F5 Health Monitors - Tacacs and Cluster membership
06-06-2019 01:25 PM
I have a CPPM cluster for RADIUS and TACACS. I have different F5 Virtuals for each port/pool and I wanted to put port specific health monitors for each. Does anyone know how to monitor these members for TACACS? I see the RADIUS options in the LTM and that is setup, but for the life of me, I can't find a TACSACS option. Even the F5 to CP guide only lists radius, but if the node stops taking TACACS queries for any reason, I would like it moved from the pool. I know I could just to ICMP or TCP-443 or something, any I may if I cannot find a viable answer, but does anyone know how to complete this task of TACACS health monitor checks against a CP member?
Additonally I have had a issue with nodes decoming unreachable from the cluster and I would like to monitor that status so instead I doing a search and being told 1 member is down so I cannot search all members, I would like proactive health checks to RADIUS queries for my wifi don't to the bad node and cause issues. The fact that the members fail is a different issue, related to ESXi problem so that is beside the point. I cannot find out what ports specifically to monitor. For example, when Cisco Prime nodes are in a cluster, there are specific ports only used for the cluster I can monitor. I know that HTTPS, RADIUS, and others are listed to open on a FW, but peer traffic might not be listed becuase they are intened to not be that far apart and also sometime documents lie, or at least omit details. So do the CPPM members have unqiue peer or group ports I can target?
Thank so much