Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ACS and LMS 3.0


I have updated LMS 2.6 to 3.0, but I have a problem with implementing LMS 3.0 in ACS 3.3 (1) Build 16.

For all User there is not the correct privileges for all applications.

In ACS I've build a AAA Client (LMS-Srv)and gives Group/User "System Administration" rights for all applications.

In LMS "AAA Mode Setup" I configured Tacacs-Server address/port, register all installed applications and so on. After "Apply" the popup displays: Tacacs+, HTTP/HTTPS, AAA Clinet configured, Secret Key Verification -> all successed/configured. But on "System Identification User" displays: Not configured properly for -(rme, CM, dfm, cwportal, ipm). The System ID User is in Tacacs a Superuser.

In ACS I can see that all application are registered, but in User or Group Setup there is for all application two Intems e.g. cwhp and Cisco Works, CM and Cisco Campus Manager, rme and Ressource Manager Essentials, cwportal and Cisco Works Portal and so on.

I don't know is it correct or is it just the registration of old LMS 2.6 ???? But the problem is the privileges of users. in Tacacs-log I can see "Login in cwhp with privilege level 1". How can I change the privilege level for Cisco Works Applications in 15 or "System Administrator".

Thanks for Help.

Greeting Rene

  • Network Management
Cisco Employee

Re: ACS and LMS 3.0

In LMS 3.0 we create a new ACS role called Super Admin (for all applications). Assuming application registration completed successfully, you should see the Super Admin role under all LMS applications. The list of applications you should have under Shared Profile Components is:

Ciscoworks Common Services

CiscoWorks Portal


Resource Manager Essentials

Ciscoworks Campus Manager

Device Fault Manager

Internetwork Performance Monitor

And as I said, each one should have a Super Admin role within it.

Once you have all the new attributes registered with ACS, configure your System Identity User's ACS group such that its CiscoWorks applications (all of the ones listed above) are granted Super Admin access. Once that is done, you should be able to complete registration.

This widget could not be displayed.