ISE - F5 Group based authentication - Access Control Issue

Hi I use to have local authentication on all BIG IP devices and now I have changed it TACACS authentication. I have created two group in ISE one is for Admin users and second is for Guest users.

 

When I changed to tacacs authentication I selected user role as administrator in "External Users" section, so now whenever I log in I log in as an administrator.

 

I configured "Remote Role groups" and there I have created a role for Guest user, so that whenever I login via Guest credential I should login as a Guest user, but after configuring it, I am still logging in as an administrator. Here how I have configured the Guest user role:

 

Group Name: Guest-Users (Same as in ISE) Line Order: 1 Attribute String: F5-LTM-User-Info-1=Guest-Users (I am not sure if it is correct) Remote access: Enabled Assigned Role: Guest Partition access: All Terminal Access: Disabled

 

In User Authentication, the config are as follows

 

User Directory: Remote - TACACS+ Servers: 10.x.x.x Encryption: Enabled Service name: ppp Protocol name: ip Authentication: Authenticate to the first server Accounting informantion: Send to first available server Debug: Disabled

 

External user: Administrator Terminal : tmsh

 

I am currently user version 11.6.0

 

Please let me for any other info and what I am doing is not correct ?

 

Thanks