Forum Discussion
Sleiman
Altostratus
AltostratusF5 Read Only In ISE with TACACS
Hello, can someone assist in setting up ISE to authorize users login in to the F5 LB with a read only account?
DRJ
Altocumulus
AltocumulusI've used AD group membership for this, but I'm guessing you already have admin auth working?
On the F5, create your F5 Remote Role Group (specify attribute string eg: F5-LTM-User-Info-1=monitoring) and the required Assigned Role level.
In ISE, add a rule in the Auth policy in the relevant Device Admin Policy Set. Match the device/AD user group, create your command set/shell profile as needed (create and match custom attribute to attribute string created for F5 Remote Role Group).
If I recall correctly I think that's pretty much all that's needed, but I could be forgetting something.
