Manual Chapter : BIG-IP Getting Started guide v3.2: Setting up the Hardware

Applies To:

Show Versions Show Versions

BIG-IP versions 1.x - 4.x

  • 3.2 PTF-01, 3.2.3 PTF-01, 3.2.3, 3.2.0
Manual Chapter


2

Setting up the Hardware



Unpacking and installing the hardware

There are two basic tasks you must complete to get the BIG-IP Controller installed and set up.

  • Connect the peripheral hardware and connect the BIG-IP Controller to the network.
  • Turn the system on and run the First-Time Boot utility.
    The First-Time Boot utility is a wizard that helps you configure basic system elements such as administrative passwords, IP addresses, and host names for both the root system and for the BIG-IP web server. Once you complete the First-Time Boot utility, you can continue the configuration process either from a remote administrative workstation, or directly from the console.

    In addition to these two basic tasks, you can perform the following tasks:

  • Define additional host names for virtual servers and other devices on the network.
  • Prepare workstations for command line access to the BIG-IP Controller.

Reviewing the hardware requirements

The BIG-IP Controller comes with the hardware that you need for installation and maintenance. However, you must provide standard peripheral hardware, such as a keyboard or serial terminal.

Hardware provided with the BIG-IP Controller

When you unpack the BIG-IP Controller, you should make sure that the following components are included:

  • One power cable
  • One PC/AT-to-PS/2 keyboard adapter
  • Four rack-mounting screws
  • Two keys for the front panel lock
  • One extra fan filter
  • One BIG-IP Controller Getting Started Guide
  • One BIG-IP Controller Administrator Guide
  • One BIG-IP Controller Reference Guide

    If you purchased a hardware-based redundant system, you also received one fail-over cable to connect the two controller units together (network-based redundant systems do not require a fail-over cable). Additionally, if you purchase a US BIG-IP Controller that supports encryption, you receive the F-Secure SSH Client manual, published by Data Fellows.

Peripheral hardware that you provide

For each BIG-IP Controller in the system, you need to provide the following peripheral hardware:

  • You need standard input/output hardware for direct administrative access to the BIG-IP Controller. Either of the following options is acceptable:
  • You also need network hubs, switches, or concentrators to connect to the BIG-IP Controller network interfaces. The devices you select must be compatible with the network interface cards installed in the BIG-IP Controller. The devices can support 10/100 Ethernet, Gigabit Ethernet, or FDDI/CDDI (including multiple FDDI and full duplex).
    • For Ethernet, you need either a 10Mb/sec or 100 Mb/sec hub or switch
    • For FDDI/CDDI, a concentrator or a switch is optional

      If you plan on doing remote administration from your own PC workstation as most users do, we recommend that you have your workstation already in place. Keep in mind that the First-Time Boot utility prompts you to enter your workstation's IP address when you set up remote administrative access.

Familiarizing yourself with the BIG-IP Controller hardware

The BIG-IP Controller is offered in two hardware configurations. The LB and HA versions of the BIG-IP Controller ship in the 4U hardware configuration. The HA+ version of the BIG-IP Controller ships in a 2U hardware configuration. Before you begin to install the BIG-IP Controller, you may want to quickly review the following figures that illustrate the controls and ports on both the front and the back of a 4U BIG-IP Controller and a 2U BIG-IP Controller.

Using the BIG-IP Controller 4U hardware configuration

This section describes the front and back layout of a 4U BIG-IP Controller. If you have a special hardware configuration, such as those that include more than two interface cards, the ports on the back of your unit will differ slightly from those shown below.

Note: The ports on the back of every BIG-IP Controller are individually labeled.

Figure 2.1 Front view of a 4U BIG-IP Controller

1. Fan filter 2. Keyboard lock 3. Reset button 4. Keyboard lock LED 5. Hard disk drive LED 6. Power LED 7. On/off button 8. 3.5 floppy disk drive 9. CD-ROM drive

Figure 2.1 illustrates the front of a 4U BIG-IP Controller with the access panel open. On the front of the unit, you can turn the unit off and on, or you can reset the unit. You can also view the indicator lights for hard disk access and for the keyboard lock.

Figure 2.2, the following figure, illustrates the back of a 4U BIG-IP Controller. Note that all ports are labeled, even those which are not intended to be used with the BIG-IP Controller. Ports marked with an asterisk (*) in the list following are not used by the BIG-IP Controller, and do not need to be connected to any peripheral hardware.

Figure 2.2 Back view of a 4U BIG-IP Controller

1. Fan 2. Power in 3. Voltage selector 4. Mouse port* 5. Keyboard port 6. Universal serial bus ports* 7. Serial terminal port 8. Printer port* 9. Fail-over port 10. Video (VGA) port 11. Internal interface (RJ-45) 12. External interface (RJ-45) 13. Interface indicator LEDs 14. Watchdog card*

*Not to be connected to any peripheral hardware.

Using the BIG-IP Controller 2U hardware configuration

This section describes the front and back layout of a 2U BIG-IP Controller. If you have a special hardware configuration, such as those that include more than two interface cards, the ports on the back of your unit will differ slightly from those shown below.

Note: The ports on the back of every BIG-IP Controller are individually labeled, so it should be clear what each port is, no matter which hardware configuration you have purchased.

Figure 2.3 Front view of a 2U BIG-IP Controller

1. Fan filter 2. Keyboard lock 3. Reset button 4. Keyboard lock LED 5. Hard disk drive LED 6. Power LED 7. On/off button 8. Flash or PC card 9. CD-ROM drive

Figure 2.3 illustrates the front of a 2U BIG-IP Controller with the access panel open. On the front of the unit, you can turn the unit off and on, or you can reset the unit. You can also view the indicator lights for hard disk access and for the keyboard lock.

Figure 2.4, the following figure, illustrates the back of a 2U BIG-IP Controller. Note that all ports are labeled, even those which are not intended to be used with the BIG-IP Controller. Ports marked with an asterisk (*) in the list following are not used by the BIG-IP Controller, and do not need to be connected to any peripheral hardware.

Figure 2.4 Back view of a 2U BIG-IP Controller

1. Fan 2. Power in 3. Power out 4. Mouse port* 5. Keyboard port 6. Universal serial bus ports* 7. Serial terminal port 8. Printer port* 9. Fail-over port 10. Video (VGA) port 11. Internal interface (RJ-45) 12. External interface (RJ-45)

 

*Not to be connected to any peripheral hardware.

Environmental requirements

General guidelines

A BIG-IP Controller is an industrial network appliance, designed to be mounted in a standard 19-inch rack. To ensure safe installation and operation of the unit:

  • Install the rack according to the manufacturer's instructions, and check the rack for stability before placing equipment in it.
  • Build and position the rack so that once you install the BIG-IP Controller, the power supply and the vents on both the front and back of the unit remain unobstructed. The BIG-IP Controller must have adequate ventilation around the unit at all times.
  • Do not allow the air temperature in the room to exceed 40° C.
  • Do not plug the unit into a branch circuit shared by more electronic equipment than the circuit is designed to manage safely at one time.
  • Verify that the voltage selector is set appropriately before connecting the power cable to the unit.

Guidelines for DC powered equipment

A DC powered installation must meet the following requirements:

  • Install the unit using a 20 Amp external branch circuit protection device.
  • For permanently connected equipment, incorporate a readily accessible disconnect in the fixed wiring.
  • Use only copper conductors.

Installing and connecting the hardware

There are six basic steps to installing the hardware. You simply need to install the controller in the rack, connect the peripheral hardware and the external and internal interfaces, and then connect the fail-over and power cables. If you have a unit with three or more network interface cards (NICs), be sure to review step 3.

Warning: Do not turn on a BIG-IP Controller until all peripheral hardware is connected to the unit.

To install the hardware

  1. Insert the BIG-IP Controller in the rack and secure it using the four rack-mounting screws that are provided.
  2. Connect the hardware that you have chosen to use for input/output:
  3. · If you are using a VGA monitor and keyboard, connect the monitor connector cable to the video port (number 10 in Figure 2.2 for 4U, or in Figure 2.4 for 2U) and the keyboard connector cable to the keyboard port (number 5 in Figure 2.2 for 4U, or in Figure 2.4 for 2U). Note that a PC/AT-to-PS/2 keyboard adapter is included with each BIG-IP Controller (see the component list on page 2-1).

    · Optionally, if you are using a serial terminal as the console, connect the serial cable to the terminal serial port (number 7 in Figure 2.2 for 4U, or in Figure 2.4 for 2U). Also, you should not connect a keyboard to the BIG-IP Controller. If there is no keyboard connected to the BIG-IP Controller when it is started or rebooted, the BIG-IP Controller defaults to using the serial port as the console.

  4. Connect the external interface (number 12 in Figure 2.2 for 4U, or in Figure 2.4 for 2U) to the network from which the BIG-IP Controller receives connection requests.
  5. · If you have purchased a unit with three or more network interface cards (NICs), be sure to note or write down how you connect the cables to the internal and external interfaces. When you run the First-Time Boot utility, it automatically detects the number of interfaces that are installed and prompts you to configure more external interfaces, if you want. It is important to select the correct external interface based on the way you have connected the cables to the back of the unit.

  6. Connect the internal interface (number 11 in Figure 2.2 for 4U, or in Figure 2.4 for 2U) to the network that houses the array of servers, routers, or firewalls that the BIG-IP Controller load balances.
  7. If you have a hardware-based redundant system, connect the fail-over cable to the terminal serial port on each unit (number 7 in Figure 2.2 for 4U, or number 7 in Figure 2.4 for 2U).
  8. Connect the power cable to the BIG-IP Controller (number 2 in Figure 2.2 for 4U, or Figure 2.4 for 2U), and then connect it to the power source.

Warning: Before connecting the power cable to a power supply, customers outside the United States should make sure that the voltage selector is set appropriately. This check is necessary only if the controller has an external voltage selector.

To configure a serial terminal in addition to the console

If you want to configure a serial terminal for the BIG-IP Controller in addition to the standard console, you need to follow the configuration steps below. Note that if you are using a serial vt100 connection, you must edit the /etc/ttys file on the BIG-IP Controller.

Note: Before you configure the serial terminal, you must disconnect the keyboard from the BIG-IP Controller. When there is no keyboard connected to the BIG-IP Controller, the BIG-IP Controller defaults to using the serial port for the console.

You must attach a serial device to the serial port before the BIG-IP Controller is booted in order for the controller to use the serial port as the console.

  1. Configure the serial terminal settings as follows:
  2. - 9600 baud

    - 8 bits

    - 1 stop bit

    - No parity

  3. Open the /etc/ttys file and find the line that reads tty00 off. Modify it as shown here:

  4. # PC COM ports (tty00 is DOS COM1) tty00 "/usr/libexec/getty default" vt100 in secure tty01 off
  5. Save the /etc/ttys file and close it.
  6. Reboot the BIG-IP Controller.

Running the First-Time Boot utility

The First-Time Boot utility is a wizard that walks you through a brief series of required configuration tasks, such as defining a root password, and configuring IP addresses for the interfaces. Once you complete the First-Time Boot utility, you can connect to the BIG-IP Controller from a remote workstation and begin configuring your load balancing set up.

The First-Time Boot utility is organized into three phases: configure, confirm, and commit. Each phase guides you through a series of screens, presenting the information in the following order:

  • Root password
  • Host name
  • Default route (typically a router's IP address)
  • Time zone
  • DNS forwarding proxy
  • Interface settings for each network interface
  • Configuration for BIG-IP Controller redundant systems (fail-over IP address)
  • IP address for remote administration
  • Settings for the web server on the BIG-IP Controller

    First, you configure all of the required information. Then you have the opportunity to confirm each individual setting or correct it if necessary. Then your confirmed settings are committed and saved to the system. Note that the screens you see are tailored to the specific hardware and software configuration that you have. If you have a stand-alone system, for example, the First-Time Boot utility skips the redundant system screens.

Gathering the information

Before you run the First-Time Boot utility on a specific BIG-IP Controller, you should have the following information ready to enter:

  • Passwords for the root system and for the BIG-IP web server
  • Host names for the root system and for the BIG-IP web server
  • A default route (typically a router's IP address)
  • Settings for the network interfaces, including IP addresses, media type, and optionally a custom netmask and broadcast addresses
  • Configuration information for redundant systems, including an IP alias for the shared address, and the IP address of the corresponding unit
  • The IP address or IP address range for remote administrative connections

Starting the First-Time Boot utility

The First-Time Boot utility starts automatically when you turn on the BIG-IP Controller. The power switch is located on the front of the BIG-IP Controller (as shown in Figures 2.1 and 2.3, number 7). The first screen the BIG-IP Controller displays is the License Agreement screen. You must scroll through the screen, read it, and accept the agreement before you can move to the next screen. If you agree to the license statement, the next screen you see is the Welcome screen. From this screen, simply press any key on the keyboard, and then follow the instructions on the subsequent screens to complete the process.

Note: You can re-run the First-Time Boot utility after you run it for initial configuration. To re-run the First-Time Boot utility, type config on the command line.

Defining a root password

A root password allows you administrative access to the BIG-IP Controller system. The password must contain a minimum of 6 characters, but no more than 32 characters. Passwords are case-sensitive, and we recommend that your password contain a combination of upper- and lower-case characters, as well as numbers and punctuation characters. Once you enter a password, the First-Time Boot utility prompts you to confirm your root password by typing it again. If the two passwords match, your password is immediately saved. If the two passwords do not match, the First-Time Boot utility provides an error message and prompts you to re-enter your password.

Warning: The root password is the only setting that is saved immediately, rather than confirmed and committed at the end of the First-Time Boot utility process. You cannot change the root password until the First-Time Boot utility completes and you reboot the BIG-IP Controller (see the BIG-IP Controller Administration Guide, Monitoring and Administration). Note that you can change other system settings when the First-Time Boot utility prompts you to confirm your configuration settings.

Defining a host name

The host name identifies the BIG-IP Controller itself. Host names must start with a letter, and must be at least two characters. They may contain numbers, letters, and the symbol for dash ( - ), if you like. There are no additional restrictions on host names, other than those imposed by your own network requirements.

Configuring a default route

If a BIG-IP Controller does not have a predefined route for network traffic, the controller automatically sends traffic to the IP address that you define as the default route. Typically, a default route is set to a router's IP address.

Configuring a time zone

Next, you need to specify your time zone. This ensures that the clock for the BIG-IP Controller is set correctly, and that dates and times recorded in log files correspond to the time zone of the system administrator. Scroll through the list to find the time zone at your location. Note that one option may appear with multiple names. Select the time zone you want to use, and press the Enter key to continue.

Configuring the DNS forwarding proxy settings

Next, specify the DNS name server and domain name for DNS proxy forwarding by the BIG-IP Controller.

Configuring the interfaces

On the Configure BIG-IP Interfaces screen, select Yes if you have a redundant system.

Selecting a unit ID

If you are configuring a redundant system, you are also prompted to provide a unit ID and the IP address for fail-over for the BIG-IP Controller. The default unit ID number is 1. If this is the first controller in the redundant system, use the default. When you configure the second controller in the system, type 2. These unit IDs are used for active-active redundant controller configuration.

Choosing a fail-over IP address

If you are configuring a redundant system, after you type in a unit number, you are prompted to provide an IP address for fail-over. Type in the IP address configured on the internal interface of the other BIG-IP Controller.

Configuring internal and external interfaces

We recommend that you configure at least one external interface, and at least one internal interface on each controller. The external interface is the one on which the BIG-IP Controller receives connection requests. The internal interface is the one that is connected to the network of servers, firewalls, or other equipment that the BIG-IP Controller load balances. The utility prompts you for each interface, and asks you to provide the IP address, netmask, broadcast address, and the interface media type. With this release of the BIG-IP Controller, the concept of interfaces as internal and external is changing. You can now choose each attribute you want to assign to an interface. In effect, this means that you can configure one interface with the properties of both an internal and external interface. Table 2.1 describes the attributes that determine the way an interface handles connections.

Attributes of internal and external interfaces

Interface type Attributes
Internal Process source addresses
Administrative ports open
External Process destination addresses
Administrative ports locked

Note: After you complete the First-Time Boot utility, you can change the individual attributes of an interface. For information about changing interface attributes, see the BIG-IP Controller Administrator Guide, Working with Special Features.

If you have a redundant system, you are prompted to provide the IP address that serves as an alias for both BIG-IP Controllers. The IP alias is shared between the units, and is used by active controllers. Each unit also uses unique internal and external IP addresses. The First-Time Boot utility guides you through configuring the interfaces, based on your hardware configuration.

You should set the internal alias as the default route for the node servers. Note that for each IP address or alias that you assign to an interface, you have the option of assigning a custom netmask and broadcast address as well.

Configuring an interface for the external network

The Select Interfaces screen shows a list of the installed interfaces. Select the one you want to use for the external network, and press the Enter key.

Note: The IP address of the external network interface is not the IP address of your site or sites. The IP addresses of the sites themselves are specified by the virtual IP addresses associated with each virtual server you configure.

Warning: The configuration utility lists only the network interface devices that it detects during boot up. If the utility lists only one interface device, the network adapter may have come loose during shipping. Check the LED indicators on the network adapters to ensure that they are working or are connected.

Once you select the interface, the utility prompts you for the following information, in many cases offering you a default:

  • IP address
  • Netmask
    Note that the BIG-IP Controller uses a default netmask appropriate to the subnetwork indicated by the IP address.
  • Broadcast address
    The default broadcast address is a combination of the IP address and the netmask.
  • Shared IP alias (redundant systems only)
    The external IP alias associated with each unit's external interface
  • Shared IP alias netmask (redundant systems only)
  • Shared IP alias broadcast address (redundant systems only)
  • Media type for Interface
    The media type options depend on the network interface card included in your hardware configuration. The BIG-IP Controller supports the following types:
    • auto
    • 10baseT
    • 10baseT,FDX
    • 100baseTX
    • 100baseTX,FDX
    • FDDI
    • Gigabit Ethernet

      If you are configuring a BIG-IP Controller that has more than two network interface cards installed, the First-Time Boot utility prompts you to configure more external interfaces. When you complete the configuration of an interface, you return to the Interface Configuration screen and repeat the steps described above.

Tip: We recommend that you configure at least one internal interface.

Configuring an interface for the internal network

When you configure the interface that connects the BIG-IP Controller to the internal network (the servers and other network devices that sit behind the BIG-IP Controller), the First-Time Boot utility prompts you for the following information:

  • IP address
  • Netmask
    Note that the BIG-IP Controller uses a default netmask appropriate to the subnetwork indicated by the IP address.
  • Broadcast address
    The default broadcast address is a combination of the IP address and the netmask.
  • Shared IP alias (redundant systems only)
    An IP alias associated with each unit's internal interface
  • Shared IP alias netmask (redundant systems only)
  • Shared IP alias broadcast address (redundant systems only)
  • Media type for Interface
    The media type options depend on the network interface card included in your hardware configuration. The BIG-IP Controller supports the following types:
    • auto
    • 10baseT
    • 10baseT,FDX
    • 100baseTX
    • 100baseTX,FDX
    • FDDI
    • Gigabit Ethernet

Note: You should set the default route of each network device behind the BIG-IP redundant system to the internal IP alias of the BIG-IP Controllers. This guarantees that the network devices always communicate with an active BIG-IP Controller in the redundant system.

If you configure more than one internal interface on a redundant system, the First-Time Boot utility prompts you to choose one as the primary internal interface. The interface you choose as the primary internal interface is used for exchanging network based fail-over and state fail-over information with the other controller in a redundant system.

Configuring remote administration

The screens that you see for configuring remote administration vary, depending on whether you have a US BIG-IP Controller, or an international BIG-IP Controller. On a US BIG-IP Controller, the first screen you see is the Configure SSH screen, which prompts you to type an IP address for SSH command line access. On international and BIG-IP LB Controllers that do not have SSH, the First-Time Boot utility skips this screen. Instead, you are prompted to configure access through Telnet and FTP.

When you configure shell access method, such as SSH, Telnet, or FTP, the First-Time Boot utility prompts you to create a support account for that method. You can use this support account to provide access to the BIG-IP Controller by an F5 Networks support engineer.

When the First-Time Boot utility prompts you to enter an IP address for administration, you can type a single IP address or a range of IP addresses, from which the BIG-IP Controller will accept administrative connections (either remote shell connections, or connections to the BIG-IP web server). To specify a range of IP addresses, you can use the asterisk (*) as a wildcard character in the IP addresses.

The following example allows remote administration from all hosts on the 192.168.2 network:

 192.168.2.* 

Tip: In order to use the configuration synchronization feature for redundant units you must configure the BIG-IP Controller for command line access.

Note: For administration purposes, you can connect to the BIG-IP Controller IP alias, which always connects you to an active controller. To connect to a specific controller, simply connect directly to the IP address of that BIG-IP Controller.

Configuring settings for the BIG-IP web server

The BIG-IP web server requires you to define a fully qualified domain name (FQDN) for the server on each interface. The BIG-IP web server configuration also requires that you define a user ID and password. On US products, the configuration also generates authentication certificates.

The First-Time Boot utility guides you through a series of screens to set up web server access.

  • The first screen prompts you to select the interface you want to configure for web access. After you select an interface to configure, the utility prompts you to type a fully qualified domain name (FQDN) for the interface. You can configure web access on one or more interfaces.
  • After you configure the interface, the utility prompts you for a user name and password. After you type a user name and password, the utility prompts you for a vendor support account. The vendor support account is not required.
  • The certification screen prompts you for country, state, city, company, and division.
  • Once you have completed this screen, the First-Time Boot utility moves into the confirmation phase.

    Note that if you ever change the IP addresses or host names on the BIG-IP Controller interfaces, you must reconfigure the BIG-IP web server to reflect your new settings. You can run the re-configuration utility from the command line using the following command:

     reconfig-httpd 

    You can also add users to the existing password file, change a password for an existing user, or recreate the password file, without actually going through the BIG-IP web server configuration process. For more information, see the BIG-IP Controller Reference Guide, BIG-IP Controller Configuration Utilities.

Warning: If you have modified the BIG-IP web server configuration outside of the configuration utility, be aware that some changes may be lost when you run the reconfig-httpd utility. This utility overwrites the httpd.conf file, and several other files, but it does warn you before doing so.

Confirming your configuration settings

At this point, you have entered all the configuration information, and now you simply have to confirm each setting. Each confirmation screen displays a setting, and prompts you to accept or re-enter it. If you choose to edit it, the utility displays the original configuration screen in which you defined the setting the first time. When you finish editing the item, you return directly to the Confirmation screen for that item, and continue the confirmation process. Note that once you accept a setting in the Confirmation screen, you do not have another opportunity to review it.

You confirm or edit the settings in the same order that you configured them:

  • Confirm Host name
  • Confirm Default route
  • Confirm time zone
  • Confirm all interface settings
  • Confirm fail-over IP address, if necessary
  • Confirm administrative IP address
  • Confirm web server options

    Once you have confirmed the last setting, the First-Time Boot utility moves directly into the commit phase, where you are not able to make any changes.

Committing your configuration settings to the system

Once you confirm all of the configuration settings, the configuration utility saves the configuration settings. During this commit process, the First-Time Boot utility creates the following files and configuration database records:

  • An /etc/hosts.allow file
    This file stores the IP address, or IP address range, from which the BIG-IP Controller accepts administrative connections.
  • Interface entries in BIG/db
  • An /etc/bigip.conf file
  • An /etc/netstart file
  • An /etc/hosts file
  • An /etc/ethers file
  • A /var/f5/httpd/conf/httpd.conf file
  • An /etc/sshd_config file

    If you want to change any information in these files at a later time, you can edit the files directly, you can change the information in the web-based Configuration utility, or for certain settings, you can change them using command line utilities. If necessary, you can also re-run the First-Time Boot utility.

Defining additional host names

Once you complete the First-Time Boot utility, you may want to insert additional host names and IP addresses for network devices into the /etc/hosts file to allow for more user-friendly system administration. In particular, you may want to create host names for the IP addresses that you will assign to virtual servers. You may also want to define host names for standard devices such as your routers, network interface cards, and the servers or other equipment that you are load balancing.

The /etc/hosts file, as created by the First-Time Boot utility, is similar to the example, shown in Figure 2.5.

Figure 2.5 The /etc/hosts file created by the First-Time Boot utility

 # localhost entry 
127.1 localhost

# default gateway entry
11.11.11.10 router


# Local name
11.11.11.2 bigip controller name

#
# Physical Interfaces Tue Oct 19 18:14:44 1999
#

# ext interface
11.11.11.2 exp0

# int interface
11.12.11.2 exp1

#
# VIPS and NODES ( add below - do not delete this line )
#

This sample hosts file lists the IP addresses for the default router, the internal network interface, and the external network interface, and it contains place holders for both the virtual servers and the content servers that the BIG-IP Controller will manage.

Warning If you have modified the /etc/hosts file with something other than the First-Time Boot utility, such as vi or pico, be aware that your changes may be lost when you run the First-Time Boot utility (config). This utility overwrites the /etc/hosts file, and several other files, but it does warn you before doing so.

Preparing workstations for command line access

You may want to configure a workstation for command line access to the BIG-IP Controller. You can use a workstation configured for command line access to configure the BIG-IP Controller remotely.

The type of system you have determines the options you have for remote command line administration:

  • BIG-IP Controllers distributed in the US support secure shell command line access using the F-Secure SSH client.
  • BIG-IP Controllers distributed outside the US support command line access using a standard Telnet shell.

    If you are working in the US with a BIG-IP Controller, you probably want to install the F-Secure SSH client on your workstation. The BIG-IP Controller includes a version of the F-Secure SSH client for each of the following platforms: Windows, UNIX, and Macintosh. You can download the F-Secure client using your web browser, or you can download the client using an FTP server on the administrative workstation.

    Note that the F-Secure license agreement allows you to download two copies of the F-Secure SSH client. If you require additional licenses, you need to contact Data Fellows. For information about contacting Data Fellows, as well as information about working with the SSH client, refer to the F-Secure manual included with your BIG-IP Controller.

Note You can also use the F-Secure SSH suite for file transfer to and from the BIG-IP Controller, as well as for remote backups. An F-Secure SSH client is pre-installed on the BIG-IP Controller to assist with file transfer activities. Please refer to the F-Secure User's Manual for more information.

Downloading the F-Secure SSH client from the BIG-IP web server

The F-Secure SSH client is available in the Downloads section of the BIG-IP web server. For US products, you connect to the BIG-IP web server via SSL on port 443 (use https:// rather than http:// in the URL). Once you connect to the BIG-IP web server, click the Downloads link. From the Downloads page, you can select the SSH Client.

Downloading the F-Secure SSH client using FTP

The BIG-IP Controller has an FTP client installed, which allows you to transfer the F-Secure SSH Client using FTP (note that your destination workstation must also have an FTP server installed). After you transfer the installation file, you simply decompress the file and run the F-Secure installation program.

Note: You can allow FTP and Telnet access to the BIG-IP Controller by running the config_ftpd script from the command line. Use this script to allow specific clients FTP or Telnet access to the BIG-IP Controller. However, this method is not recommended. For more information about this script, refer to the BIG-IP Controller Reference Guide.

You can initiate the FTP transfer from the BIG-IP Controller using the attached monitor and keyboard.

To transfer the SSH client using FTP

  1. Locate the SSH client that is appropriate for the operating system that runs on the administrative workstation:
  2. · Change directories to the /usr/contrib/fsecure directory where the F-secure SSH clients are stored.

    · List the directory, noting the file name that corresponds to the operating system of your administration workstation.

  3. Start FTP:
    ftp
  4. Open a connection to the remote workstation using the following command, where IP address is the IP address of the remote workstation itself:
     open <IP address> 
  5. Once you connect to the administrative workstation, the FTP server on the administrative workstation prompts you for a password.

  6. Enter the appropriate user name and password to complete the connection.
  7. Switch to passive FTP mode:
     passive 
  8. Switch the transfer mode to binary:
     bin 
  9. Go to the directory on the administrative workstation where you want to install the F-Secure SSH client.
  10. Start the transfer process using the following command, where filename is the name of the F-Secure file that is specific to the operating system running on the administrative workstation:
     put <filename> 
  11. Once the transfer is done, type the following command:
     quit 

Setting up the F-Secure SSH client on a Windows 95 or Windows NT workstation

The F-Secure SSH client installation file for Windows platforms is compressed in ZIP format. You can use standard ZIP tools, such as PKZip or WinZip to extract the file.

To unzip and install the SSH client

  1. Log on to the Windows workstation.
  2. Go to the directory to which you transferred the F-Secure installation file. Run PKZip or WinZip to extract the files.
  3. The set of files extracted includes a Setup program. Run the Setup program to install the client.
  4. Start the F-Secure SSH client.
  5. In the SSH Client window, from the Edit menu choose Properties.
    The Properties dialog box opens.
  6. In the Connection tab, in the Remote Host section, type the following items:
  7. · In the Host Name box, type the BIG-IP Controller IP address or host name.

    · In the User Name box, type the root user name.

  8. In the Options section, check Compression and set the Cipher option to Blowfish.
  9. Click the OK button.

Setting up the F-Secure SSH client on a UNIX workstation

The F-Secure installation file for UNIX platforms is compressed in TAR/Gzip format.

To untar and install the SSH client

  1. Log on to the workstation and go to the directory into which you transferred the F-Secure SSH client tar file.
  2. Untar the file and follow the instructions in the install file to build the F-Secure SSH client for your workstation.
  3. Start the SSH client.
  4. Open a connection to the BIG-IP Controller:
     ssh -l root [BIG-IP IP address] 
  5. Type the root password and press the Enter key.