To use the command line to achieve the following:
- mgmt ip address: 10.10.10.1, mask /24
- ntp service to pool.ntp.org
- dns for bigip to 8.8.8.8 and 8.8.4.4
- interface 1.1 to vmnet5, interface 1.2 vlan10, interface 1.3 vmnet3
- default route
- test routing to the internet from pc in vmnet3 and vmnet4.
- change default password.
- change hostname to bigip1.cyruslab.net
Change management ip
Login as root to access the command line, and do tmsh. This will bring you to the tmos interface.
From tmos interface /sys management-ip enter the command, then create 10.10.10.1/24 then press enter.
Change hostname
[root@localhost:Active:Standalone] config # tmsh
root@(localhost)(cfg-sync Standalone)(Active)(/Common)(tmos)# /sys global-settings
root@(localhost)(cfg-sync Standalone)(Active)(/Common)(tmos.sys.global-settings)# modify hostname bigip1.cyruslab.net
Configure ntp for bigip
root@(bigip1)(cfg-sync Standalone)(Active)(/Common)(tmos)# /sys ntp
root@(bigip1)(cfg-sync Standalone)(Active)(/Common)(tmos.sys.ntp)# modify timezone Singapore servers add { pool.ntp.org }
root@(bigip1)(cfg-sync Standalone)(Active)(/Common)(tmos.sys.ntp)# /sys dns
root@(bigip1)(cfg-sync Standalone)(Active)(/Common)(tmos.sys.dns)# modify name-servers add { 8.8.8.8 8.8.4.4 }
Until now the mgmt port still cannot get the ntp and dns yet, need to configure a route to the internet on the next section.
Configure vlan10 and route
We need to set up vlan 10 and default route so that the bigip can quickly get the address resolution and time.
root@(bigip1)(cfg-sync Standalone)(Active)(/Common)(tmos)# /net vlan
root@(bigip1)(cfg-sync Standalone)(Active)(/Common)(tmos.net.vlan)# create vlan10 interfaces add { 1.2 } tag 10 description internet
root@(bigip1)(cfg-sync Standalone)(Active)(/Common)(tmos.net.vlan)# /net self
root@(bigip1)(cfg-sync Standalone)(Active)(/Common)(tmos.net.self)# create vlan10 address 172.16.10.5/27 vlan vlan10 allow-service none
root@(bigip1)(cfg-sync Standalone)(Active)(/Common)(tmos.net.self)# /net route
root@(bigip1)(cfg-sync Standalone)(Active)(/Common)(tmos.net.route)# create internet gw 172.16.10.1 network 0.0.0.0/0 description "Default to internet"
root@(bigip1)(cfg-sync Standalone)(Active)(/Common)(tmos.net.route)# /ltm virtual
root@(bigip1)(cfg-sync Standalone)(Active)(/Common)(tmos.ltm.virtual)# create forwarder source 0.0.0.0/0 destination 0.0.0.0:0 ip-forward source-address-translation { type none }
Test:
root@(bigip1)(cfg-sync Standalone)(Active)(/Common)(tmos.ltm.virtual)# ping www.google.com
PING www.google.com (216.58.196.132) 56(84) bytes of data.
64 bytes from sin01s18-in-f4.1e100.net (216.58.196.132): icmp_seq=1 ttl=57 time=9.37 ms
64 bytes from sin01s18-in-f4.1e100.net (216.58.196.132): icmp_seq=2 ttl=57 time=9.51 ms
64 bytes from sin01s18-in-f4.1e100.net (216.58.196.132): icmp_seq=3 ttl=57 time=9.63 ms
64 bytes from sin01s18-in-f4.1e100.net (216.58.196.132): icmp_seq=4 ttl=57 time=9.54 ms
64 bytes from sin01s18-in-f4.1e100.net (216.58.196.132): icmp_seq=5 ttl=57 time=9.04 ms
64 bytes from sin01s18-in-f4.1e100.net (216.58.196.132): icmp_seq=6 ttl=57 time=7.56 ms
Need to create a selfip of vlan10 first in order to create a route using vlan10 as the exit network to the destination network.
Need to create a virtual-server to forward packet F5 default drops all traffic even if there is a route created.
Need to restart the ntpd service in order for F5 to start peering the time with pool.ntp.org
root@(bigip1)(cfg-sync Standalone)(Active)(/Common)(tmos)# quit
[root@bigip1:Active:Standalone] config # bigstart restart ntpd
Test the ntp time synchronization status:
[root@bigip1:Active:Standalone] config # ntpq -np
remote refid st t when poll reach delay offset jitter
==============================================================================
139.162.23.6 218.186.3.36 2 u 2 64 1 8.701 2089.49 0.148
Create vmnet3
root@(bigip1)(cfg-sync Standalone)(Active)(/Common)(tmos)# /net vlan
root@(bigip1)(cfg-sync Standalone)(Active)(/Common)(tmos.net.vlan)# create vmnet5 tag 5 interfaces add { 1.1 }
root@(bigip1)(cfg-sync Standalone)(Active)(/Common)(tmos.net.vlan)# /net self
root@(bigip1)(cfg-sync Standalone)(Active)(/Common)(tmos.net.self)# create vmnet5 vlan vmnet5 address 172.16.5.1/24
The self ip is for the pc in vmnet5 to reference a gateway.
Test:
Create vmnet3
root@(bigip1)(cfg-sync Standalone)(Active)(/Common)(tmos.net.self)# /net vlan
root@(bigip1)(cfg-sync Standalone)(Active)(/Common)(tmos.net.vlan)# create vmnet3 tag 3 interfaces add {1.3 }
root@(bigip1)(cfg-sync Standalone)(Active)(/Common)(tmos.net.vlan)# /net self
root@(bigip1)(cfg-sync Standalone)(Active)(/Common)(tmos.net.self)# create vmnet3 vlan vmnet3 address 172.16.3.1/24
Test:
Change local user account password
root@(bigip1)(cfg-sync Standalone)(Active)(/Common)(tmos)# /auth user
root@(bigip1)(cfg-sync Standalone)(Active)(/Common)(tmos.auth.user)# modify admin password 123456
root@(bigip1)(cfg-sync Standalone)(Active)(/Common)(tmos.auth.user)# quit
[root@bigip1:Active:Standalone] config # passwd
Changing password for user root.
New BIG-IP password:
Retype new BIG-IP password:
[root@bigip1:Active:Standalone] config #
The root password has to be changed in bash instead of tmsh.
cyruslab 