Forum Discussion
Making a default route is breaking my management auth
Hello,
I have TACACS configured for Configuration Utility/GUI access and it works.
My problem is, when i make a default route on the box network > routes:
source: 0.0.0.0
dest: 0.0.0.0
gateway: (gateway ip of my internal vlan, not same as my management network)
This kills my boxes authentication with TACACS on the management side. Shouldn't the F5 reach out to TACACS on its management interface?
Resolved my issue. I made management-routes but that wasn't populating in the kernel route table (route -n from bash)
so i added the routes to my TACACs
route add -net [network] netmask [mask] gw [gateway] metric 4096
and that seems to have worked.
- FrontmanFinAltostratus
Resolved my issue. I made management-routes but that wasn't populating in the kernel route table (route -n from bash)
so i added the routes to my TACACs
route add -net [network] netmask [mask] gw [gateway] metric 4096
and that seems to have worked.
FrontmanFin You might consider figuring out why the routes aren't being added to the kernel route table rather than manually adding them. A lot of times OS level changes do not carry over after upgrades and you could encounter an issue when you perform one because of this.
FrontmanFin In order to assist you further please provide the routing table for the F5, the output of the following command when in bash, and the destination for the TACACS server/s.
route -n
- CeinarFEmployee
Hello,
as specified in https://my.f5.com/manage/s/article/K28172750 if you need to use the management interface to communicate with the remote authentication server outside management subnet, then you must add a static management route that is more specific than any TMM routes to this server.
To add a management route just follow article https://my.f5.com/manage/s/article/K13284
tmsh create /sys management-route <name> network <destination network>/<netmask> gateway <management gateway
tmsh save /sys config
BR
- FrontmanFinAltostratus
interesting (cant copy and paste the config but ill elaborate)
I did make management routes and it didnt work. I compared this to one of the correctly working F5s and im noticing that all the management routes for the working box show up in the routing table in route -rn with the Iface being mgmt.
but in my broken box, thats not to case, the Kernel IP routing table doesn't show the mgmt routes i created at all.
Is there something I need to do to update the Kernel IP routing table?
- CeinarFEmployee
FrontmanFin creating and saving a management route via tmsh must create an entry in the netstat -nr routing table.
If this is not going to happen it should be related to a problem in the BIG-IP instance, so I don't think you have solved the "real" problem.
BR
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com