LMS 3.0.1 Device not visible in DCR

Unanswered Question
May 23rd, 2008

When I try to manually add a device to the DCR the message "duplicate device" appears, but when I search the DCR neither the device name or ip address appears.

This is not a recently placed device, it just uses different credentials then the default device credentials.

Does anyone have any idea? Please help!

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Oh its not going to be fun, but you can find it. Do a "sho ip int brie" on the device you are trying to add, then use those addresses one by one in the search bar to see what pops up.

Its not an infrequent occurance, but I would suggest that you consider using a rule of thumb for the authorative identity of all of your devices.

Mine below is pretty standard, but has some variences due to product differences (such as IOS switches)

Order of precidence for device identity interface:

Lo0

Next Highest Lo

Lowest number ethernet interface

Lowest numbered interface

orsonjoon Tue, 08/26/2008 - 22:17

I've found the problem, when Ciscoworks runs in ACS-mode ALL devices and I mean ALL devices you want to manage whether or not you use AAA on the device must be configured in the ACS server, or they won't show up in the DCR, even though the devices are discovered by Common services.

This is logical it seems for common users in Ciscoworks, but for an administrator account?? Doesn't seem logical now does it?

Joe Clarke Tue, 08/26/2008 - 22:35

Actually, it does. Even as an administrator, you must be authorized to view devices. Think of this way. Say you're a managed service provider, and you have multiple customers logging into the same LMS server. Just because a user is an administrator doesn't mean they should have access to all devices. They should only have access to THEIR devices.

That said, there must be at least one SuperAdmin user (the System Identity User). This user needs to have access to ALL devices in ACS in addition to the LMS server. Therefore, it is best to assign this user's group the Super Admin role for all devices, and don't list out individual NDGs.

orsonjoon Tue, 08/26/2008 - 23:01

Thanks for your reply,

Are you saying that in the ACS server the Super Admin role must be assigned for all Ciscoworks applications, for the ACS users device group to see all devices in DCR?

Actually this was allready the case before I posted this message, but even with the Super admin role assignbed to the users in that ACS group, they still can't see all devices.

Any suggestions?

Joe Clarke Wed, 08/27/2008 - 08:38

If the role is assigned to each LMS application in a given ACS group, then all the users in that group will have full access to all LMS tasks for all devices that are BOTH in LMS AND in ACS. Any devices managed by LMS which are not clients of the same ACS server will not be visible, even to Super Admins.

Actions

This Discussion