Using the guide for LMS/ACS4.1 integration, I have added a new user in ACS for LMS system identity setup; mirroring the existing system identity for our old CW (CW1) server (don't know the password for the old account, so mirroring was my best option). I have added the new Ciscoworks server (CW2) as a AAA client and for the remote agent service in ACS. Everything that exists for CW1, now appears identical for CW2.
In CW2, I am attempting to change from Non-ACS mode to ACS mode; configuring the IP & port of ACS, and using the administrator account for ACS and the shared key thats clearly being used for almost all devices. It seems as though login info is used properly, however I cannot achieve integration during this step because the following screen shows the progress failing ( I have quadruple checked my ACS setup and restarted the service a handful of times, even rebooted the ACS and CW2 systems yesterday):
LMS has been added to ACS as an AAA client and for Remote Agent services, using proper IP and settings. LMS is NOT multi-homed. ACS service was restarted and the actual device was rebooted yesterday, which did not correct the problem. Not sure how to figure out how many ports are open for administration. 2002 is used for web access, and i thought 49 is used for TACACS communication. Maybe this issue is just not intuitive in failing at AAA client "not configured" ??????? The configuration is the same as an exisitng, working CW/LMS server.
The only thing this error can mean is that the LMS server is not an AAA client, or ACS ran out of TCP ports when LMS tried to contact it. If another server works, the TCP ports are probably not the issue. You might try checking you ACS logs to see if there are any errors, or try sniffing on all TCP traffic between the ACS server and the LMS server when trying to test integration (assuming you're not using HTTPS on ACS, this may show the problem).
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...