03-25-2008 10:57 AM
We're doing a new install of LMS3 while we run LMS2.6 in parallel. We're ACS integrated on ver 2.6 and have quite a few customized groups configured in ACS. When I switch my LMS3 install to ACS, do I need to reregister with ACS? I'd hate to recreate all those customized groups if I don't have to.
Also, will this have any impact on my 2.6 install? I wouldn't think so, but if anyone can confirm, that'd be great.
TIA
03-25-2008 11:02 AM
You will need to re-register LMS with ACS after upgrading to LMS 3.0. There are quite a few new tasks (and a new role) that needs to be added to ACS. This will remove your current customized roles, but one role, the Super Admin role, is now built into LMS 3.0, and will not need to be recreated. Other custom roles will need to be recreated.
03-25-2008 11:23 AM
Thanks for the prompt reply. Are there still issues with ACS servers running on VMWare boxes?
03-25-2008 11:25 AM
I'm not certain if this is supported. I don't deal with the support of ACS beyond what is required for LMS. You might try asking on one of the security forums. That said, all of our NMS ACS servers (in our lab) are run on the physical machine.
03-25-2008 12:55 PM
thanks again. One last question if you don't mind. We have 3 ACS servers, I'm assuming I should put all three in so CW will properly register with each one, is that correct? Should I do them individually, or all @ once?
sb
03-25-2008 01:41 PM
If they are replicating, then you only need to register applications with one server, and that will replicate the the others. Then you can add the other two servers to LMS (but don't register applications).
If they are not replicating, then you will need to register applications with all servers, so it's best to add them all at the same time.
03-26-2008 10:34 AM
do you know if there are any compatibility issues with having both versions of LMS integrated on the same ACS Servers? i.e. after registering lms3 applications in acs, will there be any issues with the same ACS server handling AAA for LMS2.6?
03-26-2008 10:37 AM
No, both servers can share the same ACS.
03-27-2008 12:30 PM
Thanks for you help so far. I opened a TAC case (608264265) because when I attempt to register I get the following:
Primary ACS Verification Status (acs1)
Tacacs+ Connectivity : Reachable
HTTP/HTTPS Connectivity : Reachable
AAA Client : Not Configured
Secret Key Verification : Not Applicable
System Identity User : Not Applicable
Secondary ACS Verification Status (acs2)
Tacacs+ Connectivity : Reachable
HTTP/HTTPS Connectivity : Reachable
AAA Client : Not Configured
Secret Key Verification : Not Applicable
System Identity User : Not Applicable
Tertiary ACS Verification Status ( acs3 )
Tacacs+ Connectivity : Reachable
HTTP/HTTPS Connectivity : Reachable
AAA Client : Configured
Secret Key Verification : Success
System Identity User : Not configured properly for - (cwhp,cwportal,CiscoView,rme,CM,dfm)
ACS 1 and 2 are both running on VMWare ESX 3.5 servers
ACS 3 is on real hardware
ACS1 replicates down to 2 & 3 but not visa/versa.
When we were on a older version of ESX we had problems running jobs so we moved our current LMS 2.6 install to ACS3. However, ACS 1 and 2 both have the CW information registered.
Any thoughts as to what the problem could be? Are there still issues with CW and ACS while ACS is running on VMWare ESX?
Thanks again,
Simon
03-27-2008 12:35 PM
As I said before, I do not know if ACS is supported on VMWare. You need to either check on one of the security forums, or have your SR requeued to the ACS team to find out. If ACS is supported on VMWare, you should follow the instructions in the following thread to make sure LMS can properly register with ACS. That said, if ACS1 replicates to ACS2 and ACS3, you should only do the registration to ACS1 initially. Once the applications are registered and replicated, then add ACS2 and ACS3 to LMS.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide