LMS integration with ACS (RADIUS)

Unanswered Question
Jul 14th, 2009
User Badges:

We would like to integrate LMS with a RADIUS server. I found a lot of doc how to do that with the ACS server TACACS+. Does there also exist a doc how to do that with a RADIUS server ? What is the difference (TACACS vs RADIUS) in setting up this integration?

Thx for any advice or info

Jan

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.5 (2 ratings)
Loading.
Joe Clarke Tue, 07/14/2009 - 15:15
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

The only integration you can do is authentication. You will not be able to define custom roles or restrict what users can access what devices. To enable Radius authentication in LMS, go to Common Services > Server > Security > AAA Mode Setup, and select RADIUS as the login module. Enter your Radius server settings, and click OK.


After that, LMS will use the Radius server to authenticate users. You will still need to create local user accounts in LMS to provide authorization services, but the passwords do not have to be specified.

Marvin Rhoads Tue, 07/14/2009 - 15:30
User Badges:
  • Super Silver, 17500 points or more
  • Cisco Designated VIP,

    2017 Firewalling, Network Management, VPN

Have you looked at the Cisco document comparing TACACS+ and RADIUS? Here is a link:


http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a0080094e99.shtml


Apart from that, in general, you will have less functionality if you choose a product of than CiscoSecure ACS's TACACS+ implementation as your AAA integration option. For example, you will not have the functionality of Network Device Groups and pre-defined roles if you use RADIUS as your AAA module. These are granular authorization functions and RADIUS integration is limited to authentication (for the most part).


How to set up RADIUS as your module is covered in the Common Services User Guide, Chapter 4 (and was covered in Joe's response above).


Hope this helps.

Actions

This Discussion