Routing on F5 via mngt interface

If you configure your LTM F5 device to use TACACS authentication you must configure the routing properly.

F5 uses management interface for TACACS services. Let’s assume that your management interface IP is 10.1.0.145 and TACACS IP address is 172.16.50.5. Below is a snippet how to configure F5 correctly.

[root@BIG-IP-TEST-1:Active:Standalone] config # // Create route
[root@BIG-IP-TEST-1:Active:Standalone] config # tmsh create sys management-route 172.16.50.5/32 gateway 10.1.0.254
[root@BIG-IP-TEST-1:Active:Standalone] config # // Verify route
[root@BIG-IP-TEST-1:Active:Standalone] config # tmsh list /sys management-route
sys management-route 172.16.50.5/32 {
    gateway 10.1.0.254
    network 172.16.50.5/32
}
[root@BIG-IP-TEST-1:Active:Standalone] config # // Delete route if you make a mistake
[root@BIG-IP-TEST-1:Active:Standalone] config # tmsh delete sys management-route 172.16.50.5/32
[root@BIG-IP-TEST-1:Active:Standalone] config # // Verify it again
[root@BIG-IP-TEST-1:Active:Standalone] config # tmsh list /sys management-route
[root@BIG-IP-TEST-1:Active:Standalone] config #

Note that you won’t see this route on GUI (if you go to Network -> Routes):

F5 Routing (GUI)

Leave a Reply

Your email address will not be published. Required fields are marked *