f5 LTM

Download as pdf or txt
Download as pdf or txt
You are on page 1of 16
At a glance
Powered by AI
The document provides instructions on configuring network interfaces, VLANs, NTP, DNS, failover settings and mirroring on a BIG-IP device. It also describes creating a backup of the configuration using the UCS archive utility.

The main steps are to configure the external, internal and high availability VLANs and assign self IP addresses. Port lockdown rules and floating IP addresses are also configured. The NTP, DNS and failover settings are then configured.

Network Time Protocol (NTP) is configured to synchronize the system clock with an external NTP server at IP address 172.16.20.1.

F5 Networks Training

Getting Started with BIG-IP


Part One: Administration

Lab Guide

November, 2018

Getting Started with BIG-IP Lab Guide


Getting Started with BIG-IP Lab Guide
Part One: Administration Fifth Printing; November, 2018

Support and Contact Information


Obtaining Technical Support Contacting F5 Networks
Web: support.f5.com (Ask F5) Web: www.f5.com
Phone: (206) 272-6888 Sales questions: [email protected]
Support issues: [email protected] General information: [email protected]
Suggestions: [email protected]

F5 Networks, Inc. F5 Networks, Ltd. F5 Networks, Inc. F5 Networks, Inc.


Corporate Office United Kingdom Asia Pacific Japan
401 Elliott Avenue West Chertsey Gate West 5 Temasek Boulevard Akasaka Garden City 19F
Seattle, Washington 98119 Chertsey Surrey KT16 8AP #08-01/02 Suntec Tower 5 4-15-1 Akasaka, Minato-ku
T (888) 88BIG-IP United Kingdom Singapore, 038985 Tokyo 107-0052 Japan
T (206) 272-5555 T (44) 0 1932 582-000 T (65) 6533-6103 T (81) 3 5114-3200
F (206) 272-5557 F (44) 0 1932 582-001 F (65) 6533-6106 F (81) 3 5114-3201
[email protected] [email protected] [email protected] [email protected]

Legal Notices
Copyright 2018; F5 Networks; Inc. All rights reserved.
F5 Networks; Inc. (F5) believes the information it furnishes to be accurate and reliable. However; F5 assumes no responsibility for the use of this
information; nor any infringement of patents or other rights of third parties which may result from its use. No license is granted by implication or
otherwise under any patent; copyright; or other intellectual property right of F5 except as specifically described by applicable user licenses. F5
reserves the right to change specifications at any time without notice.

Trademarks
AAM, Access Policy Manager, Advanced Client Authentication, Advanced Firewall Manager, Advanced Routing, AFM, APM, Application
Acceleration Manager, Application Security Manager, AskF5, ASM, BIG-IP, BIG-IP EDGE GATEWAY, BIG-IQ, Cloud Extender, Cloud
Manager, CloudFucious, Clustered Multiprocessing, CMP, COHESION, Data Manager, DDoS Frontline, DDoS SWAT, Defense.Net,
defense.net [DESIGN], DevCentral, DevCentral [DESIGN], DNS Express, DSC, DSI, Edge Client, Edge Gateway, Edge Portal, ELEVATE, EM,
ENGAGE, Enterprise Manager, F5, F5 [DESIGN], F5 Agility, F5 Certified [DESIGN], F5 Networks, F5 SalesXchange [DESIGN], F5 Synthesis,
f5 Synthesis, F5 Synthesis [DESIGN], F5 TechXchange [DESIGN], Fast Application Proxy, Fast Cache, FCINCO, Global Traffic Manager,
GTM, GUARDIAN, iApps, IBR, iCall, iControl, iHealth, Intelligent Browser Referencing, Intelligent Compression, IPv6 Gateway, iQuery,
iRules, iRules OnDemand, iSession, L7 Rate Shaping, LC, Link Controller, LineRate, LineRate Point, LineRate Precision, LineRate Systems
[DESIGN], Local Traffic Manager, LROS, LTM, Message Security Manager, MobileSafe, MSM, OneConnect, Packet Velocity, PEM, Policy
Enforcement Manager, Protocol Security Manager, PSM, Ready Defense, Real Traffic Policy Builder, SalesXchange, ScaleN, SDAS (except in
Japan), SDC, Signaling Delivery Controller, Solutions for an application world, Software Designed Applications Services, Silverline, SSL
Acceleration, SSL Everywhere, StrongBox, SuperVIP, SYN Check, SYNTHESIS, TCP Express, TDR, TechXchange, TMOS, TotALL, TDR,
TMOS, Traffic Management Operating System, Traffix, Traffix [DESIGN], Transparent Data Reduction, UNITY, VAULT, vCMP, VE F5
[DESIGN], Versafe, Versafe [DESIGN], VIPRION, Virtual Clustered Multiprocessing, WebSafe, and ZoneRunner, are trademarks or service
marks of F5 Networks, Inc., in the U.S. and other countries, and may not be used without F5's express written consent. All other product and
company names herein may be trademarks of their respective owners.

Materials and Patents


The material reproduced on this manual; including but not limited to graphics; text; pictures; photographs; layout and the like ("Content"); are
protected by United States Copyright law. Absolutely no Content from this manual may be copied; reproduced; exchanged; published; sold or
distributed without the prior written consent of F5 Networks; Inc. The information in this document has been carefully verified and is believed to
be accurate. F5 Networks assumes no responsibilities for any inaccuracies that may appear in this document. In no event will F5 Networks be
liable for direct, indirect, special, exemplary, incidental, or consequential damages resulting from any defect or omission in this document, even if
advised of the possibility of such damages.
This product may be protected by one or more patents indicated at: http://www.f5.com/about/policies/patents

Getting Started with BIG-IP Lab Guide


Part One: Administration

Table of Contents
Lab 1 BIG-IP Administration.................................................................................................... 1
Lab 1A: Configure the Management Port.. ............................................................................................................2
Lab 1B: Set Up the BIG-IP System ........................................................................................................................6
Lab 1C: Create a UCS Archive of Your Configuration ........................................................................................ 11

Getting Started with BIG-IP Lab Guide


Part One: Administration 1

Getting Started with BIG-IP Lab Guide

Lab 1: BIG-IP Administration

This lab corresponds with the activities presented in Getting Started with
BIG-IP: Part 1 – Administration.

Estimated time for completion: 25 minutes

Lab Objectives
• Change the default passwords
• Use a PuTTY session to change the Management Port IP address and netmask
• Run the Setup utility and configure system access parameters
• Create a UCS archive of the BIG-IP system configuration.
• Create a qkview file, upload to BIG-IP iHealth for analysis, and review the diagnostics produced

Lab Requirements
You must have successfully completed the instructions entitled “Starting up the Lab Environment” in the
Getting Started Lab Introduction document.

Current BIG-IP Settings

At this point, your BIG-IP system is licensed and provisioned for the LTM module. The management
address is set to the default 192.168.1.245/24.

Getting Started with BIG-IP Lab Guide 1


2 Part One: Administration

Lab 1.A: Configure the Management Port


Access the serial console
1. Gain access to the BIG-IP system’s serial port. Click the PuTTY SSH Client button:

Enter the IP address 192.168.1.245 and port 22 as shown below and click Open.

2. When prompted to log into the BIG-IP system, authenticate with username root and password
default.
3. When prompted for (current) UNIX password: type default and enter.

2 Getting Started with BIG-IP Lab Guide


Part One: Administration 3

4. Change the password for the root user account, as shown in the table below:
New Password f5trn1
Confirm f5trn1

5. At the Linux bash prompt (e.g. config #), enter the command: config
6. Start the utility by clicking the OK button.

Use the <Tab> key to tab between fields and options in the config tool.
Use the <Backspace> and/or <Delete> keys to remove field content.
Use the <Enter> key to select an option (such as “OK” or “Next”). You
can also select an option by moving the mouse cursor over a particular
option (such as “OK” or “Next”) and clicking.

If you make a mistake and want to quit, use the <Esc> key and answer
No to “Accept these settings?” You will return to the shell prompt where
you can enter the config command and try again.

7. On the Select Management IP Family Type panel, ensure the IPv4 option is highlighted, and
press the <Enter> key. (If the IPv4 option is not already highlighted, use the <Tab> key to tab to
it before pressing the <Enter> key.)

Getting Started with BIG-IP Lab Guide 3


4 Part One: Administration

4 Getting Started with BIG-IP Lab Guide


Part One: Administration 5

Select manual configuration of the IP address


8. On the Configure IP Address panel, ensure the No option is highlighted (to bypass automatic
configuration of the IP address) and press the <Enter> key to continue.

Set the IP address to 192.168.1.31


9. On the Configure IP Address panel, use the <Backspace> to delete the default IP address.
Change the IP address to 192.168.1.31.
10. After changing the IP address, press the <Tab> key to highlight the OK option, then press the
<Enter> key to continue.

Set the netmask to 255.255.0.0


11. On the Configure Netmask panel, set the netmask to 255.255.0.0, press the <Tab> key to
highlight the OK option, then press the <Enter> key to continue.

Getting Started with BIG-IP Lab Guide 5


6 Part One: Administration

Set no default route


12. When prompted to create a default route for the management port, use the Tab key to select the
No option and press the <Enter> key to continue. In our environment, no default route is
required.

Confirm the management port configuration


13. On the Confirm Configuration panel, ensure that your settings are correct, as shown in the
screenshot below, then select the Yes option and press the <Enter> key to complete the
configuration. If the options are not correct, select the No option and rerun the config command.

14. Click the X to close the PuTTY SSH session, and click Yes to confirm.

Continue to Lab 1B: Set up the BIG-IP System.

6 Getting Started with BIG-IP Lab Guide


Part One: Administration 7

Lab 1B: Set up the BIG-IP System


Run the Setup utility

1. Click the Firefox Web Browser icon in the toolbar to access your BIG-IP system. (The icon
automatically opens a browser session to the BIG-IP system at https://192.168.1.31.)

2. When prompted, log in with a username of admin and with a password f5trn1.

In BIG-IP v14.0, when you change the root password as you did
previously, the admin account password is changed to the same
password, but it is also marked as expired.
When you log in as an admin for the first time, log in using the password
you set for the root account, and then change your admin password.

3. Change the password for the admin user account, as shown in the table below:
Current Password f5trn1
New Password f5trn1
Confirm f5trn1
When complete, click… Save

4. When prompted, log in with a username of admin and with a password of f5trn1.
5. In the Welcome screen, click the Next link to access the Setup utility.

6. On the subsequent Setup Utility » License page, review the features that have been licensed,
scroll down, and click Next.

Getting Started with BIG-IP Lab Guide 7


8 Part One: Administration

Verify Provisioning

7. On the Resource Provisioning page of the Setup utility, verify your provisioning settings match
those listed in the table below. For these labs, the systems are already licensed and provisioned
for Local Traffic Manager.

Setup Utility » Resource Provisioning

Current Resource Allocation section


Management (MGMT) Small
Local Traffic (LTM) Nominal
When complete, click… Next

Accept the BIG-IP Self-Signed Device Certificate

8. After provisioning is complete, the Device Certificates page in the Setup Utility is displayed. We
will be using the BIG-IP system’s self-signed certificate in this lab. Note the expiration date for
the certificate. Click the Next button to continue.

Verify Platform General Properties

9. In the General Properties section of the next page, configure general properties and
administrative access usernames/passwords. Some fields may already contain the correct values.
Leave the default values for the fields not mentioned in the table below.

Setup Utility » Platform

General Properties section


Management Port 1 Configuration Manual radio button selected
Host Name bigip1.f5trn.com
Host IP address Use Management Port IP address
Time Zone America/Los Angeles
User Administration section
Password: f5trn1
Root Account
Confirm: f5trn1
When complete, click Next

You will be taken directly to the Setup Utility » Network page.

Configure the Network

10. Continue the Setup utility by performing a Standard Network Configuration. Click the Next
button under the Standard Network Configuration heading.

8 Getting Started with BIG-IP Lab Guide


Part One: Administration 9

Configure Redundant Device Wizard options

11. Accept these default settings to configure the Redundant Device Wizard Options, then click
Next.
Configure Self IPs, VLANs, and High Availability
12. Configure the internal network and internal VLAN by entering the following settings:

Setup Utility » VLANs

Internal Network Configuration section


Address: 172.16.1.31
Self IP Netmask: 255.255.0.0
Port Lockdown: Allow Default
Address: 172.16.1.33
Floating IP
Port Lockdown: Allow Default
Internal VLAN Configuration section
VLAN Tag ID auto
VLAN Interfaces: Select 1.2
Interfaces Tagging: Select Untagged
Click the Add button
When complete, click… Next

13. Next, configure the external network and VLAN by entering the following settings:

Setup Utility » VLANs

External Network Configuration section


External VLAN Create VLAN external radio button selected
Address: 10.10.1.31
Self IP Netmask: 255.255.0.0
Port Lockdown: Allow 443
Address: 10.10.1.33
Floating IP
Port Lockdown: Allow 443
External VLAN Configuration section
VLAN Tag ID auto
Interfaces: Select 1.1
Interfaces Tagging: Select Untagged
Click the Add button
When complete, click… Next

Getting Started with BIG-IP Lab Guide 9


10 Part One: Administration

14. Configure the high availability network to use the existing VLAN internal.

Setup Utility » VLANs

High Availability Network Configuration section


High Availability VLAN Click the Select existing VLAN radio button
Select VLAN internal
When complete, click… Next

Configure Network Time Protocol

15. Configure the BIG-IP system to synchronize its clock with an NTP server with an IP address of
172.16.20.1. Click Add and the Next button to continue.

Configure Domain Name Server

16. Leave this page with its default settings, and click the Next button to continue.

Configure ConfigSync

17. Accept the default settings for ConfigSync configuration, as shown below:

Setup Utility » ConfigSync

ConfigSync Configuration section


Local Address 172.16.1.31 (internal)
When complete, click… Next

Configure Failover settings

18. Accept the default settings for Management Failover Unicast Configuration, Failover Unicast
Configuration and Failover Multicast Configuration, as shown below:

Setup Utility » Failover

Failover Unicast Configuration section


172.16.1.31 | 1026 | internal
Local Address | Port | VLAN Management Address | 1026 | Management
Address
Failover Multicast Configuration section
Use Failover Multicast Address Unchecked (Disabled)
When complete, click… Next

10 Getting Started with BIG-IP Lab Guide


Part One: Administration 11

Configure Mirroring

19. Accept the default primary and secondary local mirror address settings for Mirroring
Configuration.

Setup Utility » Mirroring

Mirroring Configuration section


Primary Local Mirror Address 172.16.1.31 (internal)
Secondary Local Mirror Address None
When complete, click… Next

Complete the Setup utility

20. You have now configured the network interfaces required to support a standard BIG-IP
configuration.
21. Click the Finished button under the Advanced Device Management Configuration heading.
There should be a message at the top of the page indicating Setup Utility Complete.

Continue to Lab 1C: Create a UCS Archive of Your Configuration.

Getting Started with BIG-IP Lab Guide 11


12 Part One: Administration

Lab 1C: Create a UCS Archive of Your Configuration


1. Navigate to System » Archives to create a backup of your current configuration.

Configuration Utility

System » Archives then click Create

General Properties section


File Name training_lab_base
When complete, click… Finished, then click OK when the archive is complete

2. Download your new UCS backup to your Ubuntu client.

Configuration Utility

System » Archives then click training_lab_base.ucs

General Properties section


Click Download: training_lab_base.ucs, then click
Archive File
OK to save when prompted.

You have completed the labs associated with this WBT.


Please close your browser session now.

12 Getting Started with BIG-IP Lab Guide

You might also like