Applies To:

Show Versions Show Versions

Manual Chapter: Platform Overview
Manual Chapter
Table of Contents   |   Next Chapter >>

About Herculon iSeries models

As threats to your applications become more frequent, targeted, and sophisticated, you must do more to secure and protect against highly evasive attacks, as quickly as possible. F5® Herculon provides next-generation security that delivers the power, visibility, control, and resilience that your organization needs to secure applications, to help with encrypted traffic, and to minimize downtime, thus safeguarding your business and its reputation.

F5’s independently deployable Herculon solutions are built on proven technology that offers the in-depth customizable logic of F5 TurboFlex™ for more granular inspection capability, greater capacity for more security rules, and the power to process computational intense functions at wire speed. And with the breadth of cloud, software, and hardware offerings, each product provides the most compelling options for integrating security throughout evolving network and application infrastructures in ways that best fit organizational priorities, compliance mandates, and business needs, while maximizing your investment.

For more information, please see the data sheet at f5.com/products/platforms.

About the platform

Before you install this platform, review information about the controls and ports located on both the front and back of the platform. On the front of the platform, you can use the LCD touchscreen to view information about, manage, and reset the system. You can also use the front-panel LEDs to assess the condition of the system.

Front view of the i2800 platform

Front view of the i5800 platform

Front view of the i10800 platform

The back of the i2800 and i5800 platforms include one power supply, one power blank, and a chassis ground terminal.

Back view of the i2800 platform

Back view of the i5800 platform

The back of the i10800 platform includes two power supplies, the fan tray, and a chassis ground terminal.

Back view of the i10800 platform

Hardware included with the platform

This platform includes all of the hardware components listed here.

Quantity Hardware
1 or 2 Power cables (black), AC power only, per platform configuration. Might include multiple power cable types if product is delivered outside of the US/Canada.
1 RJ45 to RJ45 failover cable, CAT 5 crossover (blue)
1 RJ45 to DB9 console port cable (beige)
1 RJ45F to RJ45M rolled adapter (beige)
1 Quick-install rail kit
2 Rail lock brackets
4 #8-32 pan head screws, steel zinc

Peripheral hardware required

For each platform, you might need to provide additional peripheral hardware. If you plan to remotely administer the system, it would be helpful to have a workstation already connected to the same subnet as the management interface.

Type of hardware Description
Network hubs, switches, or connectors to connect to the platform network interfaces You must provide networking devices that are compatible with the network interface cards (NICs) that are installed in the platform. You can use either 10/100/1000/10000-Megabit or 40-Gigabit Ethernet switches.
External USB CD/DVD drive or USB flash drive You can use any USB-certified CD/DVD mass storage device or a USB flash drive for installing upgrades and for system recovery.
Note: External CD/DVD drives must be externally powered.
Serial console You can remotely manage the platform by connecting to a serial console terminal server through the console port.
Important: In the event that network access is impaired or not yet configured, the serial console might be the only way to access the unit. You should perform all installations and upgrades using the serial console, as these procedures require reboots, in which network connectivity is lost temporarily.
Management workstation on the same IP network as the platform You can use the default platform configuration if you have a management workstation set up.

About LCD menus

The touchscreen LCD provides the ability to manage the unit without attaching a console or network cable. You can configure the display options to meet your needs. There are four menu options available on the LCD.

Note: When using the LCD to configure the unit, be sure to use the Commit option to save all settings.

System menu

You can use the System menu to reboot, reset, halt, power off, or power on the system.

Option Description
Soft Reboot Performs a graceful reboot of the unit.
Hard Reset Performs a hard reset on the unit.
Halt Halts or shuts down the unit.
Power Off Powers off the unit.
Power On Powers on the unit.

Alerts menu

You can use the Alerts menu to view system alerts by priority, or to clear all alerts from the LCD.

Option Description
Emergency Displays alerts that match the Emergency priority.
Critical Displays alerts that match the Critical priority.
Error Displays alerts that match the Error priority.
Warning Displays alerts that match the Warning priority.
Alert Displays alerts that match the Alert priority.
Info Displays alerts that match the Informational priority.

Options menu

You can use the Options menu to configure the LCD brightness and enable/disable the chassis locator LED.

Option Description
Display Adjusts LCD backlight brightness.
Locator LED Controls the use of the chassis locator feature, which causes the F5® logo ball on the chassis front panel to flash on and off. Select from these options:
  • OFF (default)
  • ON

Setup menu

You can use the Setup menu to configure the management interface, AOM management interface, and serial port baud rate.

Option Description
Management Changes the management interface information. Select from these options:
  • Type indicates whether to use an IPv4 or IPv6 address.
  • DHCP indicates whether DHCP is enabled or disabled (default).
  • IP Address sets the management interface IP address and routing prefix. You can use an IPv4 or IPv6 address.
  • Gateway sets the default route for the management interface. This route is necessary if you plan to manage the unit from a different subnetwork.
AOM Management Changes the AOM management interface information. Select from these options:
  • Type indicates that the AOM management interface uses an IPv4 address.
  • DHCP indicates whether DHCP is enabled or disabled (default).
  • IP Address sets the management interface IP address and routing prefix. You can use only an IPv4 address.
  • Gateway sets the default route for the management interface. This route is necessary if you plan to manage the unit from a different subnetwork.
Baud Rate Changes the baud rate of the management serial port. Select from these options:
  • 9600
  • 19200 (default)
  • 38400
  • 57600
  • 115200

About using the LCD

To manage the platform using the LCD menu options, tap the touchscreen LCD to put it into menu mode. The LCD is operational even when the Host is powered off, provided that Always-On Management and the LCD are fully booted.

Important: It might take a few minutes for the LCD to become operational when the system is started from a powered off state.
Note: When using the LCD to configure the unit, be sure to use the Commit option to save all settings.

Rebooting the unit

You can use the touchscreen LCD to perform a soft reboot of the unit.
  1. Touch the screen to activate the LCD menus.
  2. Tap System.
    The System screen displays.
  3. On the System screen, tap Soft Reboot.
  4. Tap Confirm to reboot the unit.

Resetting the unit

You can use the touchscreen LCD to perform a hard reset of the unit.
  1. Touch the screen to activate the LCD menus.
  2. Tap System.
    The System screen displays.
  3. On the System screen, tap Hard Reset.
  4. Tap Confirm to reset the unit.

Halting the unit

You can use the touchscreen LCD to halt the unit.
  1. Touch the screen to activate the LCD menus.
  2. Tap System.
    The System screen displays.
  3. On the System screen, tap Halt.
  4. Tap Confirm to halt the unit.

Powering off/on the unit

You can use the touchscreen LCD to power off/on the unit.
  1. Touch the screen to activate the LCD menus.
  2. Tap System.
    The System screen displays.
  3. On the System screen, swipe to scroll down and tap Power Off or Power On.
  4. Tap Confirm to power off/on the unit.

Clearing alerts

You can use the touchscreen LCD to clear alerts from the LCD.
  1. Touch the screen to activate the LCD menus.
  2. Tap Alerts.
    The Alerts screen displays.
  3. On the Alerts screen, clear either all alerts or alerts of a specific priority:
    • To clear all alerts, tap Clear All.
    • To clear only alerts of only a specific priority, tap the priority name to view alerts with that priority, and then tap Clear.

Configuring LCD brightness

You can use the touchscreen LCD to adjust the brightness of the display.
  1. Touch the screen to activate the LCD menus.
  2. Tap Options.
    The Options screen displays.
  3. Tap Display.
    The Brightness screen displays.
  4. Use the left and right arrows to adjust the brightness of the LCD in real-time.
  5. Click Back to return to the previous screen.

Enabling/Disabling the chassis locator LED

You can use the touchscreen LCD to clear alerts from the LCD.
  1. Touch the screen to activate the LCD menus.
  2. Tap Options.
    The Options screen displays.
  3. Click Locator LED.
    The Locator LED screen displays.
  4. Tap to enable or disable the chassis locator LED.

About platform LEDs

The behavior of the various LEDs on the platform indicate the status of the system or component.

Status LED

The status LED indicates the operating state of the system.

State Description
off/none System is powered down.
green solid System is running in normal mode. Also indicates that the system is in an Active state of a device group.
yellow solid System is running in an impaired mode or is operating in one of these conditions:
  • It is in the standby power state
  • It is powered on and in the process of booting to TMOS®
  • It is powered on, but offline, such as when booted to the End-User Diagnostic (EUD)
  • It is booted to TMOS and is operating as a Standby member of a device group
yellow blinking System might be in a state in which a software or hardware problem is interfering with control of the LCD or communication is lost between the system and the LCD.

Alarm LED

The alarm LED indicates system alarm conditions and the severity of the alarm condition.

There are five levels of messages.
Note: The alarm LED remains lit until alerts above an informational level are cleared using the LCD panel.
State Description
off/none Informational or no alarm conditions present. System is operating properly.
yellow solid Warning (0). System may not be operating properly, but the condition is not severe or potentially damaging.
yellow blinking Error (1). System is not operating properly, but the condition is not severe or potentially damaging.
red solid Alert (2) or Critical (3). System is not operating properly, and the condition is potentially damaging.
red blinking Emergency (4). System is not operating, and the condition is potentially damaging.

Power 1 and Power 2 LEDs

The Power 1 and Power 2 LEDs on the front of the chassis indicate the general operating state of the power supplies.

Power 1 state Power 2 state Description
green solid green solid Power supply is present and operating properly. Also indicates when the system is in power standby mode.
yellow solid yellow solid Power supply is present, but not operating properly.
off/none off/none No power supply present.

AC power supply LEDs

The LEDs located on the AC power supplies indicate the operating state of the power supplies

Input LED Output/Fault LED Condition
green solid green solid Normal operation
off off AC input fail (UV or OV)
green solid off Main output off
green solid yellow solid Over temperature shutdown
green solid yellow blinking PS_ON_L high
green solid yellow solid Power supply failure OVP, OTP, fan fault
green solid off Output current out of range, SC, or OCP
green solid blinking Power supply warning (high temperature)
off blinking Power supply warning (slow fan)

DC power supply LEDs

The LEDs located on the DC power supplies indicate the operating state of the power supplies

Input LED Output/Fault LED Condition
green solid green solid Normal operation
off off DC input fail (UV or OV)
green solid off Main output off
green solid yellow solid Over temperature shutdown
green solid yellow blinking PS_ON_L high
green solid yellow solid Power supply failure OVP, OTP, fan fault
green solid off Output current out of range, SC, or OCP
green solid blinking Power supply warning (high temperature)
off blinking Power supply warning (slow fan)

Defining custom alerts

Two files on the system define alerts that could cause the LED behavior to change:
  • The /etc/alertd/alert.conf file defines standard system alerts. Do not edit this file.
  • The /config/user_alert.conf file defines custom settings. You should edit only this file.
  1. Open a command prompt on the system.
  2. Change to the /config directory.
    cd /config
  3. Using a text editor, such as vi or Pico, open the /config/user_alert.conf file.
  4. Edit the file, as needed.
    For example, add these lines to the end of the file to create a custom alert in which the front panel LEDs indicate when a node is down:
    alert BIGIP_MCPD_MCPDERR_POOL_MEMBER_MON_DOWN "Pool member (.*?):(.*?) monitor status down." 
    {
      snmptrap OID=".1.3.6.1.4.1.3375.2.4.0.10";
      lcdwarn description="Node down" priority="1"
    }
    alert BIGIP_MCPD_MCPDERR_NODE_ADDRESS_MON_DOWN "Node (.*?) monitor status down." {
      snmptrap OID=".1.3.6.1.4.1.3375.2.4.0.12";
      lcdwarn description="Node address down" priority="1"
    }
    alert BIGIP_MCPD_MCPDERR_POOL_MEMBER_MON_UP "Pool member (.*?):(.*?) monitor status up."
    {
      snmptrap OID=".1.3.6.1.4.1.3375.2.4.0.11"
    }
    alert BIGIP_MCPD_MCPDERR_NODE_ADDRESS_MON_UP "Node (.*?) monitor status up." 
    {
      snmptrap OID=".1.3.6.1.4.1.3375.2.4.0.13"
    }
  5. Save the file and exit the text editor.

About platform interfaces

Every platform includes multiple interfaces. The exact number of interfaces that are on the system depends on the platform type.

Each interface on the platform has a set of properties that you can configure, such as enabling or disabling the interface, setting the requested media type and duplex mode, and configuring flow control.

For information about optical transceivers and cable pinouts for this platform, see F5® Platforms: Accessories.

About managing interfaces

You can use the Traffic Management Shell (tmsh) or the Configuration utility to manage platform interfaces.

Viewing the status of a specific interface using tmsh

You can use tmsh to view the status of a specific interface on a platform.
  1. Open the Traffic Management Shell (tmsh).
    tmsh
  2. Change to the network module.
    net
    The system prompt updates with the module name: user@bigip01(Active)(/Common)(tmos.net)# user@bigiq01(Active)(/Common)(tmos.net)#
  3. Display the current status of a specific interface.
    show interface <interface_key>
    This is an example of the output that you might see when you run this command on a specific interface:

Viewing the status of all interfaces using tmsh

You can use tmsh to view the status of all interfaces on the platform.
  1. Open the Traffic Management Shell (tmsh).
    tmsh
  2. Change to the network module.
    net
    The system prompt updates with the module name: user@bigip01(Active)(/Common)(tmos.net)# user@bigiq01(Active)(/Common)(tmos.net)#
  3. Display the current status of all interfaces.
    show interface
    This is an example of the output that you might see when you run this command:

Viewing the status of all interfaces using the Configuration utility

You can use the Configuration utility to view the status of all interfaces on the platform.
  1. On the Main tab, click Network > Interfaces > Interface List .
    This displays the list of available interfaces.
  2. On the menu bar, click Statistics.
    The Statistics screen for all interfaces opens.

About interface media type and duplex mode

All interfaces on the system default to auto-negotiate speed and full duplex settings. We recommend that you also configure any network equipment that you plan to use with the system to auto-negotiate speed and duplex settings. If you connect the system to network devices with forced speed and duplex settings, you must force the speed and duplex settings of the system to match the settings of the other network device.

Important: If the system is attempting to auto-negotiate interface settings with an interface that has the speed and duplex settings forced (that is, auto-negotiation is disabled), you will experience severe performance degradation.

By default, the media type on interfaces is set to automatically detect speed and duplex settings, but you can specify a media type as well. Use the following syntax to set the media type:

                     
tmsh modify net interface <interface_key> media <media_type> | auto
                  

If the media type does not accept the duplex mode setting, a message appears. If media type is set to auto, or if the interface does not accept the duplex mode setting, the duplex setting is not saved to the /config/bigip_base.conf file.

Important: Auto-MDI/MDIX functionality is retained when you manually configure an interface to use specific speed and duplex settings. You can use either a straight-through cable or a crossover cable when media settings are forced, and you will be able to successfully link to either DTE or DCE devices.

Viewing valid media types for an interface

You can use tmsh to view the valid media types for an interface.
Note: This platform might not support all of the media type options that are available in tmsh.
  1. Open the Traffic Management Shell (tmsh).
    tmsh
  2. Change to the network module.
    net
    The system prompt updates with the module name: user@bigip01(Active)(/Common)(tmos.net)# user@bigiq01(Active)(/Common)(tmos.net)#
  3. Display the valid media types for a specific interface.
    list interface <interface_key> media-capabilities
    Important: In all Gigabit Ethernet modes, the only valid duplex mode is full duplex.
    This is an example of the output that you might see when you run this command on interface 2.0:

Valid media types

This table lists the valid media types for the tmsh interface command.

Note: This platform might not support all of the media type options that are available in the Traffic Management Shell (tmsh).
10BaseT half 100BaseTX full
10BaseT full 1000BaseLX full
10GBaseER full 1000BaseCX full
10GBaseLR full 1000BaseT half
10GBaseSR full 1000BaseT full
10GBaseT full 1000BaseSX full
10SFP+Cu full auto
40GBaseSR4 full none
40GBaseLR4 full no-phy
100BaseTX half  

About network interface LED behavior

The appearance and behavior of the network interface LEDs on the platform indicate network traffic activity, interface speed, and interface duplexity.

SFP/SFP+ port LED behavior

The appearance and behavior of the SFP/SFP+ port LEDs indicate network traffic activity, interface speed, and interface duplexity.

State Description
Off (not lit) No link.

About Always-On Management

The Always-On Management (AOM) subsystem enables you to manage the system remotely using the serial console or SSH, even if the host is powered down. The AOM Command Menu operates independently of the Traffic Management Operating System® (TMOS® ).

You can use the command menu to reset the unit if TMOS has locked up or get access to TMOS directly, so that you can configure it from the command-line interface.

AOM Command Menu options

The AOM Command Menu provides the AOM options for the platform. You can access the AOM Command Menu using either a serial console or SSH.

Note: The availability of menu options varies depending on the platform type.
Letter Option Description
B Set console baud rate Configures the baud speed for connecting to AOM using the serial console. Select from these options:
  • 9600
  • 19200 (default)
  • 38400
  • 57600
  • 115200
I Display platform information Displays information about the AOM firmware, bootloader, and management network configuration; chassis serial and part numbers; MAC address; power supply status; LCD status; and power status for the active console.
P Power on/off host subsystem Powers the host subsystem on or off.
R Reset host subsystem Resets the host subsystem with a hardware reset.
Important: F5® does not recommend using this option under normal circumstances. It does not allow for graceful shutdown of the system.
N Configure AOM network Runs the AOM network configuration utility. This utility enables you to reconfigure the IP address, netmask, and default gateway used by AOM. If you use this option while connected using SSH, your session will be disconnected as a part of the network configuration operation.
Note: This option is not available when you are connected using SSH.
S Configure SSH Server Sets a session idle timeout (in seconds) for the AOM SSH server. Available values are 0 (no timeout; default value), or between 30 and 86400 (one day).
A Reset AOM Resets the AOM subsystem. In this case, the system is reset with a hardware reset.
Important: F5® does not recommend using this option under normal circumstances. It does not allow for graceful shutdown of the system.
Q Quit menu and return to console Exits the AOM Command Menu and returns to terminal emulation mode.

Accessing the AOM Command Menu from the serial console

You can access the AOM Command Menu after connecting to the front panel serial console.
  1. Connect to the system using the serial console.
  2. Open the AOM Command Menu.
    Esc (

Configuring the AOM management network

You can assign a management IP address, netmask, and gateway to access AOM either manually or with DHCP.
  1. Connect to the system using the serial console.
  2. Open the AOM Command Menu.
    Esc (
  3. Type n to open the AOM management network configurator.
  4. Assign a management IP address, netmask, and gateway:
    • To use DHCP to assign the addresses, type y when prompted about using DHCP.
    • To manually assign the addresses, type n when prompted about using DHCP. At the prompts, type values for IP address (required), netmask (required), and gateway (optional).
    A confirmation message displays the configured management IP address, netmask, and gateway.
  5. Optional: Type i to verify the assigned addresses.

Accessing the AOM Command Menu using SSH

Before you access the AOM Command Menu using SSH, you must assign a management IP address, netmask, and gateway for AOM. You can assign the addresses manually or with DHCP.
You can access the AOM Command Menu remotely using SSH from a management workstation that is connected to the same subnet as the platform's management (MGMT) interface.
Note: On this platform, AOM allows only one SSH connection at a time.
  1. Open an SSH session, where <ip addr> is the IP address that you configured for AOM.
    ssh root@<ip addr>
  2. Type the root password.
  3. Open the AOM Command Menu.
    Esc (

Setting an SSH idle session timeout

You can specify a timeout value (in seconds) for idle AOM SSH sessions. You can access the AOM Command Menu using either a serial console or SSH.
  1. Connect to the system using the serial console.
  2. Open the AOM Command Menu.
    Esc (
  3. Type s to configure a timeout value for idle SSH sessions.
  4. Type a timeout value.
    The default value is 0 (no timeout). Available values are 0, or between 30 and 86400 (one day).

Disabling network configuration

You can connect to the system's serial console to disable SSH access to AOM over the network. This does not affect console access to AOM.
  1. Connect to the system using the serial console.
  2. Open the AOM Command Menu.
    Esc (
  3. Type n to open the AOM management network configurator.
  4. Type n when prompted about using DHCP.
  5. Type 0.0.0.0 at the IP address prompt.
    A confirmation message displays the configured management IP address, netmask, and gateway.
  6. Optional: Type i to verify that network configuration is disabled.
Table of Contents   |   Next Chapter >>

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)