For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

DineshVM_265886's avatar
DineshVM_265886
Icon for Altostratus rankAltostratus
Feb 09, 2017

RFE 445480 - Radius Monitor should mark member up even with Access-Reject

RFE 445480 - Radius Monitor should mark member up even with Access-Reject - Was this request approved. Looking for a solution for this request.  
application delivery
LTM
LPL's avatar
LPL
Icon for Nimbostratus rankNimbostratus
Oct 02, 2017

Hi,

 

I am also interested. In a (very good) document (Cisco wrote in collaboration with F5), it is stated: "F5 BIG-IP LTMs have the ability to treat a failed authentication (RADIUS Access-Reject) as a valid response to the RADIUS health monitor. The fact that ISE is able to provide a response indicates that the service is running."

 

Later in the document:

 

"General guidance is to use the ISE Internal User database account with different password to force Access-Reject."

 

Is this default behavior of F5 to mark as up a server with Access-reject response or should we tweak it?

 

The document name is "How-To-95-Cisco_and_F5_Deployment_Guide-ISE_Load_Balancing_Using_BIG-IP.pdf"

 

Thanks!