BIG-IP RADIUS Login Authentication Checklist

Our network BIG-IP suddenly had login problems after a firmware upgrade. I'd confirm at a later date (i.e., after upgrade of another F5 BIG-IP) if an upgrade indeed causes a authentication problems. The good thing is that the local root password was not affected. Anyway, here are some points to consider when troubleshooting remote RADIUS login authentication on BIG-IP via CLI (and some UNIX/Linux servers).

REQUIRED INFORMATION:
- RADIUS server IP address(es)
- RADIUS server port (default is TCP 1812)
- RADIUS server secret key


BIG-IPv4 Checklist:

• RADIUS server IP address and TCP port is configured in /etc/login.conf.
  
    radius-defaults:auth=radius,bploc,passwd:\
       :radius-server=10.10.10.10:\
       :radius-port=1812:\
       :radius-server-alt=10.10.20.10:\
       :radius-port-alt=1812:
  
  
• RADIUS server IP address and secret key is configured in /etc/raddb/servers.
  
    MyBIGIP:~# cat /etc/raddb/servers
    10.10.10.10 myKey123
    10.10.20.10 myKey123
    MyBIGIP:~#

BIG-IPv9 Checklist:

• RADIUS server IP address, port, and secret key are in /etc/raddb/server.
  
    MyBIGIPv9:~# cat /etc/raddb/server
    10.10.10.10:1812 myKey123 3
    10.10.20.10:1812 myKey123 3
    MyBIGIPv9:~#
  
  
• RADIUS server IP address and secret key are defined in the /config/bigip.conf under the radius server sections.
  
  radius server system_auth_name1 {
     server "10.10.10.10"
     secret "myKey123"
  }
  radius server system_auth_name2 {
     server "10.10.20.10"
     secret "myKey123"
  }
  auth radius system-auth {
     server system_auth_name1 system_auth_name2
  }
  
  You can opt to modify this file via the GUI, in System > Users > Authentication.