Aug 27

Using TACACS+ on an F5 BIG-IP

One of the first things I configured on the F5 BIG-IP was TACACS+. As the first step of getting the load balancer setup, it was my first configuration failure. I had the unit racked in the data center and I configured the management IP address information by using the front panel on the chassis. By use of the management port, I connected the BIG-IP to the network so I could manage it. No other cables were connected



After spending hours trying to get TACACS+ to work, I moved on to other parts of the configuration. After completing the VLAN’s and Self IP’s I got the cables connected to the network for the data connectivity. After I did this I went back to troubleshooting the TACACS+ configuration.

I found that the BIG-IP was using the data VLAN and self IP to communicate with the TACACS+ server instead of the management port IP address. After setting up the Self IP address in the TACACS+ server, it started working. This was on a BIG-IP not using Partitions and Route Groups.

When the BIG-IP is configured for Partitions and Route Groups, it does use the Management port as the source when communicating with TACACS+.

I found this to be difficult to figure out, there was little documentation.

Have any of you run into similar issues with your BIG-IP?

I hope this helps you setup TACACS+ on your BIG-IP.
If you enjoyed this article, please consider sharing it!