Forum Discussion
NimbostratusCan we assign a self IP for the external VLAN in the same management VLAN.
We have BigIP 11.6.0, its managment IP is 10.254.108.95/255.255.255.0, and we tried to assign the self IP 10.254.108.75/255.255.255.0 for the external VLAN but we got an error that we can not use an IP from the management VLAN. Is that a standard limitation for the BigIP or it is certain configuration we have enabled by accident?
standard - the management interface/configuration is managed differently internally (linux manages management IP, management routes, etc.) than self-IP addresses (F5 TMM manages switch-ports and self-IPs).
the closest "official F5" note i can find regarding this is https://support.f5.com/kb/en-us/solutions/public/13000/300/sol13342.html "The IP address assigned to the management interface must be on a different network than the self IP addresses assigned to VLANs."
It is possible to manage the device via self-IP addresses, but you will want to take care in locking down those self-IP addresses as much as possible, and you still must have unique management IP addresses configured among devices in an HA pair as those addresses are used as device-identifiers by the F5s.
5 Replies
- Eric_St__John
Employee
The management IP must be in a different subnet than the Self IPs. You can manage the BIG-IP from the Self IP address if you desire.
Eric
shaggy_121467Cumulonimbus
standard - the management interface/configuration is managed differently internally (linux manages management IP, management routes, etc.) than self-IP addresses (F5 TMM manages switch-ports and self-IPs).
the closest "official F5" note i can find regarding this is https://support.f5.com/kb/en-us/solutions/public/13000/300/sol13342.html "The IP address assigned to the management interface must be on a different network than the self IP addresses assigned to VLANs."
It is possible to manage the device via self-IP addresses, but you will want to take care in locking down those self-IP addresses as much as possible, and you still must have unique management IP addresses configured among devices in an HA pair as those addresses are used as device-identifiers by the F5s.
Ashraf_Hassan_1Thank you so much for the sol you sent earlier, it mention clearly the self IPs and the management IP must be in a different vlans, I know as you mentioned the the self IP is managed by the TMOS and the management IP is managed by the Linux box that is why in the first place I made design to have the self IP in the same VLAN like the management but I got this error in the GUI, in the sol you sent it says that even with the config utility it will refuse to allow it.
shaggystandard - the management interface/configuration is managed differently internally (linux manages management IP, management routes, etc.) than self-IP addresses (F5 TMM manages switch-ports and self-IPs).
the closest "official F5" note i can find regarding this is https://support.f5.com/kb/en-us/solutions/public/13000/300/sol13342.html "The IP address assigned to the management interface must be on a different network than the self IP addresses assigned to VLANs."
It is possible to manage the device via self-IP addresses, but you will want to take care in locking down those self-IP addresses as much as possible, and you still must have unique management IP addresses configured among devices in an HA pair as those addresses are used as device-identifiers by the F5s.
- Ashraf_Hassan_1Thank you so much for the sol you sent earlier, it mention clearly the self IPs and the management IP must be in a different vlans, I know as you mentioned the the self IP is managed by the TMOS and the management IP is managed by the Linux box that is why in the first place I made design to have the self IP in the same VLAN like the management but I got this error in the GUI, in the sol you sent it says that even with the config utility it will refuse to allow it.
