For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

BKNwe_10326's avatar
BKNwe_10326
Icon for Nimbostratus rankNimbostratus
Oct 14, 2011

Forward Radius Authentication Request To A URL

The following isn't forwarding the Radius Authentication request to the URL. Does anyone have any idea why it's not working?

 

If a connection from 10.185.186.1 arrives to the F5, on utp port 1812, forward the reqeuest to the URL.

 

 

 

when CLIENT_LINE {

 

if { [IP::addr [IP::client_addr] equals 10.185.186.1] } {

 

set URL ""

 

log local0. "Client redirected, IP: [IP::client_addr]"

 

}

 

}
application delivery
dev
devops
iRules

3 Replies

  • Hamish's avatar
    Hamish
    Icon for Cirrocumulus rankCirrocumulus
    Oct 14, 2011
    UTP? You mean UDP? (RADIUS us usually udp/1812).

     

     

    I think you're a bit confused here...

     

     

    For a start, RADIUS isn't HTTP... So you can't just redirect a UDP packet to an HTTP URL (Which usually implies a TCP connection). If you simply want to direct a particular client to one IP address, then depending on whether that pool member is in the default pool, you could simply select that pool member on the client ip... Or do something else...

     

     

    Post more info on what you're actually trying to do, we might be able to provide some suggestions.

     

     

    H
  • BKNwe_10326's avatar
    BKNwe_10326
    Icon for Nimbostratus rankNimbostratus
    Oct 15, 2011
    Actually I have two issues. But, here I'm concerned about the Irule:

     

     

    1. Irule: An external device is authenticating via Raduis UDP to our primary site. But, we also need it to authenticate to our secondary site. If I put in the URL (on the internal GTM, that will has both of the radius virtual servers), the device automatically picks up the primary virtual server - the device won't allow me to input the URL on the GTM. Maybe using this URL isn't possible, since I'm using radius UDP?Since both radius devices are at different sites, I can't use a pool member. It looks like I have to use the GTM/Irule?

     

    Do you know if this is possible with an irule? Maybe I'm wasting my time.......

     

     

    2. Issue 2 is that I need to configure a virtual server with UDP radius.

     

     

    Thanks
  • BKNwe_10326's avatar
    BKNwe_10326
    Icon for Nimbostratus rankNimbostratus
    Oct 15, 2011
    Actually I have two issues. But, here I'm concerned about the Irule:

     

     

    1. Irule: An external device is authenticating via Raduis UDP to our primary site. But, we also need it to authenticate to our secondary site. If I put in the URL (on the internal GTM, that will has both of the radius virtual servers), the device automatically picks up the primary virtual server - the device won't allow me to input the URL on the GTM. Maybe using this URL isn't possible, since I'm using radius UDP?Since both radius devices are at different sites, I can't use a pool member. It looks like I have to use the GTM/Irule?

     

    Do you know if this is possible with an irule? Maybe I'm wasting my time.......

     

     

    2. Issue 2 is that I need to configure a virtual server with UDP radius.

     

     

    Thanks