Last Modified: Jun 30, 2026
Affected Product(s):
F5OS F5OS-A, F5OS-C
Known Affected Versions:
F5OS-A 1.8.4
Opened: Jun 10, 2026 Severity: 3-Major
Attempting to downgrade from F5OS v2.0 to any older versions of F5OS-A or F5OS-C will fails with the following error: "Cannot downgrade to a version that does not support AES-encrypted RADIUS or TACACS server group secret keys. Please remove all RADIUS and TACACS server group secret keys and retry."
Downgrade is blocked until all RADIUS and TACACS server-group secret keys are manually removed.
1. RADIUS or TACACS+ server-group secret keys are configured in versions less than F5OS v2.0. 2. Upgrade to F5OS v2.0 (all build numbers) on F5 rSeries and VELOS Chassis. 3. Attempting to downgrade to any older versions of F5OS-A or F5OS-C.
Before downgrading, manually remove all RADIUS and TACACS+ server group configurations. After the downgrade is complete, reconfigure these settings as needed. Please note that once the RADIUS and TACACS+ server group configurations are removed, remote authentication will be unavailable. Administrators must use local accounts during and after the downgrade to restore RADIUS and TACACS+ server groups and secrets. Step-by-step instructions for efficient restoration of RADIUS and TACACS+ server group configurations: 1. Perform a configuration backup before upgrading to the F5OS v2.0. 2. Upgrade to F5OS v2.0 version. 3. Before downgrading, remove the RADIUS and TACACS+ server group configurations, then proceed with the downgrade. 4. After successful downgrade, restore the configuration. 5. Reboot the system.
None