Fallout1984
Sep 23, 2021Cirrocumulus
F5 log: TACACS errors - wrong session ID in response
I've opened a TACACS error log msg issue with F5 support. What's appearing in the big ip log (on a standalone 2200, as well as other big ips I have) is a string of messages about an incorrect/unexpected session ID in TACACS responses to queries. A Wireshark capture shows the same session ID in both the query and the response which I would think is correct, however some other ID is expected in the response (as shown below).
Is anyone familiar enough with big ip <=> TACACS query/responses to say what is normal here?
Note: the 271229252 ID below is the one seen in both the query and response in Wireshark: