LMS integration with ACS (RADIUS)

janvandek · ‎07-14-2009

We would like to integrate LMS with a RADIUS server. I found a lot of doc how to do that with the ACS server TACACS+. Does there also exist a doc how to do that with a RADIUS server ? What is the difference (TACACS vs RADIUS) in setting up this integration?

Thx for any advice or info

Jan

Joe Clarke · ‎07-14-2009

The only integration you can do is authentication. You will not be able to define custom roles or restrict what users can access what devices. To enable Radius authentication in LMS, go to Common Services > Server > Security > AAA Mode Setup, and select RADIUS as the login module. Enter your Radius server settings, and click OK.

After that, LMS will use the Radius server to authenticate users. You will still need to create local user accounts in LMS to provide authorization services, but the passwords do not have to be specified.

Marvin Rhoads · ‎07-14-2009

Have you looked at the Cisco document comparing TACACS+ and RADIUS? Here is a link:

http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a0080094e99.shtml

Apart from that, in general, you will have less functionality if you choose a product of than CiscoSecure ACS's TACACS+ implementation as your AAA integration option. For example, you will not have the functionality of Network Device Groups and pre-defined roles if you use RADIUS as your AAA module. These are granular authorization functions and RADIUS integration is limited to authentication (for the most part).

How to set up RADIUS as your module is covered in the Common Services User Guide, Chapter 4 (and was covered in Joe's response above).

Hope this helps.