authentication through our RADIUS server for TACACS access. However, whenever someone logs into the web access, it only allows that person in as an operator, not as a manager, thus prohibiting any changes via the web interface....we like to use this feature for the CLI-challenged, change a vlan, modify a port description, etc.  There must be some command(s) I am missing,,,please help.

5 REPLIES 5
racowi
Frequent Advisor

Re: TACACS

Did you tried "aaa authentication web login radius" command?

Re: TACACS

Hi,

can you share your configuration?

Accept or Kudo

Jeff-the-Dude
Occasional Contributor

Re: TACACS

This is what I have configured...(sorry...I haven't gotten back as soon as I wanted, but other projects have taken precedence).  Now, the web login screen comes up, but no one, including myself, can even login via the web interface, with RADIUS credentials nor the original manager username and password that I originally configured.  After I enter credentials, it gives the appearance that it logs in, but then loops back to the login screen.  CLI ssh access, however, works flawlessly.  

 

radius-server host XXX.XX.X.XXX key "XXXXXXXXXXX"

tacacs-server host XXX.XX.X.XXX key "XXXXXXXXXXX"
no telnet-server

aaa accounting update periodic 10
aaa accounting commands interim-update tacacs
aaa accounting exec start-stop tacacs
aaa accounting system start-stop tacacs
aaa authentication login privilege-mode
aaa authentication web login radius
aaa authentication ssh login tacacs
aaa authentication ssh enable tacacs

Jeff-the-Dude
Occasional Contributor

Re: TACACS

Upon further review, it may only be the fact that we need to add a policy to CPPM...when that person (not all of us have access) comes back from his vacation, I will give that a shot.  But thanks for your input...

Jeff-the-Dude
Occasional Contributor

Re: TACACS

So...this what I currently have configured on one of my Aruba 5412R ZL2 switches.  I have configured/modified the 'manager' account with a password for console access.  I used to (but can not anymore) be able to log in via the web...I prefer CLI, some of the upper management are CLI-challenged...

I can ssh into any of the two dozen zl2 switches (eventually will be about 150) that I have deployed utilizing TACACS access/credentials, which is bounced off our Active Directory...it seems that the--

aaa authentication web login radius
aaa authentication web enable radius

--commands have prohibited me from logging in to the switch via the web altogether.

radius-server host xxx.xx.x.xx key "shared key"
tacacs-server host xxx.xx.x.xxx key "shared key"
no telnet-server
aaa accounting update periodic 10
aaa accounting commands interim-update tacacs
aaa accounting exec start-stop tacacs
aaa accounting system start-stop tacacs

aaa authentication web login radius
aaa authentication web enable radius

aaa authentication login privilege-mode
aaa authentication ssh login tacacs
aaa authentication ssh enable tacacs