Scenario is that we have a class B network with one VLAN ( flat VLAN ). I cant configure the Mgmt IP and the Self IP ( as it shares the network ). Questions: 1) Apart from creating another VLAN ( our network bit is outsourced so takes ages for these kind of requests ) , is there any other way out? 2) Why does it not allow for mgmt IP and self IP to be on the same network ( e.g mgmt ip = 10.161.10.xxx and I try and give a self ip of 10.161.153.xxx will not work with 255.255.0.0 subnet ) Thanks

Actually you can manage the devices from the self-IP address. You just need to set the port lockdown to "allow default" where the self addresses are defined. Hope this helps CB

I think you misunderstood the question. Having given the LTM a management IP ( say 10.161.10.1 when I try and add a self IP say of 10.161.153.1 ) it wont allow me to as it shares the same network ( IP shares the network with mgmt ip error ). i.e mgmt port cant be on same network as load balanced traffic. Hence I was asking if other than create a diff VLAN and put mgmt IP on that, is there another way round this?

I think the issue might be that there would be a conflict between TMM which handles the switch ports and Linux which handles the mgmt port. I don't remember ever getting a clear explanation of this restriction though. I have a faint memory that it's possible to configure the SCCP on the same subnet as a switch port, but I don't know if F5 officially supports this. You could then SSH to the SCCP and access the serial console. It wouldn't allow you to get to the GUI though. No GUI access could be a key issue if TMM is down (which can happen if the config fails to load, license isn't valid, etc). In that case, you wouldn't be able to access the BIG-IP from the switch ports. You can get more info on the SCCP and configuring it with an IP address in these two solutions: SOL3454: Overview of the SCCP https://support.f5.com/kb/en-us/solutions/public/3000/400/sol3454.html SOL3753: Configuring the switch card control processor so that it can be accessed over the network https://support.f5.com/kb/en-us/solutions/public/3000/700/sol3753.html Aaron

Thanks Aaron. Long time btw. Looks like I have to get that VLAN sorted to put the mgmt port on it. GUI is needed as well as console ( for obvious reasons ). There is no other way out is there? Regards Fahd

Self IP and Mgmt IP Question

24 Replies

The_Bhattman
Nimbostratus
Feb 17, 2009
True. What I suggested was something different.

Suppose you configure the management address as 192.168.1.100/255.255.255.0 and if you configure another PC 192.168.1.101/255.255.255.0, since you are in a single VLAN, they should be able to see each other. Again it's something I wouldn't do but it's something that I have seen done before. I would probably talk with the network folks to see if they will allow something like this to atleast inform them based on the limitation that is set upon you.

CB
dennypayne
Employee
Feb 20, 2009
Posted By palekafa on 02/17/2009 6:53 AM

Looks like I have to get that VLAN sorted to put the mgmt port on it. GUI is needed as well as console ( for obvious reasons ).

There is no other way out is there?

Well as cmbhatt originally suggested, you don't *have* to manage the device through the mgmt port. You can use the GUI and SSH into the command line on the self-IP address, so long as it is set to "Allow Default" or "Allow Custom" with 443 and 22 enabled.

The only thing you really need to do through the mgmt port is upgrades, and for that you can also do what cmbhatt is suggesting with putting it on an unused IP network that you can hook up to a laptop directly when you need to upgrade.

Posted By hoolio

I think the issue might be that there would be a conflict between TMM which handles the switch ports and Linux which handles the mgmt port. I don't remember ever getting a clear explanation of this restriction though.

Mainly because the mgmt port (run by Linux, as you say) is not part of the switch fabric; it is simply a NIC.

Denny
The_Bhattman
Nimbostratus
Feb 20, 2009
Here is my process of configuration and upgrading

1) License and first time configure the LTM through the management port via directly connected laptop

2) Once it's on the wire I abandon the management port and do my upgrades using the combination serial console (Remote Terminal server) and GUI and SSH via self-addresses (through the network)

From that point that is how I manage them and it hasn't failed me yet.

Unfortunatly, I have seen picular things with the management port in the past. One of the main things (outside the Lights Out piece) is that it shares the same routing table with the rest of the OS. In my world that is a no-no.

CB
Balachandar_797
Nimbostratus
Apr 19, 2010
Hello There,

I am working on trying the F5 BIG IP LTM VE and stuck on the configuration screeen with the error "01070392:3: Self IP IP Address/Netmask: This IP shares a network with the Management IP (IP Address / Netmask).

I am trying to use an IP not in use under Self IP.

Please help.

BTW, Iam using the VM Workstation version.

Regards,

Bala
hoolio
Cirrostratus
Apr 20, 2010
Hi Bala,

You'll want to create a management IP which is on a separate subnet from the switch VLANs. If you only have one routable subnet on the host, I'd just assign a "Host only" network for the management and use that to connect locally. You can assign a bridged adapter for the main LTM VE VLAN.

Aaron
Balachandar_797
Nimbostratus
Apr 27, 2010
Thanks Aaron. Much appreciated. It worked like a charm.

Playing around with Virtual servers and pools now. The VIP I provided (on same subnet as the external IP) when accessed through browser gives page cannot be displayed. Tried adding it to trusted sites. No luck :-(

Regards,

Bala
hoolio
Cirrostratus
Apr 27, 2010
Can you enable SNAT automap on the VIP and see if that works for you?

Aaron
Balachandar_797
Nimbostratus
Apr 27, 2010
Hi Aaron,

Yes I did that change after referring the F5 website. Still no luck. The status is red under Virtual Servers with message "The children pool members are down". The node status is green after that change. Also the real_server and snmp_dca are the only monitors working for this node. The node has IIS installed and configured. I have an connection broker software (Symantec Workspace Corporate) installed on it. The node is running on a VMWare ESX 3.5 Server 2003 EE SP2 VM.

Regards,

Bala
hoolio
Cirrostratus
May 04, 2010
Hi Bala,

I'd try troubleshooting why the pool members are being marked down by the monitors before testing the load balancing. For some tips on troubleshooting monitors, you can check this wiki page:

http://devcentral.f5.com/Wiki/default.aspx/AdvDesignConfig/TroubleshootingLtmMonitors.html

Aaron
Ashish_Ram_Tak1
Nimbostratus
Dec 20, 2012
can any one tell me how can i check management port ip address via putty also please share the command to assign management port ip,

i am using VMware on my desktop