ACS and Cisco works integration

I have authenticated cisco works with ACS as cwadmin. I am not able to view the device added through tacacs+ authentication. But the device is searchable through ip address in chasis view and am able to configure it. Please suggest a method to view the device in device management and device centre.

I have reinstalled cisco works and again added devices in acs mode. it works now. Thank you. But now the problem is it doesnot list in campus manger, or vlan port assignment. can i know any configuration is required for this?

Similar Messages

  • ACS and Cisco Works

    I have landed a pretty big WLAN roll out. 75 1231 WAP's and ACS for authencation and Cisco Works with WLAN engine installed. ACS Radius should be the straight forward to configure has anyone run into any gotchas installing it. Cisco Works also should be straight forward. One other thing is Cisco no longer sales Site Survey Kits so I have to piece mill one or two from scratch. Is there a Cisco partner that sells them.

    check here for some information on WLAN:
    http://www.cisco.com/pcgi-bin/Support/browse/psp_view.pl?p=Technologies:Wireless_LAN_General&viewall=true

  • Cisco Works Integration with MARS

    Can cisco works be integrated with MARS. I mean cisco works is acting as a syslog server for some switches. Can mars pull the records from Cisco Works and use it for its co-relation

    As Michael pointed out, configuring two syslog destinations on your switch is possible, and allows the switch to send to both CiscoWorks and CS-MARS simultaneously.  This affords the safety that should one system be down, the other system will continue to receive syslog events from the switches.  Should you not wish to configure two logging destinations on your switch, you could configure your switches to send their syslogs to CS-MARS and configure CS-MARS to relay the received syslog messages to CiscoWorks.  This options is outlined in the CS-MARS user guide:
    http://www.cisco.com/en/US/docs/security/security_management/cs-mars/6.0/user/guide/combo/cfgOver.html#wpmkr181270
    Scott

  • Integrating Cisco ACS and Cisco NAC Manager - Downloadable ACL

    Hi There
    I have Cisco NAC setup in my environment. These are all working fine. The users will get themselves authenticated via Cisco NAC Manager. The Cisco NAC Manager talks to the Cisco ACS for the user database portion. These are all working fine. I would like to enable Downloadable ACL. I have tried using the CISCO-AV-PAIR method and creating a downloadable ACL entry in Shared Components, but nothing works. It's either I'm doing it wrongly or this setup of mine doesn't support downloadable ACL? Please kindly advice.
    Regards,
    Ram
    +6-012-2918870

    Hi,
    That is not possible.
    You cannot push ACLs into the NAC manager.
    If you are doing Radius authentication from NAC manager, what you can do is to create Roles on the NAC manager, and on those roles you define traffic policies.
    Using Radius attributes you can then map users to Roles.
    Please take a look into this:
    http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/48/cam/m_auth.html#wp1158789.
    HTH,
    Tiago
    If  this helps you and/or answers your question please mark the question as  "answered" and/or rate it, so other users can easily find it.

  • Cisco Unified Presence and Cisco CCX Integration.

    Hi,
    Please suggest how to integrate Cisco Unified Presence with Cisco UCCX. What are the configuration are to be done on Cisco Unified Presence and CCX.
    Any good documents..
    Appreciate your response.
    Regards,
    Manish.

    Hi,
    The easiest thing to do is get CUPC working with the agent's credentials. Once that is working, you know that the CUPS piece is right. The document supplied previously shows the very limited CAD configuration that is required. This should go fine once you get CUPC working with the agent's information.
    Keep in mind that CUPC is not the same as CAD and there are important differences:
    1. You need to add an Inbound ACL to the CUPS server to allow connections from the CAD PCs as CAD does not support Message Digest as CUPC does. This is CSCtb50109.
    2. CAD does not escape special characters in the password, so use a password without special characters. This is
    /* Style Definitions */
    table.MsoNormalTable
    {mso-style-name:"Table Normal";
    mso-tstyle-rowband-size:0;
    mso-tstyle-colband-size:0;
    mso-style-noshow:yes;
    mso-style-priority:99;
    mso-style-qformat:yes;
    mso-style-parent:"";
    mso-padding-alt:0in 5.4pt 0in 5.4pt;
    mso-para-margin:0in;
    mso-para-margin-bottom:.0001pt;
    mso-pagination:widow-orphan;
    font-size:11.0pt;
    font-family:"Calibri","sans-serif";
    mso-ascii-font-family:Calibri;
    mso-ascii-theme-font:minor-latin;
    mso-fareast-font-family:"Times New Roman";
    mso-fareast-theme-font:minor-fareast;
    mso-hansi-font-family:Calibri;
    mso-hansi-theme-font:minor-latin;
    mso-bidi-font-family:"Times New Roman";
    mso-bidi-theme-font:minor-bidi;}
    CSCtf25959.

  • Lost connection between ACS and AD

    Hi
    I'm having a trouble with authentication to my WLAN. We are running a solution with LEAP and ACS 3.0 which gets it's users from our Active Directory. During the summer our ACS-servers seems to have lost the AD-connection and I'm no longer able to EAP-authenticate. All I get in the ACS is "Radius extension DLL rejected user".
    The AD and the ACS are on the same network but not on the same machine. I can log in if I add a local user in the ACS. I've also tried to empty my cached user database in the ACS but to no avail.
    One theory of mine is that it has something to do with a couple och hotfixes that Microsoft released in the middle of July.
    T.I.A
    /Tommy

    Hi
    Thanks for your replies. An update on the issue:
    I've gone through the issues in the suggestion made by cisco in the link:
    http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_field_notice09186a00800b1583.shtml
    but to no avail.
    At first we could se an error in the eventlog stating that the user didn't have sufficient rights but it disapeared when we created an account and ran the ACS-services via it.
    After that we tried to set up a local user in the ACS and it works like a charm even then the AD-accounts can't connect.
    We also tried to remove the hotfixes released by Microsoft but still nothing.
    Right now it seems as if the AD authenticates the user correctly but then the ACS says no. Here's the eventlog and the corresponding ACS-log.
    NT
    AUTH 08/19/2004 08:20:27 I 0266 1524 External DB [NTAuthenDLL.dll]: Starting MSCHAP authentication for user [LINEDU\gustomedu]
    AUTH 08/19/2004 08:20:27 I 0266 1524 External DB [NTAuthenDLL.dll]: Attempting NT/2000 authentication
    AUTH 08/19/2004 08:20:27 I 0266 1524 External DB [NTAuthenDLL.dll]: NT/2000 authentication SUCCESSFUL (by METIS)
    AUTH 08/19/2004 08:20:27 E 0266 1524 External DB [NTAuthenDLL.dll]: LookupAccountSidA failed
    ACS
    08/19/2004 08:20:27 Authen failed LINEDU\gustomedu Default Group 000a8aa291a8 Radius extension DLL rejected user .. .. 37 148.136.120.30
    The status right now is that it is working as long as we restart the ACS-server once a day.
    Tommy

  • Cisco Works LMS 3.1 Integration with ACS v5.2

    Hello Experts,
    our customer has a working integration with the Cisco Works LMS 3.1 and an ACS v3.3 as it is described in this document:
    http://www.cisco.com/en/US/prod/collateral/netmgtsw/ps6504/ps6528/ps2425/prod_white_paper0900aecd80613f62.html
    Now we are changing the old ACS Servers to the new ACS v5.2 platform. Is it possible to integrate the LMS to the new ACS Server? We want to use a granular user access restriction for SuperAdmins, Hotline Users an so on...
    Thanks,
    Florian

    Hi Florian,
    actually the ACS 5.2 is not supported in CS 3.2
    here is a list of the supported ACS servers under LMS 3.1
    http://www.cisco.com/en/US/docs/net_mgmt/ciscoworks_common_services_software/3.2/user/guide/admin.html#wp865998

  • RSA SecurID and Cisco ACS integration for user(s) with enable mode

    I thought I had this problem figured out but I guess not.
    I have a Cisco 2621 router with IOS 12.2(15)T17. Behind the
    router is a Gentoo linux, RSA SecurID 6.1 and Cisco ACS 3.2.
    I use tacacs+ authentication for logging into the Cisco router
    such as telnet and ssh. In the ACS I use "external user databases"
    for authentication which proxy the request from the ACS over
    to the RSA SecurID Server. I installed RSA Agents with
    sdconf.rec file on the Cisco ACS server. I renamed "user group 1"
    to be "RSA_SecurID" group. In the "External user databases" and
    "database configurations" I assign SecurID to this "RSA_SecurID"
    group.
    Everything is working fine. In the "User Setup" I can see dynamic
    user test1, test2,...testn listed in there as "dynamic users". In
    other words, I can telnet into the router with my two-factor
    SecurID.
    The problem is that if test1 wants to go into "enable" mode with
    SecurID login, I have to go into "test1" user setting and select
    "TACACS+Enable Password" and choose "Use external database password".
    After that, test1 can go into enable mode with his/her SecurID
    credential.
    Well, this works fine if I have a few users. The problem is that
    I have about 100 users that I need to do this. The solution is
    clearly not scalable. Is there a setting from group level that
    I can do this?
    Any ACS "experts" want to help me out here? Thanks.

    That is not what I want. I want user "test1" to be able to do this:
    C
    Username: test1
    Enter PASSCODE:
    C2960>en
    Enter PASSCODE:
    C2960#
    In other words, test1 user has to type in his/her RSA token password to get
    into exec mode. After that, he/she has to use the RSA token password to
    get into enable mode. Each user can get into "enable" mode with his/her
    RSA token mode.
    The way you descripbed, it seemed like anyone in this group can go directly
    into enable mode without password. This is not what I have in mind.
    Any other ideas? Thanks.

  • Integration Of Cisco ACS and MS Active Directory !!!

    Hi all,
    We have and Cisco ACS v4.2 on a Cisco Appliance, and we need to integrate it with Active Directory. Can you help me??
    Thanks for your help
    Regards!!!
    Rafael Turriago

    Hi,
    If you have ACS SE and you want to integrate with MS AD, then you need to install Cisco ACS Remote Agent on a PC that belongs to the domain.
    The ACS SE does not "speak" directly to the DCs, but rather to the ACS Remote Agent.
    The Remote Agent is the application responsible to exchange data with the DCs.
    You can find detailed information in the config guide:
    http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2/user/guide/UsrDb.html#wp353636.
    HTH,
    Tiago
    If  this helps you and/or answers your question please mark the question as  "answered" and/or rate it, so other users can easily find it.

  • Cisco Works LMS R3.1 with ACS R5.1

    I search on internet about the AAA integration between LMS R3.1 y ACS R5.1, and all the information that I found it's related to ACS R4.1. It's possible to integrate with ACS R5.1.
    Regards and thanks in advanced
    Luis Martinez

    Nael,
    Sorry to batter you, but I was trying to migrate my Cisco Works LMS R3.1 to R3.2 and from the support page of CISCO I just can donwload the following version LMS R3.2.1 (LMS R3.2 service pack 1). I tried to install that version but i got an error that saids "LMS R3.2.1 needs LMS R3.2 installed on the server"
    Could you please tell me where can I download the complete and initial LMS R3.2.
    Thanks in advanced for your kindly help.
    Luis Martinez

  • Cisco Works "Devices not configured in ACS"

    Hi!
    I have instaled Cisco Works ver. 4.3.1
    I have added using the Device Discovery, my devices. Some of them where not configured already on ACS with the loopback address, that was the one on the discovery configurations. Because of that, i could not manage those devices, althoug i could authenticate on them. I then updated the ACS with the loopback address, and configured the router's to authenticate using the source-interface of the loopback.
    The problem is that i keep not being able to manage this devices on the cworks, because the are still as "Devices not configured in ACS".
    Can anyone help me here?
    Regard's
    Miguel Amaral

    Hi,
    This happens, when you integrate the ciscoworks with ACS and Router/switches not configured with ACS. Try to reconfigure the device in ACS, try removing and adding it again in common services...Try for a single device and check it out... Try stopping/starting cw services after that // net stop crmdmgtd, net start crmdmgtd. Revert with the results..

  • Juniper SSG and Cisco ACS v5.x Configuration

    I searched for a long time unsuccessfully trying to find a resolution to my SSG320M and Cisco ACS v5.x TACACS dilemma.  I finally got it working in my network, so I'm posting the resolution here in case anyone else is looking.
    Configure the Juniper (CLI)
      1. Add the Cisco ACS and TACACS+ configuration
         set auth-server CiscoACSv5 id 1
         set auth-server CiscoACSv5 server-name 192.168.1.100
         set auth-server CiscoACSv5 account-type admin
         set auth-server CiscoACSv5 type tacacs
         set auth-server CiscoACSv5 tacacs secret CiscoACSv5
         set auth-server CiscoACSv5 tacacs port 49
         set admin auth server CiscoACSv5
         set admin auth remote primary
         set admin auth remote root
         set admin privilege get-external
    Configure the Cisco ACS v5.x (GUI)
      1. Navigate to Policy Elements > Authorization and Permissions > Device Administration > Shell Profiles
            Create the Juniper Shell Profile.
            Click the [Create] button at the bottom of the page
                    Select the General tab
                            Name:    Juniper
                            Description:  Custom Attributes for Juniper SSG320M
                    Select the Custom Attributes tab
                        Add the vsys attribute:
                            Attribute:                vsys
                            Requirement:       Manadatory
                            Value:                    root
                            Click the [Add^] button above the Attribute field
                        Add the privilege attribute:
                            Attribute:                privilege
                            Requirement:       Manadatory
                            Value:                    root
                                    Note: you can also use 'read-write' but then local admin doesn't work correctly
                            Click the [Add^] button above the Attribute field
                    Click the [Submit] button at the bottom of the page
    2. Navigate to Access Policies > Access Services > Default Device Admin > Authorization
            Create the Juniper Authorization Policy and filter by Device IP Address.
            Click the [Customize] button at the bottom Right of the page
                    Under Customize Conditions, select Device IP Address from the left window
                            Click the [>] button to add it
                    Click the [OK] button to close the window
                    Click the [Create] button at the bottom of the page to create a new rule
                            Under General, name the new rule Juniper, and ensure it is Enabled
                            Under Conditions, check the box next to Device IP Address
                                    Enter the ip address of the Juniper (192.168.1.100)
                            Under Results, click the [Select] button next to the Shell Profile field
                                    Select 'Juniper' and click the [OK] button
                            Under Results, click the [Select] button below the Command Sets (if used) field
                                    Select 'Permit All' and ensure all other boxes are UNCHECKED
                            Click the [OK] button to close the window
                    Click the [OK] button at the bottom of the page to close the window
                    Check the box next to the Juniper policy, then move the policy to the top of the list
                    Click the [Save Changes] button at the bottom of the page
    3.  Login to the Juniper CLI and GUI, and attempt to change something to verify privilege level.

    Cisco Prime LMS is not designed to manage appliances like the ACS. ACS is not on the LMS supported device list and I would doubt that it would be as LMS's functions are mostly not applicable to the appliance or software running on it.
    You can use ACS as an authentication source for LMS, but authorization is still role-based according to the local accounts on the LMS server.

  • Cisco VCS/Codian MCU and Lync 2013 integration

    Hi,
    I would like to know if Lync 2013 is supported to work with:
    - Cisco Tandberg VCS version x6.1
    - Cisco Codian 4.1 (comp. 6.16)
    Is it necessary to update both devices to be supported/homologated/qualified?
    Thanks

    Hi, Kent ... From what I'm seeing so far the challenges of integrating Cisco/Tandberg equipment and Lync 2013 are the same as what you may have already encountered with Lync 2010.  Since the Cisco endpoints and MCU cannot register directly to Lync 2010
    or 2013, you will need to leverage the VCS systems as your SIP gateway between them and Lync clients.  In Lync 2010 there were limitations as to the interoperability of the H.263/264 codec used by Cisco gear and the RTV codec that Lync was restricted
    to, and we often experienced frozen video feeds from Lync clients or an inability to connect to individual Cisco endpoints or conferences hosted by the Codian MCU.  Even though Lync 2013 will use H.264 as a codec for the video stream, I anticipate there
    will still be challenges interconnecting through the VCS as well as providing content between Lync and Cisco endpoints.  However, I expect an increase in the video quality since Lync 2013 supports higher resolutions and also uses a non-proprietary codec. 
    I expect content to still be unreliable for the Lync participant, even when using a Codian MCU.
    You will still need to setup your VCS with a separate Neighbor zone for the Lync 2013 server just as you did for Lync 2010.  I wouldn't hold my breath for Cisco to update the VCS software to accomodate the specific needs of Lync 2013, but at least the
    VCS will get the correct video codec and connect your call.  I don't know about you but I had to put my Cisco units and MCU into a separate SIP domain from the Lync pool, and then create a static route for the Cisco SIP domain on the Lync 2010 front-end
    server.  I expect to do the same in Lync 2013.
    Ideally, Microsoft and Cisco would agree that SIP is SIP, and whether an endpoint registers with VCS, UCM or Lync shouldn't be relevant.  Alas, it'll be a long, long time before that is true, certainly not as long as Microsoft and Polycom have
    such a tight bond.  I plan on implementing Lync 2013 in the next few months and will gladly post any progress here.  At this point my plan is to simply mirror the static route and configuration I have with Lync 2010.  My VCS and Codian units
    are running software versions just a little ahead of yours and work fine.
    Good luck!

  • Cisco ISE 1.2 and Cisco ACS 5.4 patch 6 and support for snmp version 3

    does anyone know if cisco ISE version 1.2 patch 8 and Cisco ACS 5.4 patch 6 support snmp version 3?
    ciscoISE/admin(config)# snmp-server ?
      community  Set community string
      contact    Text for mib object sysContact
      host       Specify hosts to receive SNMP notifications
      location   Text for mib object sysLocation
    ciscoISE/admin(config)# snmp-server
    Ciscoacs/admin(config)# snmp-server ?
      community  Set community string
      contact    Text for mib object sysContact
      host       Specify hosts to receive SNMP notifications
      location   Text for mib object sysLocation
    Ciscoacs/admin(config)# snmp-server

    No support SNMP v3 on ISE v1.2 and 1.3 except for profilling
    http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/cli_ref_guide/ise_cli/ise_cli_app_a.html#12768
     http://www.cisco.com/c/en/us/td/docs/security/ise/1-3/cli_ref_guide/b_ise_CLIReferenceGuide/b_ise_CLIReferenceGuide_chapter_0100.html#ID-1364-00000d30

  • Cisco Works - need to re-use a 3560, how to delete and re-add in Cisco Works

    Hello.  I did not see a cisco works section on the forum, forgive me if it's there and I missed it.  I have removed a 3560 switch from one location and am going to rename it (same IP though) and deply it in a different department.  We have cisco works sending critical and informational alerts as well as backup the configs on Sunday mornings.  I think I was able to get it to stop sending alerts when I unplugged and unhooked the switch.  I want to give the switch a new host name and re-deploy it.  I assume it will be easier to delete and then re-add the switch to cisco works.  Is the a document where I can follow steps to remove it from cisco works?  I have the documentation, but it is hard to read and they don't really have an area that specifically says "remove a switch from cisco works", and I don't want to break everything for the other 55 switches that cisco works does do the alerts and backups for.  I know cisco works is full of different modules, so I was wondering if there was a document or some type of help I could get for doing this.  Any help would be greatly appreciated.  Thanks.  Mike Baker

    Hi,
    It sounds like a tutorial may be what you are looking for. Here is one based on LMS 3.1.
    https://learningnetwork.cisco.com/docs/DOC-4031
    To remove a device from DCR (Device & Credential Repository) navigate to Common Services > Device and Credentials > Device Management.
    Thanks,
    Nick

Maybe you are looking for

  • SAP NetWeaver 7.02 ABAP Trial Version - port issue

    Hi All, im trying to instal 7.02 trial on Win server 2003 but at the begining got this error: Error while connecting to communication partner - see preceeding messages. Could not connect to host localhost on port 21212. java.net.ConnectException: Con

  • U410: Windows from scratch

    Hello, I bought a Lenovo U410 (HDD: 750 GB, SDD: 32 GB, 8 GB RAM) in Germany in August last year. It was working really good until I tried to install Ubuntu on it. When I was trying to do it, I got lots of problems because of the RAID configuration (

  • SQL statement help

    If someone would be so kind, I need help in formulating a SQL statement. Table A - employees(empoyee_id, employee_name, status) This table contains all employees employee status can be one of three values (A=active, T=temporary, I=inactive) Table B -

  • "Configure Web Server" missing

    Hi, I'm doing a fresh install of EPM 11.1.2 on a new server. First time I see this, in the configuration tool, I don't have the "Configure Web Server". Under foundation I have - Comon Settings - Configure Database - Configure Local Address for Web Ap

  • IPod recognized, but restore is no good

    My girlfriend has a brand new iPod straight out of the box, and I am trying to set it up for her. She already tried to install it on her work computer, but wasn't allowed to download the updates. When I turn on the iPod, says "Connet to your computer