Forum Discussion

Shishir_84445's avatar
Shishir_84445
Icon for Nimbostratus rankNimbostratus
Jan 31, 2011

BIG Ip and TACACS

Hello,

 

Forgive me if this is newbie question. I never worked with TACACS before.

 

I am setting up TACACS with BIG IP for Admin User Authentication. I want to know if I have to put config for privilege levels on TACACS server correlated to access levels on BIG IP? I mean do I have to mention on TACACS about what will be correlated privilege access level on TACACS with BIG IP? like privilege 15 --> "Admin" on BIG IP

 

privilege 1--> "Guest" on BIG IP

 

 

Thanks.

 

 

Shishir

 

config
design

3 Replies

Sort By
  • Chris_Miller's avatar
    Chris_Miller
    Icon for Altostratus rankAltostratus
    Jan 31, 2011
    Have you read the article below?

     

     

    http://devcentral.f5.com/Tutorials/TechTips/tabid/63/articleType/ArticleView/articleId/2316/v10--Remote-Authorization-via-TACACS43.aspx

     

     

  • Shishir_84445's avatar
    Shishir_84445
    Icon for Nimbostratus rankNimbostratus
    Jan 31, 2011
    Hi Chris,

     

    Yes I read the article written by you and that document is awesome. But I am little confused about the privilege levels on TACACS. This may be because I dont have much knowledge in TACACS. Anyways, let me put this way, is it possible to give one particular user a "Admin" access on few devices and Guest access on other device using the config you mentioned in the article?

     

    Appreciate your help.

     

     

    Shishir
  • hoolio's avatar
    hoolio
    Icon for Cirrostratus rankCirrostratus
    Feb 01, 2011
    If I understand the article, you should be able to customize the remoterole definitions on each LTM unit so that you can have a remote user set for admin access on one set of LTM units and as readonly on another set of units. You'd potentially want to configure separate groups on the TACACS server per LTM if you want separate mappings per unit.

     

     

    Aaron