tcpdump command for multiple source hosts and destination hosts
The request that has been given me is to find any SOAP traffic from 2 sets of pools. Pool 1 172.17.30.100 172.17.30.101 172.17.30.102 Pool 2 172.17.31.200 172.17.31.201 172.17.31.202 cany anyone help me with a tcpdump command that will give me all 80 and 443 traffic from pool 1 to pool 2 bidirectionaly?
Radius Load Balancing
We use Radius authentication for our corporate wireless users. I'm looking at load balancing our radius servers for our wireless controllers. We had an issue recently where one of the radius servers went down, all clients connected on that wireless controller to that radius server, lost their authentication. Hence, about 400 people dropped off the network. The server was physically up, but the service was hung. The controllers have both IP addresses of the Radius servers in their configuration. But have no way of knowing if the service is up or not. Only if the server was completely down. My idea is to use the BigiP, use one VIP the controllers point to, and do the health checks. That way the controllers can send to one IP, and the BigIP manages the traffic. Does anyone have experience with load balancing radius. I have already created a VIP, a UDP profile specifying the Datagram LB option. I also created a health monitor which checks radius the port. I would really like to build a good health monitor to actually check authentication and make sure the radius server is online. Any input is appreciated... Thanks....
DNS Query - reply from unexpected source
Hi Guys, I'm new to F5, and something annoy me i can't find why it happen. My topology: Network (Public IP - Pretend its 100.100.100.0/24) --> Switch Stack --> LAG --> Viprion LTM --> Cisco CRS --> WWW I have Viprion 4800 and for now i just wanna allow traffic to go outside, here are my questions : 1. I've added virtual-server with 0.0.0.0/0.0.0.0 as Forwarding (IP) to allow the LAN to have connectivity. but unless i open virtual server back inside (100.100.100.0/255.255.255.0) i have no connectivity. Isn't it statefull ? 2. After i open the rule I talked about in (1). i have this message when i try simple resolving from server behind the F5. [ip@qa-env ~]$ host google.com 8.8.4.4 ;; reply from unexpected source: 8.8.4.425965, expected 8.8.4.453 tcpdump show this 22:45:39.033309 IP 100.100.100.40.39945 > 8.8.4.4.53: 8917+ A? google.com. (27) 22:45:39.033315 IP 100.100.100.40.39945 > 8.8.4.4.53: 8917+ A? google.com. (27) 22:45:39.123868 IP 8.8.4.4.53 > 100.100.100.40.39945: 8917 1/0/0 A 173.194.41.69 (43) 22:45:39.123884 IP 8.8.4.4.25965 > 100.100.100.40.39945: UDP, length 43 So the packets goes all good until the return packet back to the F5 and then he alter the port! What am i missing ? *remember, i have public ip on the server. i just changed it to 100.100.100.40 for the example. my Virtuals ltm virtual MNG_ALLOW_ALL_OUT { description "Management Rule - Allow All Traffic Outside" destination 0.0.0.0:any ip-forward mask any profiles { fastL4 { } } translate-address disabled translate-port disabled vlans { DNS_LAN LDAP_LAN RADIUS_LAN } vlans-enabled } ltm virtual MNG_QA_ENV_IN { description "Management Rule - Allow Radius traffic in" destination 100.100.100.0:any ip-forward mask 255.255.255.0 profiles { fastL4 { } } translate-address disabled translate-port disabled vlans { CRS1.WAN CRS2.WAN } vlans-enabled }
