Forum Discussion
LPL
Oct 02, 2017Nimbostratus
Hi,
I am also interested. In a (very good) document (Cisco wrote in collaboration with F5), it is stated: "F5 BIG-IP LTMs have the ability to treat a failed authentication (RADIUS Access-Reject) as a valid response to the RADIUS health monitor. The fact that ISE is able to provide a response indicates that the service is running."
Later in the document:
"General guidance is to use the ISE Internal User database account with different password to force Access-Reject."
Is this default behavior of F5 to mark as up a server with Access-reject response or should we tweak it?
The document name is "How-To-95-Cisco_and_F5_Deployment_Guide-ISE_Load_Balancing_Using_BIG-IP.pdf"
Thanks!