Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

LMS INTEGRATION WITH REDUNDANT ACS

Hi dear people:

We want to integrate (full integration: authentication & authorization) LMS (ver 3.1) with a redundant ACS (ver 4.2).

Is there any procedure o white paper to do it? (I am aware of this wp: http://www.cisco.com/en/US/prod/collateral/netmgtsw/ps6504/ps6528/ps2425/prod_white_paper0900aecd80613f62.html)

My question is aimed to the way the integration is done when two ACS servers are involved.

As both (ip or hostname) servers are configured in LMS, does it try both ACS?

And if so LMS apps are enabled in both ACS? Or it is done only in the first and the second receive the configuration at the replication time?

I suppose that there are different ways to do it, isn´t it?

a) May be the less effort way could be integrating with one ACS server first (configure only the primary ACS server in LMS), and then force replication to the second ACS and finally add the second ACS server in the LMS configuration.

b) Another should be configuring LMS parameters in the primary ACS server, then force replication, and finally integrate configuring both ACS servers in the LMS.

Dear people, should you send your experiences and considerations to avoid mistakes in this task?

Thanks a lot.

Julio

Everyone's tags (4)
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: LMS INTEGRATION WITH REDUNDANT ACS

The best way to do this is to first integrate with the primary ACS server.  Install the application data to this server.  Then force a replication from the primary to the secondary.  Then, add the secondary server address to LMS but do not re-register the applications.  LMS will try and authenticate/authorize to the main server.  If that server is unreachable, it will fall back to the secondary server.

2 REPLIES
Cisco Employee

Re: LMS INTEGRATION WITH REDUNDANT ACS

The best way to do this is to first integrate with the primary ACS server.  Install the application data to this server.  Then force a replication from the primary to the secondary.  Then, add the secondary server address to LMS but do not re-register the applications.  LMS will try and authenticate/authorize to the main server.  If that server is unreachable, it will fall back to the secondary server.

New Member

Re: LMS INTEGRATION WITH REDUNDANT ACS

Thanks a lot, Joseph!!

As usual, a flawless answer!

Cheers,

Julio

365
Views
0
Helpful
2
Replies