ACS intergration with LMS

Unanswered Question
Aug 8th, 2007
User Badges:

Hi,

My client needs to integrate the LMS with the ACS 3.2. I checked the ACS option on the AAA Mode Setup.But it requires the Admin ACS credentials in Cisco works AAA-ACS mode.My client is concern why its not asking for the same in the NON ACS TACAC+.

1.I want to know what is the difference between the NON ACS TACAC+ and the ACS mode.

2.Which one should i choose for the integration with ACS3.2

3.What is the use of Admin ACS credentials in ACS mode.He is bit reluctant in providing the same..

4.Please let me know the procedure for the integration.


Thanks a lot

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Joe Clarke Wed, 08/08/2007 - 05:18
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

1. Non-ACS TACACS+ mode handles authentication only. Authorization is still handled by the local LMS database. Therefore, users that need LMS access will need to be both in ACS and in LMS. The passwords, however, only need to be in ACS. When LMS is integrated with ACS (ACS mode) then authorization is also handled on the ACS server. This allows you to centralize all of your users on the ACS server, create custom LMS roles on the ACS server, and restrict users to certain devices.


2. This is really up to you, depending on what you want to achieve.


3. LMS needs to login to the ACS server via the CGI interface to perform synchronizations of the CiscoWorks roles and tasks, and to obtain the manageable device lists. Without this, ACS integration will not work.


4. You can find this by searching this forum. The basic integration steps have been discussed in quite a few threads.

Actions

This Discussion