APM with F5 2000S

Question

Hi Guys,&nbsp;
I have created an access policy that invokes radius authentication for any user coming from internet. I have also added in that policy that it should not invoke any authentication when users are coming from subnet let's say 192.168.x.x.&nbsp;
The part which is not working is when users are coming from 192.168.x.x. In the logs I see "Rule evaluation with error" and it prompts for Radius authentication. &nbsp;
The policy for excluding the subnet is:
expr { [IP::addr [mcget {session.user.clientip}] equals "192.168.0.0/16"] }&nbsp;
Any suggestions on where I am going wrong &nbsp;
Saurav&nbsp;

arpydays · Answer

try using an rule,
when ACCESS_SESSION_STARTED {
    if { [IP::addr [ACCESS::session data get session.user.clientip] equals 192.168.0.0/16] } {
        ACCESS::session data set session.user.radiusbypass 1
    }
}

then in VPE
expr { [mcget {session.user.radiusbypass}] == 1 }

boneyard · Answer

where did you use your code? could you show the policy?&nbsp;
you could try the ip with the quotes. beyond that nothing stands out a lot, i usually just try part by part until it works :)&nbsp;

Forum Discussion

APM with F5 2000S

2 Replies

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

F5 Software Downgrade from version 17.x.x to 15.x.x

Error diskmonitor

CPU utilization of F5OS on r2600

sslprovide (--f5 ssl) does not generate CLIENT/SERVER_TRAFFIC_SECRET on server-side TLS traffic

Hardware replacement i2800 to r2600

Related Content

APM variable assign examples

APM Optimisation Script

APM-Specific Features for Securing Your Website

APM Sharepoint authentication

What is BIG-IP APM?

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS