Topology services issue with ACS 4.0

Unanswered Question
Mar 26th, 2007
User Badges:

Hi,

I have a display problem since I have configured the LMS 2.6 to authenticate with ACS 4.0 I can't access the topology map, path analysis, VLAN Port Assignment, i have the following errors message "Your session has either timed out or you are not authorized to access this page." ????


I have all the necessary rights (all the roles) onto the ACS as explain futher in this forum.


Brgds

Olivier





  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
frankzehrer Mon, 03/26/2007 - 06:06
User Badges:
  • Silver, 250 points or more

Hi Olivier,


do you have NDGs (Network Device Groups) configured within the ACS?

And is it possible that some of the devices in the topology map are in different NDGs with different rights within the Campus Manager?

If yes: This is not supported for Topology View. It is not possible to show only some devices of the whole bunch!!


You have to insert all Devices into one Group again (or disable the NDG Feature) and it will work fine!!

I have tested this behaviour in LMS 2.5.1 SP5 and had a short check with LMS 2.6. It will not work!!


Best regards,

Frank

Joe Clarke Mon, 03/26/2007 - 09:18
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

This is a known bug: CSCsg00563. A patch is available by contacting the TAC. The workaround is as follows:


In ACS, under Network Configuration, remove all hostnames for the CiscoWorks server in the IP Address textarea, then add an entry for each of the CiscoWorks server's IP addresses. Submit change, and restart the ACS server. Then re-login to CiscoWorks.

frankzehrer Mon, 03/26/2007 - 21:59
User Badges:
  • Silver, 250 points or more

Hi Joe,


just one question left:

Is it then possible to work with NDGs within the Campus Manager??

Why i am asking:

I had to devide the network into two partitions: One not accessible for some users and the one with all devices accessible for some admins.

This did not worked! Was this behaviour related to this bug??


And just another:

;-)

Will the Topology View ever be client capeable?? Some costumers asked me if the Topology View is customizable for several clients.


Many thanks for your help so far.


best regards,

Frank

Joe Clarke Mon, 03/26/2007 - 22:11
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

Topology Services works just fine with NDGs. You may have been hitting this bug or another one I found, but given a properly configured ACS server, you can restrict certain users to certain devices in Campus Manager.


I don't understand the second question. You can customize the views, then save the layouts. Those layouts are saved in XML format, and can be shared across multiple users.

frankzehrer Mon, 03/26/2007 - 22:55
User Badges:
  • Silver, 250 points or more

HI Joe,


many thanks for your answer. Can you give me the Bug-ID of the mentioned other Bug you have found??


To my second question:

I should give more detailes (For more details see Case ID 603890723)

My costumer wanted to setup different views in Campus Manager (LMS2.5.1 SP4)Topology Services.

The views shall differ e.g in the seen network devices.

Example:

A Network has 6 devices: A, B, C, D, E and F.

And there are two Users: User A and User B.

User A should be setup to see only devices A, B, C and User B should see only

D, E, F.

User A should not be able to see the defices of User B and vice versa.


The view should depend on the user authentication and user A?s view should differ from user B?s view.


To yoour answer:

You can customize the views, then save the layouts. Those layouts are saved in XML format, and can be shared across multiple users.


Is it possible to restrict the saved views to be viewed only by user A and not B??


Many thanks


Frank

Joe Clarke Tue, 03/27/2007 - 09:03
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

See my other reply for the bug ID. It sounds like what you want is NDGs. This is how integration with ACS using NDGs works. That said, OGS groups will be visible to all users. However, only the group NAMES will be visible. That is, if user A creates a group called User A Devices, User B will see that the group User A Devices exists (if the group is public), but if they try to view the contents they will not see any devices.


As for saved views, by default they are per-user only, so user A would not be able to see user B's views (not that it mattered since user A doesn't have any access to user B's devices).

ogor Tue, 03/27/2007 - 04:14
User Badges:

Dear all,


Sorry but in ACS the LMS server is configured with IP address only ????


I also have noticed that I have no devices (ie : in the syslog generator reports)


Brgds

Olivier

Joe Clarke Tue, 03/27/2007 - 08:59
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

Then you may be hitting my other bug, CSCsh89486. At this point, I recommend you open a TAC service request as both patches can be provided. If this does prove to be something other than these two bugs, ACS integration debugging can be tricky, and working directly with the TAC is a good idea.

Actions

This Discussion