For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Robert_Aarons_7's avatar
Robert_Aarons_7
Icon for Nimbostratus rankNimbostratus
Sep 20, 2011

Force radius requests from management interface

Running LTM 10.2.1, attempting to set up login authentication to a Radius server. I want the Radius server, which is on 10.240.5.20, to receive the requests from the management interface, however it seems to be fairly random whether the requests are sourced from this or the F5-INTERNAL-DMZ interface. (In fact, I don't mind which interface the requests are sourced from, as long as it is consistent).

 

 

The LTM doesn't seem to respect the route to 10.0.0.0/8 from its F5-INTERNAL-DMZ interface. What do I need to do to get some consistency?

 

 

 

The interface addresses and route table are below. Any help gratefully received.

 

 

 

[root@CLFR1_FR3-LBA:Active] config ifconfig -a

 

F5-EXTERNAL-DMZ Link encap:Ethernet HWaddr 00:01:D7:DC:5F:43

 

inet addr:172.16.205.3 Bcast:172.16.205.255 Mask:255.255.255.0

 

...

 

 

 

F5-FAILOVER Link encap:Ethernet HWaddr 00:01:D7:DC:5F:45

 

inet addr:172.16.207.3 Bcast:172.16.207.255 Mask:255.255.255.0

 

...

 

 

 

F5-INTERNAL-DMZ Link encap:Ethernet HWaddr 00:01:D7:DC:5F:44

 

inet addr:172.16.206.3 Bcast:172.16.206.255 Mask:255.255.255.0

 

...

 

 

 

eth0:mgmt Link encap:Ethernet HWaddr 00:01:D7:DC:5F:41

 

inet addr:10.240.6.11 Bcast:10.240.6.255 Mask:255.255.255.0

 

...

 

 

 

[root@CLFR1_FR3-LBA:Active] config netstat -rn

 

Kernel IP routing table

 

Destination Gateway Genmask Flags MSS Window irtt Iface

 

127.1.1.0 0.0.0.0 255.255.255.0 U 0 0 0 tmm0

 

192.35.172.0 172.16.206.1 255.255.255.0 UG 0 0 0 F5-INTERNAL-DMZ

 

127.2.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0.1

 

172.16.205.0 0.0.0.0 255.255.255.0 U 0 0 0 F5-EXTERNAL-DMZ

 

172.16.206.0 0.0.0.0 255.255.255.0 U 0 0 0 F5-INTERNAL-DMZ

 

10.240.6.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0

 

172.16.207.0 0.0.0.0 255.255.255.0 U 0 0 0 F5-FAILOVER

 

164.11.0.0 172.16.206.1 255.255.0.0 UG 0 0 0 F5-INTERNAL-DMZ

 

192.168.0.0 172.16.206.1 255.255.0.0 UG 0 0 0 F5-INTERNAL-DMZ

 

172.16.0.0 172.16.206.1 255.240.0.0 UG 0 0 0 F5-INTERNAL-DMZ

 

10.0.0.0 172.16.206.1 255.0.0.0 UG 0 0 0 F5-INTERNAL-DMZ

 

0.0.0.0 172.16.205.1 0.0.0.0 UG 0 0 0 F5-EXTERNAL-DMZ

 

0.0.0.0 10.240.6.1 0.0.0.0 UG 0 0 0 eth0

 

[root@CLFR1_FR3-LBA:Active] config

 

 

 

 

 

config
design

4 Replies

  • Mark_Cloutier's avatar
    Mark_Cloutier
    Icon for Nimbostratus rankNimbostratus
    Sep 20, 2011
    you will need a b mgmt route statement to send triaffic to the radius server. for example:

     

     

    b mgmt route 10.240.5.20 netmask 255.255.255.255 gateway 10.240.6.1

     

     

  • Mark_Cloutier's avatar
    Mark_Cloutier
    Icon for Nimbostratus rankNimbostratus
    Sep 20, 2011
    you will need a b mgmt route statement to send triaffic to the radius server. for example:

     

     

    b mgmt route 10.240.5.20 netmask 255.255.255.255 gateway 10.240.6.1

     

     

  • Andrea_Arquint's avatar
    Andrea_Arquint
    Icon for Nimbostratus rankNimbostratus
    Oct 11, 2011
    Hi Rob

     

     

    I'm trying as well to authenticate users via radius.

     

    I use windows radius server and I'm not really familiar with radius.

     

    Could you help me please?

     

     

    Or what kind of radius server do you use?

     

     

     

    Best regards

     

    bb