Forum Discussion
AltostratusBig5 LTM GUI not reachable but can ping
AltostratusHi oguzy, I tried but it gave me the following message ".Could not open connection to the host, on port 443: Connect failed"
I'm not using any proxy in my browser settings.
I checked also httpd port :
sys httpd {
ssl-port 443
}
I don't have any firewall in between and I'm trying from same subnet
any clue?
Thanks
CirrostratusHi Nuno_xzorp,
Although both devices are on the same network, and port 443 listens on the bigip, you could not reach.
Could you please start a tcpdump on your management interface of bigip device, and try to telnet again? I wonder if you see the SYN packet on the tcpdump?
tcpdump -nni name_of_mgmt_interface port 443- Nuno_xzorp
Hi oguzy,
thanks for the reply. Sorry to be able to answer just now. So I did like you suggested for port 443:
1) # tcpdump -nni mgmt port 443
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on mgmt, link-type EN10MB (Ethernet), capture size 65535 bytes
^C
0 packets captured
0 packets received by filter
0 packets dropped by kernel
2) I also tried one thing, capturing port 22 while doing a ssh connection, but surprisely I got nothing (but got the ssh prompt):
# tcpdump -nni mgmt port 22
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on mgmt, link-type EN10MB (Ethernet), capture size 65535 bytes
^C
0 packets captured
0 packets received by filter
0 packets dropped by kernel
what do you think?
- oguzy
Hi Nuno_xzorp,
Because you successfully connect via ssh, I was expecting that your second tcpdump should capture some packets. That means the name of interface that you connect is not mgmt. If you change tcpdump command like this: tcpdump -nni 0.0 port 22 or port 443 , you will see some packets.
I guess you normally access your bigip from a self_ip not from a management port.
- Nuno_xzorp
Hi oguzy,
I'm not sure what has triggered it, but the mgmt mac-address have changed on the system, since then it started to worki. So before it was 00:94:a1:0c:20:80, but the arp on the switch was mapping the mgmt ip to 00:94:a1:0c:20:82, even clearing arp cache and few port shudowns it stayed the same (I mentioned it on my 2nd post). Not sure what triggered this, so not sure if this is a normal behaviour or if it was some bug, the only thing I did was doing those TCPDUMPS that you suggested, at somepoint I started see the packets. I've captured the following logs from kernel, timestamps more or less at the time when started to work:
Sep 13 21:18:18 F5_STD info kernel: lasthop-ingress-v4: tcp non-syn packet
Sep 13 21:23:46 F5_STD info kernel: device mgmt entered promiscuous mode
Sep 13 21:24:52 F5_STD info kernel: device mgmt left promiscuous mode
if you have any clue of what might have happened let me know. Many thanks for your help!
- Nuno_xzorp
Missed to add the mac address changed from 00:94:a1:0c:20:80 to 00:94:a1:0c:20:82 (which was the one that the switch always got from the BIG5), then it started to work
