02-19-2010 06:48 AM
Using the guide for LMS/ACS4.1 integration, I have added a new user in ACS for LMS system identity setup; mirroring the existing system identity for our old CW (CW1) server (don't know the password for the old account, so mirroring was my best option). I have added the new Ciscoworks server (CW2) as a AAA client and for the remote agent service in ACS. Everything that exists for CW1, now appears identical for CW2.
In CW2, I am attempting to change from Non-ACS mode to ACS mode; configuring the IP & port of ACS, and using the administrator account for ACS and the shared key thats clearly being used for almost all devices. It seems as though login info is used properly, however I cannot achieve integration during this step because the following screen shows the progress failing ( I have quadruple checked my ACS setup and restarted the service a handful of times, even rebooted the ACS and CW2 systems yesterday):
Tacacs+ Connectivity | Reachable
HHTP/HTTPS Connectivity | Reachable
AAA Client | Not configured
Secret Key Verification | Not applicable
System Identity User | Not Applicable
02-19-2010 07:53 AM
How have you added the LMS server to ACS? Did you restart ACS? Is the LMS server multi-homed? How many TCP ports do you have open for administration on the ACS server?
02-19-2010 08:00 AM
LMS has been added to ACS as an AAA client and for Remote Agent services, using proper IP and settings. LMS is NOT multi-homed. ACS service was restarted and the actual device was rebooted yesterday, which did not correct the problem. Not sure how to figure out how many ports are open for administration. 2002 is used for web access, and i thought 49 is used for TACACS communication. Maybe this issue is just not intuitive in failing at AAA client "not configured" ??????? The configuration is the same as an exisitng, working CW/LMS server.
02-19-2010 09:59 AM
The only thing this error can mean is that the LMS server is not an AAA client, or ACS ran out of TCP ports when LMS tried to contact it. If another server works, the TCP ports are probably not the issue. You might try checking you ACS logs to see if there are any errors, or try sniffing on all TCP traffic between the ACS server and the LMS server when trying to test integration (assuming you're not using HTTPS on ACS, this may show the problem).
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide