Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ACS intergration with LMS


My client needs to integrate the LMS with the ACS 3.2. I checked the ACS option on the AAA Mode Setup.But it requires the Admin ACS credentials in Cisco works AAA-ACS mode.My client is concern why its not asking for the same in the NON ACS TACAC+.

1.I want to know what is the difference between the NON ACS TACAC+ and the ACS mode.

2.Which one should i choose for the integration with ACS3.2

3.What is the use of Admin ACS credentials in ACS mode.He is bit reluctant in providing the same..

4.Please let me know the procedure for the integration.

Thanks a lot

Cisco Employee

Re: ACS intergration with LMS

1. Non-ACS TACACS+ mode handles authentication only. Authorization is still handled by the local LMS database. Therefore, users that need LMS access will need to be both in ACS and in LMS. The passwords, however, only need to be in ACS. When LMS is integrated with ACS (ACS mode) then authorization is also handled on the ACS server. This allows you to centralize all of your users on the ACS server, create custom LMS roles on the ACS server, and restrict users to certain devices.

2. This is really up to you, depending on what you want to achieve.

3. LMS needs to login to the ACS server via the CGI interface to perform synchronizations of the CiscoWorks roles and tasks, and to obtain the manageable device lists. Without this, ACS integration will not work.

4. You can find this by searching this forum. The basic integration steps have been discussed in quite a few threads.