cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.

Big5 LTM GUI not reachable but can ping

Nuno_xzorp
Altostratus
Altostratus

Hi,

I'm very new in BIG5, I would like to ask your help, I had a power cut and when the power came up, I wasn't able to access the management GUI but I can ping, also when I tried to ssh, it promps for user/password but it doesn't accept none of the accounts credentials, the only way I can access at the moment is via console, the software image I'm using is BIGIP-14.1.2.8-0.0.7

I tried to restart the httpd and tomcat but didn't produce any change.

Any ideas?

Thanks

12 REPLIES 12

oguzy
Cirrostratus
Cirrostratus

Hi Nuno_xzorp,

 

When you connect your bigip device via console, do you see any errors in /var/log/httpd/httpd_errors logs?

Please make sure https service is working on bigip device.

 

Have a nice day.

 

 

 

 

Hi oguzy,

I checked that but don't see any error.

Meantime I found the mgmt port mac-address last digit is diferent from listed on switch arp entry, not sure if this have influence because I can ping and reach via ssh.

Thanks

Hİ Nuno_xzorp,

 

As you said in your first post, you could not login via ssh due to wrong credentials. In the second post the mac address is different in the arp record. Could you please make sure you try to connect the right device? I mean after power issue, the bigip may get a new IP address. Please connect via console again, and check your IP address of bigip device. If it is the same IP with the address you are pinging, then check your listening port in your bigip device via netstat command and share with us the result.

netstat -ano | grep LISTEN | grep 443

 

Hi oguzy,

Thank you for reply.

Yes, the ip address is the same, the result of the command is:

tcp6    0   0 :::443         :::*          LISTEN   off (0.00/0/0)

 

thanks for letting me know.

 

Hi Nuno_zorp,

 

Ok, the bigip listens on port 443. Could you please try to reach from terminal of your local PC to bigip via telnet?

telnet bigip_IP 443

If the output of telnet is connected, then we can say we have layer4 connectivity. Also, if you use proxy in your browser settings, please disable it and try to connect https://bigip_IP

Sorry, think I created below a new post and not a reply, just to add that for port 22 it opens, as I said in the first post (ssh) so it looks like for some reason port 443 is not working

Nuno_xzorp
Altostratus
Altostratus

Hi oguzy, I tried but it gave me the following message ".Could not open connection to the host, on port 443: Connect failed"

I'm not using any proxy in my browser settings.

I checked also httpd port :

sys httpd {

  ssl-port 443

}

I don't have any firewall in between and I'm trying from same subnet

any clue?

 

Thanks

Hi Nuno_xzorp,

 

Although both devices are on the same network, and port 443 listens on the bigip, you could not reach.

Could you please start a tcpdump on your management interface of bigip device, and try to telnet again? I wonder if you see the SYN packet on the tcpdump?

tcpdump -nni name_of_mgmt_interface port 443

 

Hi oguzy,

thanks for the reply. Sorry to be able to answer just now. So I did like you suggested for port 443:

1) # tcpdump -nni mgmt port 443

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode

listening on mgmt, link-type EN10MB (Ethernet), capture size 65535 bytes

 

^C

0 packets captured

0 packets received by filter

0 packets dropped by kernel

 

2) I also tried one thing, capturing port 22 while doing a ssh connection, but surprisely I got nothing (but got the ssh prompt):

# tcpdump -nni mgmt port 22 

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode

listening on mgmt, link-type EN10MB (Ethernet), capture size 65535 bytes

^C

0 packets captured

0 packets received by filter

0 packets dropped by kernel

 

what do you think?

Hi Nuno_xzorp,

 

Because you successfully connect via ssh, I was expecting that your second tcpdump should capture some packets. That means the name of interface that you connect is not mgmt. If you change tcpdump command like this: tcpdump -nni 0.0 port 22 or port 443 , you will see some packets.

I guess you normally access your bigip from a self_ip not from a management port.

 

Hi oguzy,

I'm not sure what has triggered it, but the mgmt mac-address have changed on the system, since then it started to worki. So before it was 00:94:a1:0c:20:80, but the arp on the switch was mapping the mgmt ip to 00:94:a1:0c:20:82, even clearing arp cache and few port shudowns it stayed the same (I mentioned it on my 2nd post). Not sure what triggered this, so not sure if this is a normal behaviour or if it was some bug, the only thing I did was doing those TCPDUMPS that you suggested, at somepoint I started see the packets. I've captured the following logs from kernel, timestamps more or less at the time when started to work:

Sep 13 21:18:18 F5_STD info kernel: lasthop-ingress-v4: tcp non-syn packet

Sep 13 21:23:46 F5_STD info kernel: device mgmt entered promiscuous mode

Sep 13 21:24:52 F5_STD info kernel: device mgmt left promiscuous mode

if you have any clue of what might have happened let me know. Many thanks for your help!

 

Missed to add the mac address changed from 00:94:a1:0c:20:80 to 00:94:a1:0c:20:82 (which was the one that the switch always got from the BIG5), then it started to work