For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

lkchen's avatar
lkchen
Icon for Nimbostratus rankNimbostratus
Jul 08, 2015

remote authentication to host management

Largely due to PCI, I need to allow the necessary users to access the configuration utility of our 7200v, which is doing vCMP so there's no LTM, etc. on it.   The local auth control can't match ou...
management
security
vcmp
lkchen's avatar
lkchen
Icon for Nimbostratus rankNimbostratus
Jul 16, 2015
So, this is curious....somebody managed to get ldap authentication into vCMP host working. Somehow it can do ldap through management, when there's no LTM? I had thought I had seen ldap working from the 'network management' vlan...the 'unboxer' wanted to peek inside the 7200v's had setup them up through front panel in telco-room (where they had been stashed to be out of sight for a tour.) Which did at least mean they were powered up and activated onto support before their 1 year hardware warranty expired. When we had gotten our 6400's, they sat in their boxes for more than 1 year....and one of the units was DOA, but it was out of warranty and hadn't been activated into support...so we had buy another unit. Figured moving to 'proper' network would be no problem later...except it didn't. Though the issue of the units reverting to previous IP after a reboot was supposed to have been fixed when I upgraded them to 11.5.1....but maybe we haven't looked at changing their IPs (again) since the upgrade. Though wonder about their current final location....mounted backwards (as was typical for networking equipment...) in APC netshelter solution....so its trying to pull cool air from the hot aisle and vent into the enclosed space behind it (as the front is filled in with blanks...) Wonder if that's why we have already had a power supply fail. The 2400 had been mounted this way, but back when we had standalone open racks, so there was no cool...just varying degrees of hot.... while the 6400s were installed with other networking into in two post rack. Hmmm.... Still, didn't expect to see ldap working...but nice that it is. Guess I need to finish setting up the remote roles then. Wonder what the procedure is for upgrading, and would that fix the apache cert problem. (haven't applied the Xen? vulnerability patch yet....) Upgrading with vCMPs, is new to me, as is active/active...which one of the pair of vCMPs is (though I don't know why perhaps made sense when the boxes used to be in two different locations....no still doesn't seem right to me.)