Forum Discussion
NimbostratusF5 remote authentication - RADIUS configuration
Hi,
I'm trying to configure RADIUS authentication on the F5s, but its not working though.
I have used a single Radius server and F5 self-ip address is added in the list of Radius clients on the Radius server. I took a packet capture and see that radius authentications packets are triggering from Management interface rather than the TMM - self-IPs. As per document - 201 exam study guide– TMOS Administration @ Objective - 4.04
Note: The BIG-IP system normally routes remote authentication traffic through a Traffic Management
Microkernel (TMM) switch interface (that is, an interface associated with a VLAN and a self-IP address),
rather than through the management interface. Therefore, if the TMM service has been stopped for any
reason, remote authentication is not available until the service is running again.
could you please clarify on this. thanks again.
3 Replies
benmgood36If you have management traffic that isn't on the same subnet as the Big-IP management interface, it will typically not use the management default route to get there - it will use a route as defined in the data path of the system (something under list ltm route, or Network, Routes in the GUI).
For things you want to force to go out the management interface, you can use the create sys management-route command in tmsh.
Is your RADIUS server on the same subnet as the management interface? I think there are some exceptions to the rule about not using the default gateway of the management interface, and RADIUS could be one of those.
- newf5learner
HI.. management interface and Radius servers are on different different networks.
list /ltm auth ltm auth radius-server system_auth_name1 { secret $M$Gg$SAulyDbDoQqv4efJhKkorw== server 10.20.64.39 } sys management-route default { gateway 10.25.60.1 network default Is the radius server configured with "use pool" or "direct"? If "use pool" is selected traffic is routed via TMM, "direct" is routed via the mgmt interface.
