Forum Discussion
Tacacs+ and F5
Hi all,
I'm hoping someone can help me with z small problem I have.
My F5's are using TACACS for admin authentication, role based access etc and it's working a treat.
My problem is that when the TACACS requests hits the Cisco ACS 5.7 the rem_addr portion of the TACACS request is empty.
Why is this a problem ?, we use service accounts for tools to access the F5's and for compliance reason we need to be able to restrict from where this service account can be used.
So on the ACS application the service account is locked down to only work if the login attempt originates from a specific IP address.
Now as the F5 does not fill in the rem_addr portion of the TACACS request the access is denied.
Does anyone know if there is a way of making the F5 fill in the rem_addr part of the TACACS request ? Or is it simply a case of the F5's not being able to do it ?
The rem_addr is an optional field in the TACACS+ packet so I am wondering if F5 just never bothered with it.
Thanks in advance
Rich
- Ravi_K__MalhotrNimbostratus
i do not have an exact answer for you, but would like you to focus on iRules, may be it can help you.
not really seeing how iRules would help, or you must suggest trying to change the tacacs+ message on tcp level, which is perhaps a bit extreme. but for the question i think support my be the best way to go.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com