Forum Discussion

kev_245_28249's avatar
Icon for Nimbostratus rankNimbostratus
Apr 15, 2014

tacacs attibute value pair settings for remote role attributes

Hi, I've read Sol8811 and sol8808 and articles


on ACS 4.2 - i got auth working via the following: create a 'new service' on the Interface Configuration>Tacacs+(Cisco IOS)>New Services. I created a new service called 'F5_extras' with protocol 'IP'. This enables the new setting to appear in my existing Group (which contains many different vendor equipment). In the Group setting I can assign PPP IP via 'custom attributes' window: service=PPP protocol=IP Obviously set your F5_extras in your LTM tacacs configuration.


(NOTE: ip assignment of dialup was not required for me - its mentioned a in a forum).


For REMOTE ROLES how to I configure the ACS for the attributes? eg, mentioned on the dev central forum a user applied these attributes to the ACS device: F5-LTM-Host=4500ltm1 F5-LTM-User-Role=administrator F5-LTM-User-Partition=Common F5-LTM-User-Console=tmsh


From Cisco site the Attribute values eg's are: eg's •acl=












  • I believe the attribute within ACS needs to be populated under the group configuration, shell profiles section. There's a pane for attributes and it should be populated with the same attribute as you put in the corresponding remote role within the BIG-IP.


    For example, our attribute for administrators is F5-LTM-User-Role-1=adm. This goes in the custom attributes under the shell profile section of ACS as well as your remote role configuration as the attribute string.