Routing on F5 via mngt interface

If you configure your LTM F5 device to use TACACS authentication you must configure the routing properly.

F5 uses management interface for TACACS services. Let’s assume that your management interface IP is and TACACS IP address is Below is a snippet how to configure F5 correctly.

[root@BIG-IP-TEST-1:Active:Standalone] config # // Create route
[root@BIG-IP-TEST-1:Active:Standalone] config # tmsh create sys management-route gateway
[root@BIG-IP-TEST-1:Active:Standalone] config # // Verify route
[root@BIG-IP-TEST-1:Active:Standalone] config # tmsh list /sys management-route
sys management-route {
[root@BIG-IP-TEST-1:Active:Standalone] config # // Delete route if you make a mistake
[root@BIG-IP-TEST-1:Active:Standalone] config # tmsh delete sys management-route
[root@BIG-IP-TEST-1:Active:Standalone] config # // Verify it again
[root@BIG-IP-TEST-1:Active:Standalone] config # tmsh list /sys management-route
[root@BIG-IP-TEST-1:Active:Standalone] config #

Note that you won’t see this route on GUI (if you go to Network -> Routes):

F5 Routing (GUI)

Leave a Reply

Your email address will not be published. Required fields are marked *