1. Create an ACS server administrator account with full ACS privileges. This admin credential is required for CSM AAA Mode Setup.
2. Enable Network Device Group.
3. Rename User groups.
4. Create users and associate the users to appropriate groups.
5. Create system identity user and group this user. This same system identity user credential must also be created in CSM server.
6. Add AAA clients and assign the AAA clients to the appropriate network device group. The AAA client hostname must be exactly the same as the hostname of your devices.
1. Create system identity user account, and grant all authorization to this account.
2. Setup system identity user with the system identity user account credential.
3. Go to AAA Mode Setup, and select ACS, input the ACS administrator account (this is not system identity user account!) and key in the shared key.
4. In the AAA mode setup, check the box “Register all installed applications with ACS”. These applications are cwhp (CiscoWorks Home Page), csm (Cisco Security Manager clients) and AutoUpdate (AutoUpdate Server).
5. Restart Cisco Security Manager Daemon Manager (crmdmgtd) service.
On ACS: Rename User Groups
For this lab I will create four groups:
a. System Administrators
b. Security Administrators
c. Network Operators
d. Help Desk
On ACS: Create system identity user and group this user
System identity user is a special user account created to be shared by ACS and CSM.
I chose “sysid” for the system identity username, and chose a password then group this in System Administrator group.
The AAA client hostname must be the same as the hostname of CSM server and the Cisco device you want to manage.
Select ACS, then put in the ACS administrator account, and the shared secret.
Do not confuse the administrator account with system identity user account!
Check the box “Register all installed applications with ACS”. These installed applications are cwhp (CiscoWorks Home Page), csm (Cisco Security Manager clients) and AutoUpdate (AutoUpdate Server).
After you have put in all information click on Apply button.
Logout from the CiscoWorks Home Page. Then restart the Cisco Security Manager Daemon Manager service, you can do this by launching services.msc or use the command line.
To use the command line, open the command prompt in “Run as Administrator”, then type in
net stop crmdmgtd then type in
net start crmdmgtd
Items added in ACS 4.2
On ACS server click on Shared Profile Components, you will see additional items.
From the Group Setup, you can change the group settings, you will see additional items.
I will assign pre-defined roles to my groups.
I chose System Administrators group.
Click on Submit + Restart button once finished.