For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

5 Replies

  • What_Lies_Bene1's avatar
    What_Lies_Bene1
    Icon for Cirrostratus rankCirrostratus
    May 12, 2014

    RADIUS and TACACS+ are both supported in TMOS v10 so you should be able to use ACS for remote user authentication.

     

  • Cory_50405's avatar
    Cory_50405
    Icon for Noctilucent rankNoctilucent
    May 12, 2014

    We used ACS 4.2 with v10.2.1 and 10.2.3 without issue. Getting it working can be a bit of a pain, but I'll offer a few key pointers:

     

    • Ensure you specify a Service Name of 'ppp' and Protocol Name 'ip' in your remote TACACS+ server configuration on the BIG-IP

       

    • Ensure your remote role name matches verbatim the group name within ACS (no spaces)

       

    • The attribute string that you set within your BIG-IP remote role needs to be defined as a custom attribute under your ACS group.

       

    • PaulStonehewer_'s avatar
      PaulStonehewer_
      Icon for Nimbostratus rankNimbostratus
      May 13, 2014
      Many thanks for your feedback. I will ensure the F5 engineers are aware.
    • Cory_50405's avatar
      Cory_50405
      Icon for Noctilucent rankNoctilucent
      Jun 02, 2014
      I no longer have access to an ACS 4.2 instance so I can't get any more specific than what I specified above.