Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

No fallback login in CiscoWorks LMS 3.1

Hi:

We configured LMS in ACS mode with fallback.

The integration works fine, but when we try to take the ACS (4.2) down to try the fallback login in LMS, it does not work.

First we try stopping ACS services, but we realized that the server answered with TCP RESETs.

Then we disabled the NIC and so no IP conectivity was available.

But as you can see in the image, LMS still thinks that ACS is reachable, although  HTTP or HTTPS are not. And never activates the fallback mode.

The funny stuff is that trying from the CLI, with ACSTestTool.pl, it considers no conectivity to the server.

Any suggestions?

Thanks a lot

Julio

Everyone's tags (4)
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: No fallback login in CiscoWorks LMS 3.1

You have enabled full ACS integration.  In this mode, fallback will not work.  If you set the type to Non-ACS mode, then just use the TACACS+ login module for authentication, then you will be able to use fallback.

6 REPLIES
Cisco Employee

Re: No fallback login in CiscoWorks LMS 3.1

It looks like your integrated with ACS vs. just using TACACS+ for authentication.  With full integration, fallback does not work.

New Member

Re: No fallback login in CiscoWorks LMS 3.1

Hi Joseph:

I'm sorry, but I don´t fully understand your response.

Login Module for LMS is TACAC+, allowing certain user(s) to fallback to the CiscoWorks Local login if preceding login fails.

And then, the AAA Mode Setup ACS for Current Login Module: TACACS+

As far as I know ACS performs authentication and authorization (that is to say that the local roles are not considered any more after the integration).

And I believe that in case the connection with ACS is not available, the fallback means that the users configured in the Login Module could be authenticated locally, with their respective local roles enabled for authorization. Is it like this?

I don´t about other integration different from full betwenn LMS and ACS. Please, could you explain this?

Thank you very much.

Julio

Cisco Employee

Re: No fallback login in CiscoWorks LMS 3.1

When you go to Common Services > Server > Security > AAA Mode Setup, what is the current Type?  Is it Non-ACS or ACS mode?

New Member

Re: No fallback login in CiscoWorks LMS 3.1

First I configure NON-ACS --> TACACS+ --> LOGIN MODULE OPTIONS (please see figure)

And then AAA mode setup ACS --> please see figure.

Thanks a lot

Julio

Cisco Employee

Re: No fallback login in CiscoWorks LMS 3.1

You have enabled full ACS integration.  In this mode, fallback will not work.  If you set the type to Non-ACS mode, then just use the TACACS+ login module for authentication, then you will be able to use fallback.

New Member

Re: No fallback login in CiscoWorks LMS 3.1

Ok Joseph,

Thank you very much. I see I had misunderstood the feature.

Thanks a lot.

Julio

602
Views
0
Helpful
6
Replies
CreatePlease login to create content