cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
744
Views
0
Helpful
3
Replies

LMS ACS integration issue

dinfantino
Level 1
Level 1

https://www.cisco.com/en/US/prod/collateral/netmgtsw/ps6504/ps6528/ps2425/prod_white_paper0900aecd80613f62.html#wp9000132

Using the guide for LMS/ACS4.1 integration, I have added a new user in ACS for LMS system identity setup; mirroring the existing system identity for our old CW (CW1) server (don't know the password for the old account, so mirroring was my best option).  I have added the new Ciscoworks server (CW2) as a AAA client and for the remote agent service in ACS.  Everything that exists for CW1, now appears identical for CW2.

  In CW2, I am attempting to change from Non-ACS mode to ACS mode; configuring the IP & port of ACS, and using the administrator account for ACS and the shared key thats clearly being used for almost all devices.  It seems as though login info is used properly, however I cannot achieve integration during this step because the following screen shows the progress failing ( I have quadruple checked my ACS setup and restarted the service a handful of times, even rebooted the ACS and CW2 systems yesterday):

Tacacs+ Connectivity        | Reachable

HHTP/HTTPS Connectivity | Reachable

AAA Client                       | Not configured

Secret Key Verification      | Not applicable

System Identity User         | Not Applicable

3 Replies 3

Joe Clarke
Cisco Employee
Cisco Employee

How have you added the LMS server to ACS?  Did you restart ACS?  Is the LMS server multi-homed?  How many TCP ports do you have open for administration on the ACS server?

LMS has been added to ACS as an AAA client and for Remote Agent services, using proper IP and settings.  LMS is NOT multi-homed. ACS service was restarted and the actual device was rebooted yesterday, which did not correct the problem. Not sure how to figure out how many ports are open for administration.  2002 is used for web access, and i thought 49 is used for TACACS communication.  Maybe this issue is just not intuitive in failing at AAA client "not configured" ??????? The configuration is the same as an exisitng, working CW/LMS server.

The only thing this error can mean is that the LMS server is not an AAA client, or ACS ran out of TCP ports when LMS tried to contact it.  If another server works, the TCP ports are probably not the issue.  You might try checking you ACS logs to see if there are any errors, or try sniffing on all TCP traffic between the ACS server and the LMS server when trying to test integration (assuming you're not using HTTPS on ACS, this may show the problem).

Review Cisco Networking for a $25 gift card