Forum Discussion

MaxMedov's avatar
MaxMedov
Icon for Cirrostratus rankCirrostratus
Sep 07, 2023
Solved

BIGIQ/DCD and BIGIP Admin password change

Hello, I need to change the Admin and Root passwords of my F5 environment.
The topology is:
BIGIQ-CM with HA
DCDs
and BIGIP devices in the cluster.
I saw I can change automatically for all managed BIGIP devices in bulk from BIGIQ.

A few questions about:
1. When I change the BIGIP devices. Will I lose the connectivity from BIGIQ? ELA license? Management?
If yes, how should I deal with it, without having to add everything again?

2. The same thing happens if I change the password of BIGIQ, do I need to reconfigure the HA between the active and standby?

3. Changing the password on the DCDs - I will lose the cluster and data. And would you like to add them again?

Thank you!

security
  • Sebastiansierra's avatar
    Sebastiansierra
    Sep 07, 2023

    Hi MaxMedov,

    This is the same case as for Big-IP, the password is used only once time to exchange SSL certificates, After this password exchange, all communication uses these certificates for authentication and communication.

    To be more clear, when you establish communication with another device, the peer device doesn´t save the password of the other system, it saves the SSL certificate to establish the communication,

    Hope it works.

4 Replies

Sort By
  • Sebastiansierra's avatar
    Sebastiansierra
    Icon for MVP rankMVP
    Sep 07, 2023

    Hi MaxMedov,

    This is the same case as for Big-IP, the password is used only once time to exchange SSL certificates, After this password exchange, all communication uses these certificates for authentication and communication.

    To be more clear, when you establish communication with another device, the peer device doesn´t save the password of the other system, it saves the SSL certificate to establish the communication,

    Hope it works.

  • Sebastiansierra's avatar
    Sebastiansierra
    Icon for MVP rankMVP
    Sep 07, 2023

    Hi MaxMedov,

    Initially, passwords are used to exchange ssl certificates between devices used to communicate with each other, so you can change your bigip passwords and this doesn't have to affect the Big-IP-Big-IQ or Big-IQ-DCD communication, because the password is used only in the first time and for next communications the systems use SSL authentication.

    To change the password via CLI use the command

    passwd root

    In the case of a cluster change the password in one device an then synchronize.

    By gui go to system>users>open the user and set a new password.

    Hope it´s works.

  • MaxMedov's avatar
    MaxMedov
    Icon for Cirrostratus rankCirrostratus
    Sep 07, 2023

    Than you for your response! What about the DCD password changing, how it will affect on the BIGIQ and the ES Cluster