For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Icon for Cirrocumulus rank

Cirrocumulus

Sep 23, 2021

F5 log: TACACS errors - wrong session ID in response

I've opened a TACACS error log msg issue with F5 support. What's appearing in the big ip log (on a standalone 2200, as well as other big ips I have) is a string of messages about an incorrect/unexpected session ID in TACACS responses to queries. A Wireshark capture shows the same session ID in both the query and the response which I would think is correct, however some other ID is expected in the response (as shown below).

Is anyone familiar enough with big ip <=> TACACS query/responses to say what is normal here?

Note: the 271229252 ID below is the one seen in both the query and response in Wireshark:

application delivery

No RepliesBe the first to reply

Security Best Practices for F5 Products

Technical Articles

F5 AppWorld 2026 Registration - early bird pricing.

DevCentral News

Kostas Injeyan - October 2025 Featured Member

DevCentral News

featured member

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5