F5OS support for TACACS+ over CLI

jdclay · ‎10-May-2023

We ran into issues deploying rSeries and VELOS platforms on the network at our company using a custom form of TACACS+. Our implementation allows for application-specific domains with unique ports and keys.

We had issues with it until we added the attribute value pairs to the TACACS+ domain profiles:

Admin (unlimited_config):

F5-F5OS-UID=1001

F5-F5OS-GID=9000

Operator (unlimited_enable):

F5-F5OS-UID=1001

F5-F5OS-GID=9001

This change resolved the access issues via GUI and we are able to access using our TACACS+ credentials, but it does NOT work via CLI for access using the same credentials. We already have a case out to F5 about this, but I was wondering if anyone else is experiencing the same implementation challenge on accessing CLI using TACACS+.

JRahm · ‎10-May-2023

Hi @jdclay thanks for the share. I don't have help for you on this but am interested in the outcome...

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
https://twitter.com/jasonrahm
https://www.youtube.com/devcentral

Leslie_Hubertus · ‎16-May-2023

@jdclay - FYI I'm featuring your post in today's Community Highlights article to boost visibility for you.

Andy-didnt-like-uucp · ‎31-Aug-2023

did u already leverage this?
[F5OS] Unable to use TACACS authentication

JRahm · ‎05-Sep-2023

@jdclay could you confirm if this is still a problem with the additional info provided in that solution @Andy-didnt-like-uucp linked?

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
https://twitter.com/jasonrahm
https://www.youtube.com/devcentral

DevCentral

F5OS support for TACACS+ over CLI

Register For AppWorld 2024

F5 Receives Six Trust Radius
Best of 2023 Awards

F5 XC WAF

F5 BIG-IP

DevCentral

F5OS support for TACACS+ over CLI

Register For AppWorld 2024

F5 Receives Six Trust Radius Best of 2023 Awards

F5 XC WAF

F5 BIG-IP

F5 Receives Six Trust Radius
Best of 2023 Awards