Wired Intelligent Edge

 View Only
last person joined: yesterday 

Bring performance and reliability to your network with the HPE Aruba Networking Core, Aggregation, and Access layer switches. Discuss the latest features and functionality of your switching devices, and find ways to improve security across your network to bring together a mobile-first solution
Back to discussions
Expand all | Collapse all

Unable to log into WebUI with TACACs

This thread has been viewed 13 times

  • 1.  Unable to log into WebUI with TACACs

    Posted Jun 01, 2023 02:46 PM

    Hello all, 

    I am looking to log into the webui of a switch when enabling tacacs. However I get the following error message:

    Below is the configuration I have to TACACs on that device:
    aaa group server tacacs Clearpass
        server [server1]
        server [server2]
    aaa authentication login default group Clearpass local
    aaa authentication login ssh group Clearpass local
    aaa authentication login console group Clearpass local
    aaa authentication login https-server group Clearpass local
    aaa authorization commands default group Clearpass local
    aaa authorization commands ssh group Clearpass local
    aaa authorization commands console group Clearpass local
    aaa accounting all-mgmt default start-stop group Clearpass local
    aaa accounting all-mgmt ssh start-stop group Clearpass local
    aaa accounting all-mgmt console start-stop group Clearpass local
    aaa accounting all-mgmt https-server start-stop group Clearpass local

    https-server vrf mgmt

    ip source-interface tacacs [mgmt interface ip]



  • 2.  RE: Unable to log into WebUI with TACACs

    MVP EXPERT
    Posted Jun 02, 2023 10:45 AM

    Personally i don't prefer the webgui and use cli only. Here is my tacacs template but is without webgui access.

    Maybe you can simple add the https-server line, but not sure if the clearpass enforcement policy is exactly the same for webgui or something else is missing.

    tacacs-server host 10.34.0.118 key secret
tacacs-server host 10.34.0.119 key secret
tacacs-server timeout 5
aaa authentication login privilege-mode

###SSH###
aaa authentication ssh login tacacs local
aaa authentication ssh enable tacacs local

###TELNET###
aaa authentication telnet login tacacs local
aaa authentication telnet enable tacacs local

###CONSOLE###
aaa authentication console login tacacs local
aaa authentication console enable tacacs local

aaa authorization commands auto

no web-management management-url
no telnet-server


    ------------------------------
    Marcel Koedijk | MVP Expert 2023 | ACEP | ACMP | ACCP | ACDP | Ekahau ECSE | Not an HPE Employee | Opinions are my own
    ------------------------------

    Original Message


  • 3.  RE: Unable to log into WebUI with TACACs

    Posted Jun 02, 2023 11:18 AM

    Add "https-server vrf default"

    This worked for me.


    Original Message


  • 4.  RE: Unable to log into WebUI with TACACs

    MVP EXPERT
    Posted Jun 02, 2023 11:57 AM

    vrf default is for in-band management (IP at a (vlan) interface.

    vrf mgmt is for out-of-band management (dedicated management interface on your CX switch).



    ------------------------------
    Marcel Koedijk | MVP Expert 2023 | ACEP | ACMP | ACCP | ACDP | Ekahau ECSE | Not an HPE Employee | Opinions are my own
    ------------------------------

    Original Message