Forum Discussion
NimbostratusBig IP LTM 11.5.1 integration with Cisco ACS 5.3
Hi team,
I tried to integrate BIG IP with Cisco ACS with Following configuration, but no luck.
F5
auth tacacs system-auth {
protocol IP
secret *********
servers { 1.1.1.1 }
service PPP}
auth remote-role {
role-info {
admin2 {
attribute F5-LTM-User-Info-1=adm
console tmsh
line-order 20
role administrator
user-partition All
}
}}
Codeon ACS i have added this attribute in shell command
F5-LTM-User-Info-1=adm
but tacacs is through error message as like below selected Shell Profile is DenyAccess
we appreciate your valuable response.
3 Replies
- boneyard
MVP
searching for that message seems to indicate something is wrong on your ACS side
https://supportforums.cisco.com/discussion/11503271/selected-shell-profile-denyaccess
i would try with cisco first.
EcesureshkumarWe have policy in Cisco ACS for F5 access with the shell profile, but we are not seeing any hit on that policy because of shell profile not matching and hitting the cleanup rule. so we need to look on F5. Please correct me if my understanding is wrong.
I would like to know any more setting required in F5 for tacacs other than the configurations i pasted.
- boneyard
my knowledge of ACS is limited, but i would expect that in principle an error like this is caused because you hit the wrong rule / policy / ... on the ACS and that is caused by the ACS config.
perhaps this SOL can help you further: http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15596.html
else you can also just contact support.
