Forum Discussion
Shishir_84445
Nimbostratus
NimbostratusBIG Ip and TACACS
Hello,
Forgive me if this is newbie question. I never worked with TACACS before.
I am setting up TACACS with BIG IP for Admin User Authentication. I want to know if I have to put config for privilege levels on TACACS server correlated to access levels on BIG IP? I mean do I have to mention on TACACS about what will be correlated privilege access level on TACACS with BIG IP? like privilege 15 --> "Admin" on BIG IP
privilege 1--> "Guest" on BIG IP
Thanks.
Shishir
3 Replies
- Chris_Miller
Altostratus
Have you read the article below?
http://devcentral.f5.com/Tutorials/TechTips/tabid/63/articleType/ArticleView/articleId/2316/v10--Remote-Authorization-via-TACACS43.aspx 
Shishir_84445Hi Chris,
Yes I read the article written by you and that document is awesome. But I am little confused about the privilege levels on TACACS. This may be because I dont have much knowledge in TACACS. Anyways, let me put this way, is it possible to give one particular user a "Admin" access on few devices and Guest access on other device using the config you mentioned in the article?
Appreciate your help.
Shishir
hoolioCirrostratus
If I understand the article, you should be able to customize the remoterole definitions on each LTM unit so that you can have a remote user set for admin access on one set of LTM units and as readonly on another set of units. You'd potentially want to configure separate groups on the TACACS server per LTM if you want separate mappings per unit.
Aaron
