====== F5 General ======
===== Installation First Steps =====
Login: root
Password: default
# config
(change management IP)
or via tmsh:
tmsh
modify sys global-settings mgmt-dhcp disabled
create /sys management-ip 192.168.17.231/255.255.255.0
create /sys management-route default gateway 192.168.17.254
From
Use Browser to connect
===== Ping and telnet within Route Domains =====
Option 1:
# ping %
Example:
# ping 192.168.22.56
PING 192.168.22.56 (192.168.22.56) 56(84) bytes of data.
^C
--- 192.168.22.56 ping statistics ---
5 packets transmitted, 0 received, 100% packet loss, time 4004ms
# ping 192.168.22.56%5
PING 192.168.22.56%5 (192.168.22.56%5) 56(84) bytes of data.
64 bytes from 192.168.22.56%5: icmp_seq=1 ttl=64 time=0.014 ms
64 bytes from 192.168.22.56%5: icmp_seq=2 ttl=64 time=0.032 ms
64 bytes from 192.168.22.56%5: icmp_seq=3 ttl=64 time=0.014 ms
^C
--- 192.168.22.56%5 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2001ms
Option2:
Change to Route Domain Shell. No need to add % behind ping
# rdsh 5
# ping 192.168.22.56
PING 192.168.22.56 (192.168.22.56) 56(84) bytes of data.
64 bytes from 192.168.22.56: icmp_seq=1 ttl=64 time=0.015 ms
64 bytes from 192.168.22.56: icmp_seq=2 ttl=64 time=0.016 ms
64 bytes from 192.168.22.56: icmp_seq=3 ttl=64 time=0.038 ms
^C
--- 192.168.22.56 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2000ms
rtt min/avg/max/mdev = 0.015/0.023/0.038/0.010 ms
# ping 192.168.22.56%5
PING 192.168.22.56%5 (192.168.22.56%5) 56(84) bytes of data.
64 bytes from 192.168.22.56%5: icmp_seq=1 ttl=64 time=0.016 ms
64 bytes from 192.168.22.56%5: icmp_seq=2 ttl=64 time=0.017 ms
64 bytes from 192.168.22.56%5: icmp_seq=3 ttl=64 time=0.017 ms
^C
--- 192.168.22.56%5 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2000ms
rtt min/avg/max/mdev = 0.016/0.016/0.017/0.004 ms
# exit
26 February 2016
10:57
===== Headline =====
tmsh list cm device configsync-ip
===== cut&paste config =====
In tmsh:
load sys config from-terminal merge
You can paste config at that point. Use ^D to submit what was pasted, ^C to cancel.
===== tcpdump =====
https://support.f5.com/csp/article/K6546
1) Packet capture only works in root domain
2) use exit if not in root domain, don't do rdsh 0 within non-root domain ex. don’t do rdsh 5, than rdsh0 - capture won't work.
3) interface 0.0 seems to be the 'magic' interface.
tcpdump -s 1500 -ni 0.0 dst host 10.29.64.230 or src host 10.29.64.230
tcpdump -w /var/tmp/appgw.cap -s 1500 -ni 0.0 dst host 10.29.64.230 or src host 10.29.64.230
curl -v https://gateway.example.com/ --user Testuser
Enter host password for user 'Testuser':
* Trying 1.2.3.4...
* Connected to gateway.example.com (1.2.3.4) port 443 (#0)
* found 173 certificates in /etc/ssl/certs/ca-certificates.crt
* found 692 certificates in /etc/ssl/certs
* ALPN, offering http/1.1
* SSL connection using TLS1.2 / ECDHE_RSA_AES_256_GCM_SHA384
* server certificate verification OK
* server certificate status verification SKIPPED
* common name: gateway.example.com (matched)
* server certificate expiration date OK
* server certificate activation date OK
* certificate public key: RSA
* certificate version: #3
* subject: C=GB,L=London,O=EXAMPLE,OU=IT-Dep,CN=gateway.example.com
* start date: Wed, 19 Mar 2014 00:00:00 GMT
* expire date: Fri, 19 Mar 2016 12:00:00 GMT
* issuer: C=US,O=DigiCert Inc,OU=www.digicert.com,CN=Thawte RSA CA 2018
* compression: NULL
* ALPN, server did not agree to a protocol
* Server auth using Basic with user 'Testuser'
> GET / HTTP/1.1
> Host: gateway.example.com
> Authorization: Basic 93JwUQpv51Bce8273HAbaew
> User-Agent: curl/7.47.0
> Accept: */*
>
< HTTP/1.1 200 OK
< Content-Type: text/html
< Accept-Ranges: bytes
< Set-Cookie: MyCookie=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;Path=/;Domain=gateway.example.com
< Date: Tue, 03 Jul 2015 11:23:11 GMT
< Content-Length: 123
<
MyApp - Not Authorised
...
...
* Connection #0 to host gateway.example.com left intact