Forum Discussion
Mate_132781
Cirrostratus
CirrostratusTACAS not working - No TACACS packets in TCPDUMP
Hi,
I have problem with user authentication over TACACS on BIG-IP 12.0 HF2 (Virtual edition).
I configured TACACS, add host routes for TACACS server over MGMT interface, all according to config g...
Christopher_Noy
Nimbostratus
NimbostratusI'm not sure how far you got with this but it appears that TACACS traffic will not go out the mgmt interface (it is using the client side (vip) interface on my test units). I haven't found any way to force it to use mgmt, assuming it is possible.
Adriano_Bezerra
Altostratus
AltostratusThe management interface is Out-of-band, you can not see it in the graphical interface.
To identify the correct interface, access via SSH and enter the command "ifconfig" in bash, the management is usually ETH0, check and see if the displayed IP is the same as the one used to access the BIG-IP.
The ideal is to leave a capture running while trying to access the BIG-IP via TACACs, to see what are the IPs of the TACACs, with the command "tmsh list auth tacacs"
Example:
root@(bigip-lb01) (cfg-sync Standalone) (Active) (/ Common) (tmos) list auth tacacs
auth tacacs system-auth {
authentication use-all-servers
debug enabled
ip protocol
secret $M$Ju$LSrECPSSDDDDTfb0HDmgJ2Dj50Q ==
servers *{10.1.1.230}*
service ppp
}
Do both captures at the same time.
tcpdump -nni eth0 10.1.1.230 << This for capturing in the management interface
tcpdump -nni 0.0 10.1.1.230 -e << This for capturing at data traffic interfaces
Forward the result after the test.