F5 Logo MyF5
Search
  1. MyF5 Home
  2. Knowledge Centers
  3. BIG-IQ Centralized Management
  4. BIG-IQ Centralized Management: Access
  5. Network Access
Manual Chapter : Network Access

Applies To:

Show Versions Show Versions

BIG-IQ Centralized Management

  • 7.0.0, 6.1.0, 6.0.1
Manual Chapter
Table of Contents | << Previous Chapter | Next Chapter >>

Network Access

Configuring Lease Pools

What is a lease pool?

A lease pool specifies a group of IPv4 or IPv6 IP addresses as a single object. You can use a lease pool to associate that group of IP addresses with a network access resource. When you assign a lease pool to a network access resource, network access clients are automatically assigned unallocated IP addresses from the pool during the network access session.

Important: Network access with IPv6 alone is not supported. An IPv6 tunnel requires a simultaneous IPv4 tunnel, which is automatically established when you assign IPv4 and IPv6 lease pools, and set the version to IPv4&IPv6.

Create an IPv4 lease pool

Create a lease pool to provide internal network addresses for network access tunnel users.
  1. Log in to the BIG-IQ system with your user name and password.
  2. At the top of the screen, select Configuration, then on the left side of the screen, click ACCESS > Access Groups .
  3. Click the name of the Access group that interests you.
    A new screen displays the group's properties.
  4. Expand Connectivity / VPN and click Network Access > IPV4 Lease Pools .
  5. Click the Create button.
  6. In the Name field, type a name for the resource.
  7. Add IPv4 addresses to the lease pool.
    • To add a single IP address, in the Member List area, select IP Address for the type. In the IP Address field, type the IP address.
    • To add a range of IP addresses, in the Member List area, select IP Address Range for the type. In the Start IP Address field, type the first IP address, and in the End IP Address field, type the last IP address.
  8. To save your changes, click the Save & Close button at the bottom of the screen.
A lease pool is created with the IP address or IP address range you specified.
To delete an IP address or IP address range, select the IP address or IP address range in the member list, and click the Delete button.

Create an IPv6 lease pool

Create a lease pool to provide internal network addresses for network access tunnel users.
  1. Log in to the BIG-IQ system with your user name and password.
  2. At the top of the screen, select Configuration, then on the left side of the screen, click ACCESS > Access Groups .
  3. Click the name of the Access group that interests you.
    A new screen displays the group's properties.
  4. Expand Connectivity / VPN and click Network Access > IPV6 Lease Pools .
  5. Click the Create button.
  6. In the Name field, type a name for the resource.
  7. Add IPv4 addresses to the lease pool.
    • To add a single IP address, in the Member List area, select IP Address for the type. In the IP Address field, type the IP address.
    • To add a range of IP addresses, in the Member List area, select IP Address Range for the type. In the Start IP Address field, type the first IP address, and in the End IP Address field, type the last IP address.
  8. To save your changes, click the Save & Close button at the bottom of the screen.
A lease pool is created with the IP address or IP address range you specified.
To delete an IP address or IP address range, select the IP address or IP address range in the member list, and click the Delete button.

About Windows client traffic shaping

Used together, client traffic classifiers and client rate classes provide client-side traffic shaping features on Windows network access client connections. You configure a client traffic classifier, which defines source and destination IP addresses or networks, and can also specify a protocol. The client traffic classifier is then associated with a client rate class, which defines base and peak rates for traffic to which it applies, and other traffic shaping features. A client traffic classifier is assigned in a network access resource.

Important: Client traffic classifiers support IPv4 addresses only.

Configure client traffic shaping

Client rate shaping allows you to shape client-side traffic from Windows client systems, based on traffic parameters.
  1. Create a client rate class.
  2. Create a client traffic classifier.
    When you create the client traffic classifier, you select the previously created client rate class.
Together, the client rate class and client traffic classifier work to provide client-side traffic control to Windows clients to which the traffic control is applied.
Select the client traffic classifier in the Network Settings configuration of a network access resource. The client traffic classifier is then applied to Windows clients, for client-side traffic on the VPN tunnels defined by that network access resource.

Creating a client traffic classifier

You must create at least one client rate class before you create a client traffic classifier. You select client rate classes to define rules in the client traffic classifier.
Create a client traffic classifier to define traffic control rules for the virtual and physical network interfaces on a network access tunnel.
  1. Log in to the BIG-IQ system with your user name and password.
  2. At the top of the screen, select Configuration, then on the left side of the screen, click ACCESS > Access Groups .
  3. Click the name of the Access group that interests you.
    A new screen displays the group's properties.
  4. Expand Connectivity / VPN and click Network Access > Client Traffic Classifiers .
  5. Click Create.
    The New Client Traffic Classifier screen opens.
  6. In the Name box, type a name for the client traffic classifier, and click Save & Close.
    The Client Traffic Classifiers list screen opens.
  7. Click the name of the client traffic classifier you just created.
  8. Add rules for the appropriate interface.
    Rule type Description
    Rules for Virtual Network Access Interface Add a rule to this section to apply the traffic shaping control only to traffic on the virtual network access interface.
    Rules for Local Physical Interfaces Add a rule to this section to apply the traffic shaping control only to traffic on the client computer's local physical interfaces.
    Rules for Virtual Network Access and Local Physical Interfaces Add a rule to this section to apply the traffic shaping control to traffic on both the virtual Network Access interface and the client's local physical interfaces.
  9. To save your changes, click the Save & Close button at the bottom of the screen.
Table of Contents | << Previous Chapter | Next Chapter >>
Contact Support Contact Support

Have a Question?

Support and Sales >

About F5

Education

F5 Sites

Support Tasks




©2023 F5 Networks, Inc. All rights reserved.


Trademarks Policies Privacy California Privacy Do Not Sell My Personal Information