ISW Radius over Http/https

  • 0
  • 1
  • Question
  • Updated 3 weeks ago
  • Answered
Community,

I configured the switch for Radius over ssh and telnet. However, when I setup the switch for to use radius over http/https I get the following error:

Insufficient Privilege Level

The web page is non-accessible. Please use the valid privilege level.

The ssh and telnet work fine but not sure how to configure the privilege level for http/https use since my user account is already priv 15.

Thanks,

-Joe
Photo of Technolust

Technolust

  • 110 Points 100 badge 2x thumb

Posted 4 weeks ago

  • 0
  • 1
Photo of roxanne moonsamy

roxanne moonsamy

  • 180 Points 100 badge 2x thumb
Hi Joe,

Cisco IOS Software with the HTTP V1.1 Server

In releases of Cisco IOS Software with the HTTP V1.1 server, the HTTP sessions do not use vtys. They use sockets.

HTTP V1.1 Server - Before Cisco Bug ID CSCeb82510

Before the integration of Cisco bug ID CSCeb82510 (registered customers only) in Cisco IOS Software Releases 12.3(7.3) and 12.3(7.3)T, the HTTP V1.1 server has to use the same authentication and authorization method that is configured for the console.

ip http server
!
aaa new-model
aaa authentication login CONSOLEandHTTP radius local
aaa authorization exec CONSOLEandHTTP radius local
!
ip http authentication aaa
!
line con 0
 login authentication CONSOLEandHTTP
 authorization exec CONSOLEandHTTP
HTTP V1.1 Server - After Cisco Bug ID CSCeb82510

With the integration of Cisco bug ID CSCeb82510 (registered customers only) in Cisco IOS Software Releases 12.3(7.3) and 12.3(7.3)T, the HTTP server can use independent authentication and authorization methods of its own, with new keywords in the ip http authentication aaa command. The new keywords are:

router(config)#ip http authentication aaa command-authorization listname

router(config)#ip http authentication aaa exec-authorization listname

router(config)#ip http authentication aaa login-authentication listname

This is example output:

ip http server
!
aaa new-model
aaa authentication login HTTPonly radius local
aaa authorization exec HTTPonly radius local
!
ip http authentication aaa
ip http authentication aaa exec-authorization HTTPonly
ip http authentication aaa login-authentication HTTPonly
Debug

Issue these debug commands in order to troubleshoot problems with HTTP authentication/authorization:

debug ip tcp transactions
debug modem 

!--- If you use the HTTP 1.0 server.

debug ip http authentication
debug aaa authentication
debug aaa authorization 
debug radius 

Photo of Technolust

Technolust

  • 110 Points 100 badge 2x thumb
Thanks Roxanne, I'm not sure if this will fix the issue on the Extreme switch though. Unless you are referring to configuring the uplink switch for this. I do have the extreme switch connected to a CISCO 2960.

-Joe