Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

LMS ACS integration issue

https://www.cisco.com/en/US/prod/collateral/netmgtsw/ps6504/ps6528/ps2425/prod_white_paper0900aecd80613f62.html#wp9000132

Using the guide for LMS/ACS4.1 integration, I have added a new user in ACS for LMS system identity setup; mirroring the existing system identity for our old CW (CW1) server (don't know the password for the old account, so mirroring was my best option).  I have added the new Ciscoworks server (CW2) as a AAA client and for the remote agent service in ACS.  Everything that exists for CW1, now appears identical for CW2.

  In CW2, I am attempting to change from Non-ACS mode to ACS mode; configuring the IP & port of ACS, and using the administrator account for ACS and the shared key thats clearly being used for almost all devices.  It seems as though login info is used properly, however I cannot achieve integration during this step because the following screen shows the progress failing ( I have quadruple checked my ACS setup and restarted the service a handful of times, even rebooted the ACS and CW2 systems yesterday):

Tacacs+ Connectivity        | Reachable

HHTP/HTTPS Connectivity | Reachable

AAA Client                       | Not configured

Secret Key Verification      | Not applicable

System Identity User         | Not Applicable

3 REPLIES
Cisco Employee

Re: LMS ACS integration issue

How have you added the LMS server to ACS?  Did you restart ACS?  Is the LMS server multi-homed?  How many TCP ports do you have open for administration on the ACS server?

Community Member

Re: LMS ACS integration issue

LMS has been added to ACS as an AAA client and for Remote Agent services, using proper IP and settings.  LMS is NOT multi-homed. ACS service was restarted and the actual device was rebooted yesterday, which did not correct the problem. Not sure how to figure out how many ports are open for administration.  2002 is used for web access, and i thought 49 is used for TACACS communication.  Maybe this issue is just not intuitive in failing at AAA client "not configured" ??????? The configuration is the same as an exisitng, working CW/LMS server.

Cisco Employee

Re: LMS ACS integration issue

The only thing this error can mean is that the LMS server is not an AAA client, or ACS ran out of TCP ports when LMS tried to contact it.  If another server works, the TCP ports are probably not the issue.  You might try checking you ACS logs to see if there are any errors, or try sniffing on all TCP traffic between the ACS server and the LMS server when trying to test integration (assuming you're not using HTTPS on ACS, this may show the problem).

248
Views
0
Helpful
3
Replies
CreatePlease to create content