For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

BaltoStar_12467's avatar
BaltoStar_12467
Aug 08, 2013

management interface configuration

I know that the management interface must be in a separate subnet/VLAN than the other interfaces ( internal , external , HA ).

 

But re config of the management interface :

 

 

Q1 : In f5 config , should I create a VLAN and a corresponding Self IP for the management interface ?

 

Apparently this is not necessary because on initial access of the management admin console , no VLANs or Self IPs are configured.

 

 

Q2 : Is it better for the management interface to be DHCP or Static IP ? ( apparently the default is DHCP )

 

If my management interface is DHCP , is it possible via the management-interface to re-config as Static IP ? If not then how ?

 

 

Thanks.

 

basic
getting started
new to f5

2 Replies

  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Aug 09, 2013
    Q1 : In f5 config , should I create a VLAN and a corresponding Self IP for the management interface ? vlan and selfip are on tmm interface. there is no such configuration for mgmt interface.

     

     

    Q2 : Is it better for the management interface to be DHCP or Static IP ? ( apparently the default is DHCP )i always use static ip. it is under system/platform in gui.
  • Hamish's avatar
    Hamish
    Icon for Cirrocumulus rankCirrocumulus
    Aug 09, 2013
    To expand a bit. The management interface is controlled directly by the host itself. This supports plain old unencapsulated packets only. (An access port only in cisco terms). (The Linux OS your interact with). The TMM interfaces for which you see configuration options for in the GUI are actually connected to a separate ethernet switch. This switch is under the control of the TMM micro-kernel that runs the load-balancing on the unit (You can see this from the host as a process running an executable called tmm. There's one per CPU core usually).

     

     

    The host OS doesn't really have access to this, and the TMM kernel doesn't have access to the management interface. The TMM switchboard can do 802.1Q VLAN tagging (Cisco Trunking, not to be confused with BigIP Trunking) OR operate as an access port (Which appears on bigip as a pseudo VLAN tag > 4096).

     

     

    As nitas said... Static IP's for management. SLightly more config to do to set a static IP vs leaving it dynamic, but you don't have to rely on DHCP servers and DDNS.

     

     

    H