Basic configuration by command on BIGIP 11

Big IP command notes. Some of the commands might be mistaken, you should check the configuration from GUI or show command after applying a command.

###### For resetting bigip config.

load sys config default

###### Disable dhcp on mgmt interface.

modify sys global-settings mgmt-dhcp disabled

###### Set IP address on management interface.

create sys management-ip 192.168.200.245/24

###### Set hostname

modify sys global-settings hostname bigip01.local

###### Set timezone

modify sys ntp timezone "Your location"

###### Specify a NTP server to synchronise to.

modify sys ntp servers add { 192.168.200.1 }

###### Set snmp trap

modify sys snmp traps add { MyCommunity { community MyCommunity port 162 version 2c host 192.168.200.1 } }

###### Set syslog

I forgot.

###### Create vlan interface.

create net vlan external interfaces add { 1.1 }

###### Assign IP address to a vlan interface.
###### Specify which protocol to allow at the same time (I am allowing big ip defualt protocols in the following)
###### Also specify with traffic group to participate.

create net self 10.0.0.1/24 allow-service default traffic-group traffic-group-local-only vlan external description external

###### Create a node which will be participated to pool
###### Also specify how to monitor the node.

create ltm node web-server01 address 192.168.0.1 monitor icmp

###### Create monitor profile for a pool

create ltm monitor http MyHttp send "GET /test.html HTTP/1.1\\r\\nHost: \\r\\nConnection: Close\\r\\n\\r\\n"

###### Create a pool and add a member
###### You can specify multiple members inside bracket separated by white space.
###### Also specify load-balancing method.
###### Also specify monitor profile

create ltm pool MyPool members add { web-server01:http } load-balancing-mode least-connections-member monitor MyHttp

###### Create a virtual server
###### Specify ip address or network range to listen for the virtual server.
# Specify a pool to load balance to.

create ltm virtual virtual-server01 destination 10.0.0.10:80 mask 255.255.255.255 ip-protocol tcp pool MyPool

###### Create cookie persistence profile

create ltm persistence cookie MyCookie cookie-name MyCookie expiration 30:00

###### Modify existing virtual server enable cookie persistence with the profile above.
modify ltm virtual virtual-server01 persist replace-all-with { cookie MyCookie }

###### If you encounter error saying that the virtual server must be associated with http profile.

modify ltm virtual vs01 persist replace-all-with { cookie MyCookie } profiles replace-all-with { tcp http }

###### Create a iRule

create ltm rule MyiRule

###### Associate the irule to the existing virtual server

modify ltm virtual virtual-server01 rules { MyiRule }

###### Create self signed ssl certificate and private key.
###### You have to get out of tmsh.

cd /root
openssl req -new -sha256 -newkey rsa:2048 -days 365 -nodes -x509 -keyout MySSL.key -out MySSL.crt

#### If you want to create csr and new private key. sha256 fingerprint

openssl req -new -sha256 -newkey rsa:2048 -nodes -keyout MySSL.key -out MySSL.csr

#### If you want to create csr from a existing private key.

openssl req -new -sha256 -key "YOUR KEY" -out MySSL.csr

###### Installing a SSL private key and a certificate from local volume.

install sys crypto key MySSL.key from-local-file /root/MySSL.key
install sys crypto cert MySSL.crt from-local-file /root/MySSL.crt

###### Create SSL profile (client side and insecure ssl such as self-signed cert allowed)

create ltm profile client-ssl MySSL key MySSL.key cert MySSL.crt defaults-from clientssl-insecure-compatible

###### Associate SSL profile with a existing virtual-server.
###### Note that virtual server service port must be set to https.

modify ltm virtual virtual-server01 profiles add { MySSL }

# Save config

save sys config
Advertisements
Leave a comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: