Forum Discussion

Sleiman

Altostratus

6 years ago

F5 Read Only In ISE with TACACS

Hello, can someone assist in setting up ISE to authorize users login in to the F5 LB with a read only account?

big-ip

security

DRJ

Altocumulus

6 years ago

I've used AD group membership for this, but I'm guessing you already have admin auth working?

On the F5, create your F5 Remote Role Group (specify attribute string eg: F5-LTM-User-Info-1=monitoring) and the required Assigned Role level.

In ISE, add a rule in the Auth policy in the relevant Device Admin Policy Set. Match the device/AD user group, create your command set/shell profile as needed (create and match custom attribute to attribute string created for F5 Remote Role Group).

If I recall correctly I think that's pretty much all that's needed, but I could be forgetting something.

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

F5 Read Only In ISE with TACACS

AppWorld Berlin iRules Contest!

F5 AppWorld 2026 Las Vegas - iRules Contest Winners!

Recent Discussions

VIP control across data centers - how to ensure only 1 VIP is up at a time?

FQDN Node Configuration

Logical Disk Full to Migrate rSeries

Priority Group Activation is not working

Changes to DO and AS3 GitHub - no longer monitored

Related Content

F5 402 Exam reading list and notes

TACACS+ External Monitor (Python)

How To Read An F5 Security Advisory

TACACS+ Remote Role Configuration for BIG-IP

TACACS issue

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS