ISE - F5 Group based authentication - Access Control Issue
Hi I use to have local authentication on all BIG IP devices and now I have changed it TACACS authentication. I have created two group in ISE one is for Admin users and second is for Guest users.
When I changed to tacacs authentication I selected user role as administrator in "External Users" section, so now whenever I log in I log in as an administrator.
I configured "Remote Role groups" and there I have created a role for Guest user, so that whenever I login via Guest credential I should login as a Guest user, but after configuring it, I am still logging in as an administrator. Here how I have configured the Guest user role:
Group Name: Guest-Users (Same as in ISE) Line Order: 1 Attribute String: F5-LTM-User-Info-1=Guest-Users (I am not sure if it is correct) Remote access: Enabled Assigned Role: Guest Partition access: All Terminal Access: Disabled
In User Authentication, the config are as follows
User Directory: Remote - TACACS+ Servers: 10.x.x.x Encryption: Enabled Service name: ppp Protocol name: ip Authentication: Authenticate to the first server Accounting informantion: Send to first available server Debug: Disabled
External user: Administrator Terminal : tmsh
I am currently user version 11.6.0
Please let me for any other info and what I am doing is not correct ?
Thanks