Creating a Vs for just tacacs

You can create a virtual server on the F5 for TACACS, however if this is the IP used for the F5 itself to auth users via the mgmt or self IP interfaces (with SSH/SSL enabled), you just need to consider - am I happy using root password if TMM dies (as that's the only way you'll be able to logon)?

I was reading a document apparently that was to be used to authenticate traffic in and out of the F5. I needed to look at SOL8811.

So I went through the config steps but I cant tell if the F5 is sending the request to my ACS4 Sever. I can ping the ACS server from F5 I just dont see any logging happening on eiother side. Is there a way to debug the TACACs process on the F5?

thanks!

What version are you using? Are you targeting a virtual server with the ACS behind it, or are you going direct to the ACS?

Try a tcpdump;

tcpdump -i0.0 -s0 -XX host  and port 49

That will show you if the F5 is sending any packets, whether there are any coming back, and which interface they are going out, which should help you work out what's going on. Let us know what you find.

Thanks for the replies- I got it figured out. Was pretty simple but I was thinking it was more complicated- The ACS is in the clear and it was a matter of the ACS Group settings. thanks again.