cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
7422
Views
5
Helpful
10
Replies

Adding F5 in Cisco ISE TACACS server

Junyx sen
Level 1
Level 1

Hi, All

 

Planning to implement TACACS on our F5, the requirments is to add an F5 attributes in both F5 and ISE.

Is there anyone who can advised where should I add the attribute in cisco ISE? or is there a document about it? We already have an existing TACACS policy for our network devices such as switch and ASA using the ISE as TACACS server. I just need to add the F5 but not yet quite sure the approach on where to set the attributes in cisco ISE.

 

 

Thank you all.

Junyx

1 Accepted Solution

Accepted Solutions

This article linked below is written for ACS and covers integration of several third party devices (although not any F5 appliances) into your TACACS server. The process is very similar with ISE Device Administration.

 

https://www.cisco.com/c/en/us/support/docs/security/secure-access-control-system/115926-tacacs-radius-devices-00.html

 

Here's the screen in ISE 2.3 Device Administration for adding a custom TACACS Shell profile:

 

ISE TACACS Shell Profile.PNG

View solution in original post

10 Replies 10

walwar
Level 1
Level 1

Check this, it might help though I haven't tested it myself, good luck and please let us know how it goes as I am interested in it.

http://finkotek.com/f5-radius-authentication-with-cisco-ise/

Hi, Walwar

Thanks for the link. Was able to check that link when I was doing my search but apparently its using radius. I'm working with F5 team and probably will open a case with cisco and seek support how to make this work. I will share the info later on.

Thanks

This article linked below is written for ACS and covers integration of several third party devices (although not any F5 appliances) into your TACACS server. The process is very similar with ISE Device Administration.

 

https://www.cisco.com/c/en/us/support/docs/security/secure-access-control-system/115926-tacacs-radius-devices-00.html

 

Here's the screen in ISE 2.3 Device Administration for adding a custom TACACS Shell profile:

 

ISE TACACS Shell Profile.PNG

Thanks Marvin!

 

Our Cisco ISE is integrated to our AD. But apparently TACACS is working although we still need to specify the list of users in the F5 " User List"

 

Regards

HI Junyx,
How did you fix it, I have the same issue and I am using ISE2.3/F5 13.x.x
Please Advise.
Thank you.

Regards,
Vimal.

HI Junyx,
How did you fix it, I have the same issue and I am using ISE2.3/F5 13.x.x
Please Advise.
Thank you.

Regards,
Vimal.

We still specify the F5 " User List".

Thanks.

Hi , I'm having the same issue . I'm not sure if follow your solution. Do we need something extra in the F5?

Hi, ANDv

 

 

Need to create remote role groups and we added the user list manually on the F5.

 

Systems>Users:Remote Role Groups.

Attribute string must be the same in the cisco ise and f5.

 

Regards

doest work for me, i have added all steps as mentioned still when i try to login with my ad id and password is says authentication failed and in ise tacas logs it gives TACACS: Invalid TACACS+ request packet - possibly mismatched Shared Secrets

I know I am using correct secret in both ISE and F5.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: