Forum Discussion

newf5learner's avatar
newf5learner
Icon for Nimbostratus rankNimbostratus
Sep 01, 2016

F5 remote authentication - RADIUS configuration

Hi,

I'm trying to configure RADIUS authentication on the F5s, but its not working though.

I have used a single Radius server and F5 self-ip address is added in the list of Radius clients on the Radius server. I took a packet capture and see that radius authentications packets are triggering from Management interface rather than the TMM - self-IPs. As per document - 201 exam study guide– TMOS Administration @ Objective - 4.04 

 Note: The BIG-IP system normally routes remote authentication traffic through a Traffic Management
Microkernel (TMM) switch interface (that is, an interface associated with a VLAN and a self-IP address),
rather than through the management interface. Therefore, if the TMM service has been stopped for any
reason, remote authentication is not available until the service is running again.

could you please clarify on this. thanks again.

application delivery
LTM
TMOS

3 Replies

Sort By
  • benmgood36's avatar
    benmgood36
    Icon for Nimbostratus rankNimbostratus
    Sep 01, 2016

    If you have management traffic that isn't on the same subnet as the Big-IP management interface, it will typically not use the management default route to get there - it will use a route as defined in the data path of the system (something under list ltm route, or Network, Routes in the GUI).

     

    For things you want to force to go out the management interface, you can use the create sys management-route command in tmsh.

     

    Is your RADIUS server on the same subnet as the management interface? I think there are some exceptions to the rule about not using the default gateway of the management interface, and RADIUS could be one of those.

     

  • newf5learner's avatar
    newf5learner
    Icon for Nimbostratus rankNimbostratus
    Sep 02, 2016

    HI.. management interface and Radius servers are on different different networks. 

    list /ltm auth
ltm auth radius-server system_auth_name1 {
    secret $M$Gg$SAulyDbDoQqv4efJhKkorw==
    server 10.20.64.39
}

sys management-route default {
    gateway 10.25.60.1
    network default
  • KeesvandenBos's avatar
    KeesvandenBos
    Icon for MVP rankMVP
    Sep 02, 2016

    Is the radius server configured with "use pool" or "direct"? If "use pool" is selected traffic is routed via TMM, "direct" is routed via the mgmt interface.