Filter
Top Products
11-5
User Guide for Device Fault Manager
OL-11390-01
Chapter 11 Administering DFM (Advanced)
System Administration
• CiscoSecure Access Control Server (ACS) Mode—ACS specifies the privileges associated with
roles; however, ACS also allows you to perform device-based filtering, so that users only see
authorized devices. Using ACS, which is called ACS mode, is supported when ACS is installed on
your network and DFM is registered with ACS. For more information, refer to Configuring Users
Using ACS Mode, page 11-5.
If Common Services is using ACS mode, DFM must also use ACS mode; otherwise, DFM users will not
have any permissions. However, if another instance of DFM is already integrated with ACS, the new
DFM will also be integrated with ACS.
You can also use the CiscoWorks Assistant Server Setup workflow to set the server login mode to ACS
mode, as described in User Guide for CiscoWorks Assistant 1.0.
Configuring Users Using CiscoWorks Local Mode
To add a user and specify their user role using CiscoWorks Local Mode, select Server > Security >
Single-Server Management > Local User Setup from the LMS portal. Click the Help button for
information on the configuration steps.
Use the CiscoWorks Permission Report to understand how each user role relates to tasks in DFM. From
the LMS portal, select Server > Reports > Permission Report and scroll down until you find Device
Fault Manager.
Configuring Users Using ACS Mode
To use this mode for DFM, Cisco Secure ACS must be installed on your network, and DFM must be
registered with ACS.
Step 1 Verify which mode the CiscoWorks server is using. From the LMS portal, select Server > Security >
AAA Mode Setup and check what is listed in the Current Settings table. Either CiscoWorks Local or
TACACS (ACS) will be displayed.
Step 2 Verify whether DFM is registered with ACS (if ACS Mode is being used) by checking the ACS server.
Step 3 To modify ACS roles:
• Refer to the ACS online help (on the ACS server) for information on modifying roles.
• Refer to the Common Services online help for information on the implications of ACS on the DCR
(specifically, role dependencies).
Note If you modify DFM roles using ACS, your changes will be propagated to all other instances of
DFM that are using Common Services servers which are registered with the same ACS server.
See the following for other information related to ACS:
• To register applications with ACS, and for information on supported ACS versions, refer to
Installing and Getting Started with CiscoWorks LAN Management Solution 3.0.
• To understand CiscoSecure Groups, Users, and Command Authorization Sets, see User Guide for
CiscoSecure ACS.
• For information on the implications of ACS custom roles on the DCR, see the online help for
Common Services.