Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

LMS 2.6-"hidden" devices

When trying to verify what devices aren't in LMS, I've found that DCR will tell me a device already exists if I try to add it. Its apparently in LMS 'somewhere' but doesn't show up anywhere in DCR when I drill down through all groups. If I search DCR or Device Manager by name or IP, its empty. However, I may be lucky to find that its listed in the 'Devices that need to be added to ACS' report. What alternate method am I missing that will show me these devices?

thanks!

17 REPLIES
Cisco Employee

Re: LMS 2.6-"hidden" devices

Since you are integrated with ACS, you need to make sure that device's IP address and/or hostname is known to ACS. If you look at the Devices not in ACS report, you'll see the IP address and hostname of the device. Add the device as an ACS client using those values (or adjust an existing client's IP address range accordingly), then restart ACS, and logout and back into LMS.

New Member

Re: LMS 2.6-"hidden" devices

Cool, well that fixed a problem for a few of my devices. I do have several (all) MSFC modules that are still showing up as "not in ACS" even though I've verified they are. The credential test checks out and I can access the device using the same creds as what CW is set up to use. The only thing that may be different is these devices do have many IPs associated with them in ACS since they act as gateways to multiple networks. Not sure if that's an issue or not but they are all the same model. But they are in fact, on the same ACS server.

Cisco Employee

Re: LMS 2.6-"hidden" devices

Exactly how do they appear in the Not in ACS report, and how are they configured as clients of ACS?

New Member

Re: LMS 2.6-"hidden" devices

The display name on left column is the IP address. The attributes list the IP Address as the actual DNS/host name and the Host Name = the IP address.

Yes, I've fully checked that these are all ACS clients. But you do raise an interesting point as these devices were the only ones that reverse the IP and Host Name data on the Attributes column.... not sure why.

Cisco Employee

Re: LMS 2.6-"hidden" devices

Since the device shows up by IP address, and that IP address is a TACACS+ client in ACS (or that IP address is in a range of client addresses), then everything should work. Of course, this assumes you are not using NDGs in ACS. If you are using NDGs, then your System Identity User as well as the current logged in user need to have access to the NGD which contains this device.

New Member

Re: LMS 2.6-"hidden" devices

Following up on that, if you do see a device "not in ACS" in the report, how do you go about just deleting it entirely? Say, I put in a device that was never in ACS but is now retired and want to remove its existence in CW.

Cisco Employee

Re: LMS 2.6-"hidden" devices

You can either temporarily break ACS integration to delete the device, or add a bogus record to ACS, delete the device, then delete the ACS entry.

You might also be able to delete the device using dcrcli, but I do not have an LMS/ACS setup at the moment, so I cannot test.

New Member

Re: LMS 2.6-"hidden" devices

Thanks. I can't break ACS integration but if you find any more info using the DCRCLI please let me know.

Cisco Employee

Re: LMS 2.6-"hidden" devices

You can try this:

dcrcli -u admin cmd=lsids all

If you see the hidden device there, try:

dcrcli -u admin cmd=del id=ID

Where ID is the ID you see in the lsids command.

New Member

Re: LMS 2.6-"hidden" devices

thanks, I found and deleted two of the four devices. Any idea where I could find the other two?

Cisco Employee

Re: LMS 2.6-"hidden" devices

If they are not being shown via dcrcli, then the only way would be to break the ACS integration. If they are still not showing up, this may point to a corrupt CMF database.

New Member

Re: LMS 2.6-"hidden" devices

Going back to this Jclarke. I'm accumulating more and more in the "not in ACS" report that don't show up in DCRCLI and am getting into some secondary issues with aliasing in DFM on devices I can't delete in CS.

Short of rebuilding a new CW install, what would you recommend I do to clean these devices up? thanks

New Member

Re: LMS 2.6-"hidden" devices

Going back to this Jclarke. I'm accumulating more and more in the "not in ACS" report that don't show up in DCRCLI and am getting into some secondary issues with aliasing in DFM on devices I can't delete in CS.

Short of rebuilding a new CW install, what would you recommend I do to clean these devices up? thanks

Cisco Employee

Re: LMS 2.6-"hidden" devices

Follow my previous instructions. You either need to add the devices showing up in this report to the ACS server to which LMS is integrated, or temporarily break ACS integration, remove the devices from DCR, then setup filters so that they do not get re-added. Once DCR is to your liking, you can then re-enable ACS integration.

New Member

Re: LMS 2.6-"hidden" devices

Once we add the device into ACS, how do we get LMS to move it into DCR and remove from the "not in ACS" list? Thanks!

Cisco Employee

Re: LMS 2.6-"hidden" devices

This happens automatically once you log out and log back in. In extreme cases, restarting Daemon Manager may be required.

New Member

Re: LMS 2.6-"hidden" devices

Had to restart Daemon Mananger and device was in DCR. Thanks!

206
Views
0
Helpful
17
Replies