NimbostratusNew to f5 and we have new Viprion 2400's going in soon. There arent any Virtual servers yet and need to create one just for tacacs. Is this advisable? I dont know if this is the way to go about this or not...
NacreousYou can create a virtual server on the F5 for TACACS, however if this is the IP used for the F5 itself to auth users via the mgmt or self IP interfaces (with SSH/SSL enabled), you just need to consider - am I happy using root password if TMM dies (as that's the only way you'll be able to logon)?
NimbostratusI was reading a document apparently that was to be used to authenticate traffic in and out of the F5. I needed to look at SOL8811.
So I went through the config steps but I cant tell if the F5 is sending the request to my ACS4 Sever. I can ping the ACS server from F5 I just dont see any logging happening on eiother side. Is there a way to debug the TACACs process on the F5?
thanks!
NacreousWhat version are you using? Are you targeting a virtual server with the ACS behind it, or are you going direct to the ACS?
Try a tcpdump;
tcpdump -i0.0 -s0 -XX host and port 49
That will show you if the F5 is sending any packets, whether there are any coming back, and which interface they are going out, which should help you work out what's going on. Let us know what you find.
NimbostratusThanks for the replies- I got it figured out. Was pretty simple but I was thinking it was more complicated- The ACS is in the clear and it was a matter of the ACS Group settings. thanks again.