Forum Discussion

Shishir_84445's avatar
Icon for Nimbostratus rankNimbostratus
Jan 31, 2011




Forgive me if this is newbie question. I never worked with TACACS before.


I am setting up TACACS with BIG IP for Admin User Authentication. I want to know if I have to put config for privilege levels on TACACS server correlated to access levels on BIG IP? I mean do I have to mention on TACACS about what will be correlated privilege access level on TACACS with BIG IP? like privilege 15 --> "Admin" on BIG IP


privilege 1--> "Guest" on BIG IP








3 Replies

  • Have you read the article below?





  • Hi Chris,


    Yes I read the article written by you and that document is awesome. But I am little confused about the privilege levels on TACACS. This may be because I dont have much knowledge in TACACS. Anyways, let me put this way, is it possible to give one particular user a "Admin" access on few devices and Guest access on other device using the config you mentioned in the article?


    Appreciate your help.



  • If I understand the article, you should be able to customize the remoterole definitions on each LTM unit so that you can have a remote user set for admin access on one set of LTM units and as readonly on another set of units. You'd potentially want to configure separate groups on the TACACS server per LTM if you want separate mappings per unit.