F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

XINGYU_99486's avatar
XINGYU_99486
Icon for Nimbostratus rankNimbostratus
May 22, 2014

How to configure TACACS+ on Cisco ACS 5.3 for authenticating administrative users on LTM 11.2.0?

Hello,   I was desperate to get the Tacacs+ working on Cisco ACS for LTM 11.2.0. However I was not be able to find a direct answer.   There is my configuration on LTM ->System -> Users -> Auth...
application delivery
cisco
LTM
management
security
Cory_50405's avatar
Cory_50405
Icon for Noctilucent rankNoctilucent
May 22, 2014

Sure. Here's our remote role config for our administrator role:

auth remote-role {
    role-info {
        /Common/GW_Administrator {
            attribute F5-LTM-User-Info-1=adm
            console tmsh
            line-order 1
            role administrator
            user-partition all
        }

Your TACACS+ server config should look something like this:

auth tacacs /Common/system-auth {
    protocol ip
    secret ******
    servers { 10.1.1.1 10.1.1.2 }
    service ppp
}

The ACS group that you wish to have administrator access will need to be assigned that shell profile you created in ACS. But the ACS group name will have to match verbatim what the remote role name is (in our case, it's GW_Administrator).