This table lists the available system settings
in the system controller and chassis partition webUIs:
System controller webUI
Chassis partition webUI
Alarms and Events
Alarms and Events
Controller Management
Cluster Details
System Inventory
High Availability
Log Settings
Log Settings
File Utilities
File Utilities
Time Settings
SNMP Configuration
SNMP Configuration
Certificate Management
Certificate Management
Configuration Backup
Configuration Backup
General
Licensing
Software Install Status
General
System alarms and events overview
You can view active system alarms and events in the
system controller
webUI and CLI.
Display system alarms and events from the webUI
The Alarms & Events screen is available in both the system controller and chassis partition webUIs. This screen lists the alert information for all performance and network indicators that have currently crossed a performance or health threshold. Use this screen to identify the specific object that is affected.
Log in to the VELOS system controller webUI or the chassis partition webUI using an account with admin access.
On the left, click
SYSTEM SETTINGS
Alarm & Events
.
Choose from one of these actions:
To refresh the alarms or events list, click the
Refresh
icon on the right of the screen.
To display events result by time preference, click the down arrow next to
Refresh
icon, select a value from the list. The default value is one hour. For example, select five minutes to display any event that occurred in the last five minutes.
To display events by severity, select a value from the
Severity
list. The default value is WARNING.
Option
Description
Emergency
Emergency system panic messages
Alert
Serious errors that require administrator intervention
Critical
Critical errors, including hardware and file system failures
Error
Non-critical, but possibly important, error messages
Warning
Warning messages that should be logged and reviewed
Notice
Messages that contain useful information, but might be ignored
Informational
Messages that contain useful information, but might be ignored
Debug
Detailed messages used for troubleshooting
View active system alarm conditions from the CLI
You can view information about
active system alarm conditions from the system controller CLI.
Connect using SSH to the system
controller floating management IP address.
Log in to the command line interface
(CLI) of the system controller using an account with admin
access.
When you log in to the system,
you are in user (operational) mode.
View a list of active system alarm
conditions.
show system alarms |
tab
This example shows a power supply
unit (PSU) redundancy fault:
syscon-1-active# show system alarms
ID RESOURCE SEVERITY TEXT TIME CREATED
–––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––-
65796 psu-controller WARNING PSU redundancy fault detected 2021-07-01-11:11:11.992270499 UTC
65793 psu-2 ERROR PSU fault detected 2021-07-01-11:11:11.999825828 UTC
High Availability (HA) configuration overview
You can configure system controller high availability (HA)
from Controller Management screen on the system controller webUI. The system controllers work together as a
redundant pair. The default mode for system controller HA is Auto, which
automatically selects the system controller that is best suited at the time as
the active controller and fails over only as needed.
The High Availability screen on the chassis partition webUI includes options
for configuring chassis partition HA. High availability is already implemented for
chassis partitions on the
VELOS
system.
Configure high availability for the system controllers
from the webUI
You should not need to change system
controller high availability (HA) to something other than the default
configuration (Auto), but you can opt to change the configuration or initiate
a failover from the active controller to the standby from the system
controller webUI.
Log in to the VELOS system controller webUI using an account with admin access.
On the left, click
SYSTEM SETTINGS
Controller Management
.
For the
Preferred Node
field, select
System
Controller 1
or
System Controller 2
to act as an active system controller, or choose
Auto
(recommended).
Changing the Preferred Node
configuration creates a failover event and ends the session if you
select the system controller that is currently acting as the
standby. Wait 30 seconds and then start a new session with either
the floating IP address or the active system controller IP address
after the change has completed.
Hardware health conditions of
the system controllers always take precedence. If one of the system
controllers is not healthy, the chassis partition will ignore the
preference and synchronize with the healthy system controller.
To force a failover to occur
immediately, click
Failover
.
The
Failover
button
is available only when
Preferred Node
field is set to
Auto
.
You would do this only if
you want the current standby system controller to become the active
system controller.
Configure high availability for chassis partitions from the webUI
You should not need to change chassis partition to something other than the default configuration (Auto), but you can opt to change it or initiate a failover from the active chassis partition to the standby from the chassis partition webUI.
Log in to the VELOS chassis partition webUI using an account with admin access.
On the left, click
SYSTEM SETTINGS
High Availability
.
For
Preferred Node
, select the system controller to run the active instance of the chassis partition, or choose
Auto
to let the system decide.
Using
Auto
is strongly recommended.
Hardware health conditions of the system controllers always take precedence. If one of the system controllers is not healthy, the chassis partition will ignore the preference and synchronize with the healthy system controller.
If you select a preferred node other than auto, the preference is ignored unless you enable
Auto Failback
.
If you really want to indicate a preference and have selected one of the system controllers (not auto):
Set
Auto Failback
to
Enabled
.
In the
Failback Delay
field, type the number of seconds to delay before initiating the failback.
To force a failover to occur immediately, for
Force Failover
, click
Failover
.
You would only do this only if you want the current standby system controller to become the active system controller.
System inventory overview
The System Inventory screen on the system controller webUI enables you to
see an inventory of all components on the
VELOS
system, including the system controllers, blades, power supply units (PSU), PSU
controller, fan tray, and LCD. The inventory includes the component name, status, part
number, and serial number.
Display system inventory report from the webUI
You can display an inventory of all of the system components on the
VELOS
system, including the system controllers, blades, power supply units (PSU), PSU controller, fan tray, and LCD from the system controller webUI. The inventory includes the component name, status, part number, and serial number.
Log in to the VELOS system controller webUI using an account with admin access.
On the left, click
SYSTEM SETTINGS
System Inventory
.
The system inventory displays, and you can review the information about the components on the
VELOS
system. An example is shown here.
Example of system inventory
Log and report configuration overview
The
system controller and chassis partition webUIs include
options for configuring remote log servers and the log severity level
for individual software components and services.
The
webUIs
enable you to generate a system report, or
QKView file, to collect configuration and diagnostic information from the
VELOS
system if you have any concerns
about your system operation. The QKView file contains machine-readable (JSON)
diagnostic data and combines the data into a single compressed tar.gz format
file. You can upload the QKView file to F5 iHealth where you can get
help to verify proper operation of the system and get help with
troubleshooting and understanding any issues you might be having and ensure
that the system is operating at its maximum efficiency.
Configure log settings from the webUI
You can add and display information about configured remote log servers from either the system controller or chassis partition webUIs. You can also change the log severity level for individual software components and services.
Log in to the VELOS system controller webUI or the chassis partition webUI using an account with admin access.
On the left, click
SYSTEM SETTINGS
Log Settings
.
To add access to a
Remote Log Server
, click
Add
.
In the
Server
field, type the IPv4 address, IPv6 address, or fully qualified domain name (FQDN) of the remote server.
In the
Port
field, type the port number of the remote server.
The default port value is 514.
For
Protocol
, select
UDP
or
TCP
to choose between TCP or UDP input.
From the
Facility
list, select
LOCAL0
.
F5OS supports only the LOCAL0 logging facility. All logs are directed to this facility, and it is the only one that you can use for remote logging.
From the
Severity
list, select the severity level of the messages to log.
Option
Description
Emergency
Emergency system panic messages
Alert
Serious errors that require administrator intervention
Critical
Critical errors, including hardware and file system failures
Error
Non-critical, but possibly important, error messages
Warning
Warning messages that should be logged and reviewed
Notice
Messages that contain useful information, but might be ignored
Informational
Messages that contain useful information, but might be ignored
Debug
Detailed messages used for troubleshooting
Click
Save & Close
.
On the Log Settings screen, review the software component log levels for individual software components and adjust them as needed. Click
Save
if you made changes.
The log levels determine at what level events (and all higher levels) are logged for each service.
Informational
is the default so all except debug-level events are logged.
To delete a remote log server, select the server and click
Delete
.
View event logs from the CLI
The system logs events to the
velos.log
file located in the
/var/log_controller
directory. To list files and view
the contents of log files, you use the
file
command from
either the system controller or chassis partition CLI.
Connect using SSH to the system
controller floating management IP address or chassis partition
management IP address.
Log in to the command line interface
(CLI) of the system controller or chassis partition using an account
with admin access.
When you log in to the system,
you are in user (operational) mode.
List all files in the log
directory.
file list path [ log/confd/ |
log/controller/ | log/host/ }
This example shows an excerpt of the
contents of the
log/controller/
directory:
syscon-1-active# file list path log/controller/
entries {
name afu-cookie
date Wed Jun 15 19:52:37 UTC 2022
size 33B
}
entries {
name cc-confd
date Wed Jun 15 20:25:49 UTC 2022
size 581KB
}
entries {
name cc-confd-hal
date Wed Jun 15 19:52:10 UTC 2022
size 0B
}
...
Show the contents of a log file.
file show [
log/confd/<
filename
> |
log/controller/<
filename
> |
log/host/<
filename
>
]
This example shows the contents of
the
log/controller/velos.log
file and uses the
more
option to paginate the
output:
syscon-1-active# file show log/controller/velos.log | more
2022-04-21T08:18:28-07:00 localhost.localdomain notice boot_marker: ---===[ BOOT-MARKER ]===---
2022-04-21T08:19:39-07:00 controller-1.chassis.local notice boot_marker: ---===[ BOOT-MARKER ]===---
2022-04-21T15:27:39.925830+00:00 controller-1 alert-service[8]: priority="Notice" version=1.0 msgid=0x2201000000000001 msg="Alert Service Starting..." version="3.10.2" date="Fri Apr 8 09:42:10 2022".
2022-04-21T15:27:39.926245+00:00 controller-1 alert-service[8]: priority="Info" version=1.0 msgid=0x6602000000000005 msg="DB is not ready".
2022-04-21T15:27:39.926264+00:00 controller-1 snmp-trapd[9]: priority="Notice" version=1.0 msgid=0x2101000000000007 msg="SNMP Trap Service Starting..." version="3.2.3" date="Fri Apr 8 09:43:28 2022".
2022-04-21T15:27:39.926274+00:00 controller-1 alert-service[8]: priority="Info" version=1.0 msgid=0x6602000000000005 msg="DB is not ready".
Show only the most recent entries in a log file.
file tail [ log/confd/<
filename
> |
log/controller/<
filename
> |
log/host/<
filename
> }
This example shows the last ten lines of the
velos.log
file and uses the
-f
option to append output as
the file grows:
syscon-1-active# file tail -f log/controller/velos.log
2022-06-16T23:24:36.170220+00:00 controller-1 switchd[8]: priority="Notice" version=1.0 container="VCC-SWITCHD" msgid=0x1001000000000485 msg="Linkstatus change" PORT="1/mgmt0" LINKSTAT="DOWN".
2022-06-16T23:24:36.176481+00:00 controller-1 vcc-lacpd[82]: priority="Info" version=1.0 msgid=0x330100000000004e msg="" info_str="check_if_op_modify(): new oc_if_oper_status: 2 (1:UP 2:DOWN ... )".
2022-06-16T23:24:36.176820+00:00 controller-1 vcc-lacpd[82]: priority="Info" version=1.0 msgid=0x330100000000004e msg="" info_str="check_if_op_modify(): new oc_eth_port_speed: ns: 1857063266 id: 1980508219 ".
2022-06-16T23:24:36.267589+00:00 controller-1 switchd[8]: priority="Notice" version=1.0 container="VCC-SWITCHD" msgid=0x1001000000000485 msg="Linkstatus change" PORT="1/mgmt0" LINKSTAT="DOWN".
2022-06-16T23:24:36.425971+00:00 controller-1 vcc-lacpd[82]: priority="Info" version=1.0 msgid=0x330100000000004e msg="" info_str="CCLacpdWriteHdlr::delete_member(memberName=1/mgmt0) from ConfD".
2022-06-16T23:24:36.434091+00:00 controller-1 vcc-lacpd[82]: priority="Info" version=1.0 msgid=0x330100000000004e msg="" info_str="InterfaceCmObj::modifyOp: if_name=1/mgmt0 mode=FULL DUPLEX status=DOWN speed=10000#012".
2022-06-16T23:24:36.434371+00:00 controller-1 vcc-lacpd[82]: priority="Info" version=1.0 msgid=0x330100000000004e msg="" info_str="InterfaceCmObj::modifyOp: if_name=1/mgmt0 mode=FULL DUPLEX status=DOWN speed=0#012".
2022-06-16T23:25:09.324530+00:00 controller-1 platform-hal[8]: priority="Info" msg="NEBS is assumed to be true as chassis SEEPROM NEBS option couldn't be read" interface="job-2648493" apogeeUuid="a519fa20-ece4-11ec-a487-024264410634" $parent.jobId=0 $parent.apogeeUuid="a519fa20-ece4-11ec-a487-024264410634" $parent.treeUuid="90151e75-edcb-11ec-a487-024264410634" $parent.appKey="hal" actionKey="GET:chassis/nebs-capable" jobId=2648493 jobTreeUuid="90151e75-edcb-11ec-a487-024264410634"
2022-06-16T23:25:09.399391+00:00 controller-1 platform-hal[8]: priority="Info" msg="NEBS is assumed to be true as platform SEEPROM NEBS option couldn't be read" interface="job-2648493" actionKey="GET:chassis/nebs-capable" jobId=2648493 jobTreeUuid="90151e75-edcb-11ec-a487-024264410634" apogeeUuid="a519fa20-ece4-11ec-a487-024264410634" $parent.jobId=0 $parent.apogeeUuid="a519fa20-ece4-11ec-a487-024264410634" $parent.treeUuid="90151e75-edcb-11ec-a487-024264410634" $parent.appKey="hal"
2022-06-16T23:25:09.429431+00:00 controller-1 platform-hal[8]: priority="Info" msg="NEBS is assumed to be true as platform SEEPROM NEBS option couldn't be read" interface="job-2648493" actionKey="GET:chassis/nebs-capable" jobId=2648493 jobTreeUuid="90151e75-edcb-11ec-a487-024264410634" apogeeUuid="a519fa20-ece4-11ec-a487-024264410634" $parent.jobId=0 $parent.apogeeUuid="a519fa20-ece4-11ec-a487-024264410634" $parent.treeUuid="90151e75-edcb-11ec-a487-024264410634" $parent.appKey="hal"
_
File utilities overview
You can use File Utilities to import, export,
download, or delete files asynchronously depending on which directory you select
to work in. All file transfers are done using the HTTPS protocol.
File import
You can import a file from an external server into the
system controller or chassis partition from either the webUI or the CLI.
HTTPS is the supported protocol. The remote host should be an HTTPS server
with PUT/POST enabled and have a valid CA-signed certificate.
If you want to import the contents of a tar file,
you need to extract the contents first before you can import them onto the
F5
system.
You can import files into these directories on a system
controller :
images/staging
configs
You can import files into these directories on a chassis
partition:
configs
images/import
images/staging
images/tenant
File export
You can
export a file from a system controller or chassis partition to an external
server from either the webUI or the CLI. HTTPS is the supported protocol.
The remote host should be an HTTPS server with PUT/POST enabled and have a
valid CA-signed certificate.
You can export files in these directories from a system
controller:
configs
log/confd
log/controller
log/host
diags/core
diags/crash
diags/shared
images/import
images/staging
You can export files in these directories from the
chassis partition:
configs
diags/core
diags/shared
images
log
File download
You can download files in these directories from a
system controller to your local workstation from the webUI:
configs
diags/core
diags/crash
diags/shared
log/confd
log/controller
You can download files in these directories from a
chassis partition to your local workstation from the webUI:
configs
diags/core
diags/shared
log
File upload
You can upload files in these directories from your
local workstation to a system controller from the webUI:
configs
images/staging
You can upload files in these directories from your
local workstation to a chassis partition from the webUI:
configs
images
File deletion
You can delete files (to which you have file permissions) on a
system controller or a chassis partition only from the
diags/shared
or
configs
directories from either the webUI or the
CLI.
Manage files from the webUI
File Utilities are available in both the
system controller and chassis partition webUIs. You can use File Utilities to
import, export, download, upload, or delete files asynchronously depending on
which directory you select to work in. All file transfers are done using the
HTTPS protocol.
Log in to the VELOS system controller webUI or the chassis partition webUI using an account with admin access.
On the left, click
SYSTEM SETTINGS
File Utilities
.
From the
Base Directory
list, browse the directories and click subfolders to view their
contents and the commands that are available from each one.
From a subfolder, click the
left arrow next to the path to navigate back to the main
folder.
To import a file, click
Import
.
In the popup, type the
URL
of the file to import.
Provide the
Username
and
Password
only if required by the remote
host.
Select
Ignore Certificate
Warnings
if you want to skip warnings when
importing files (such as if the remote host does not have a
valid CA-signed certificate).
Click
Import File
to begin the import.
To export a file, select the file and
click
Export
.
In the popup, type the
Server
URL
for where to export the file.
Provide the
Username
and
Password
only if required by the remote
host.
Select
Ignore Certificate
Warnings
if you want to skip warnings when
importing files.
Click
Export File
to begin the export.
To upload or download a file:
Select the file and click
Upload
or
Download
.
The selected file will be uploaded or downloaded.
To delete a file, select the file and
click
Delete
.
On the system controller and chassis
partition, you can delete files from
diags/shared
.
You can view the status of a file
transfer operation to view its progress and see if it was successful. If an
operation fails, hover over the warning icon to see the error that
occurred.
A runtime error displays in the
File Transfer status area, if an invalid operation is
performed.
Manage MIB files from the webUI
MIB files can be managed from the File
Utilities page in both the system controller and chassis partition webUIs. You can use
File Utilities to export or download MIB files. File transfers are done using the HTTPS
protocol.
Log in to the VELOS system controller webUI or the chassis partition webUI using an account with admin access.
On the left, click
SYSTEM SETTINGS
File Utilities
.
From the
Base Directory
list, select
mibs
.
To export a MIB file, select the file and click
Export
.
In the popup, type the
Server URL
for where
to export the file.
Provide the
Username
and
Password
only if required by the remote host.
Select
Ignore Certificate
Warnings
if you want to skip warnings when importing
files.
Click
Export File
to begin
the export.
To download a file:
Select the file and click or
Download
.
The selected file will be
downloaded.
You can view the status of a file transfer
operation to view its progress and see if it was successful. If an operation fails,
hover over the warning icon to see the error that occurred.
A
runtime error displays in the File Transfer status area, if an invalid operation is
performed.
View files from the CLI
You can view a file from either
the system controller or chassis partition CLI.
Log in to the command line interface
(CLI) of the system controller or chassis partition using an account
with admin access.
When you log in to the system,
you are in user (operational) mode.
View the contents of a file.
file show <
local-file-path
>
This example shows how to view the contents of the
Optionally, you can check the file
transfer status.
file transfer-status file-name
<
local-file-path
>
Export files from the CLI
You can export files from either
the system controller or chassis partition CLI.
Log in to the command line interface
(CLI) of the system controller or chassis partition using an account
with admin access.
When you log in to the system,
you are in user (operational) mode.
Export a file.
file export insecure local-file
<
local-file-path
> protocol [ https | scp | sftp ]
remote-file <
remote-file-path
> remote-host <
ip-address-or-fqdn
> remote-port <
port-number
> } remote-url <
ip-address-or-fqdn
> username <
user
>
web-token <
remote-system-token
>
Delete files from the CLI
You can delete files from either
the system controller or chassis partition CLI.
Log in to the command line interface
(CLI) of the system controller or chassis partition using an account
with admin access.
When you log in to the system,
you are in user (operational) mode.
Delete a file.
file delete file-name
<
local-file-path
>
Time settings overview
You can configure Network Time Protocol (NTP) for the
VELOS
system. An NTP server ensures
that the system clock is synchronized with Coordinated Universal Time (UTC).
The system also provides authentication support for NTP, which can enhance
security by ensuring that the system sends time-of-day requests only to
trusted NTP servers. You can also configure the time zone and set the time and
date manually, if NTP is disabled. You can use either the system controller
CLI or webUI to configure time settings.
Configure time settings from the webUI
After the
VELOS
system license is activated, you can configure
Network Time Protocol (NTP) servers, including authentication support for NTP,
time zone, and manual configuration of date and time, if NTP is disabled. The
NTP server ensures that the system clock is synchronized with Coordinated
Universal Time (UTC). You can specify a list of servers that you want the
system to use when updating the time on network systems. You can configure
time settings for the system from the system controller webUI.
Log in to the VELOS system controller webUI using an account with admin access.
On the left, click
SYSTEM SETTINGS
Time Settings
.
To synchronize the system clock with an
NTP server, for
NTP
Service
, select
Enabled
.
The
NTP Service
is set
to
Disabled
by default.
To set the time and date manually:
For
NTP
Service
, select
Disabled
.
In the Manual Time & Date
Settings area, click the calendar to set the date and
time.
To use authentication support for
NTP:
For
NTP
Authentication
, select
Enabled
.
The
NTP
Authentication
is set to
Disabled
by
default.
For
NTP Keys
,
click
Add
.
The
Add NTP Key
screen displays.
For
Key ID
,
type an identifier used by the client and server to designate
a secret key.
The client and server
must use the same key ID.
For
Key Type
,
select the encryption type used for the NTP authentication
key.
The default value is
F5_NTP_AUTH_SHA256.
Select from these
options:
F5_NTP_AUTH_MD5
F5_NTP_AUTH_SHA1
F5_NTP_AUTH_SHA256
F5_NTP_AUTH_SHA384
F5_NTP_AUTH_SHA512
For
Key Value
,
paste the text of the NTP authentication key.
Click
Save &
Close
.
To specify an
NTP server
:
Click
Add
.
For
NTP Server
,
type the IPv4 address, IPv6 address, or Fully Qualified Domain
Name (FQDN) of the NTP server.
If specifying an FQDN,
you must configure a resolvable DNS server for the
system.
To set the time zone, from
Locations
, select
the time zone region.
Click
Save & Close
.
Configure the system date/time from the CLI
You can manually configure the date
and time for your system from the CLI.
Connect using SSH to the system
controller floating management IP address.
Log in to the command line interface
(CLI) of the system controller using an account with admin
access.
When you log in to the system,
you are in user (operational) mode.
Change to config mode.
config
The CLI prompt changes to
include
(config)
.
Change the system date and/or
time.
You can opt to change only the time or only the
date by including only the relevant option (either
time
or
date
).
system set-datetime date
<
YYYY-MM-DD
> time <
HH:MM-SS
>
In this example, you change the
system date to 2022-01-01 and the system time to be 12:01:00:
syscon-1-active# system set-datetime date 2022-01-01 time 12:01:00
The system date and time are now
updated.
Configure NTP from the CLI
You can configure Network Time Protocol
(NTP) for your
Connect using SSH to the system
controller floating management IP address.
Log in to the command line interface
(CLI) of the system controller using an account with admin
access.
When you log in to the system,
you are in user (operational) mode.
Change to config mode.
config
The CLI prompt changes to
include
(config)
.
Enable NTP.
system ntp config
enabled
Add an NTP server.
system ntp servers server
<
ip-address
>
In this example, you configure an NTP server at pool.ntp.org:
syscon-1-active(config)# system ntp servers server pool.ntp.org
Commit the configuration changes.
commit
Return to user (operational) mode.
end
Verify that NTP is enabled and a server is configured.
syscon-1-active# show system ntp
system ntp state enabled
system ntp state enable-ntp-auth false
system ntp servers server pool.ntp.org
state address pool.ntp.org
state port 123
state version 4
state association-type SERVER
state iburst false
state prefer false
state stratum 4
state root-delay 32
state root-dispersion 45
state offset 0
state poll-interval 8
state authenticated false
Configure NTP authentication from the CLI
You can configure Network Time
Protocol (NTP) authentication for your
VELOS
system from the system controller CLI. NTP
authentication enhances security by ensuring that the system sends time-of-day
requests only to trusted NTP servers.
Connect using SSH to the system
controller floating management IP address.
Log in to the command line interface
(CLI) of the system controller using an account with admin
access.
When you log in to the system,
you are in user (operational) mode.
Change to config mode.
config
The CLI prompt changes to
include
(config)
.
Enable NTP.
system ntp config
enabled
Enable NTP authentication.
system ntp config enable-ntp-auth
true
Add the key associated with your server to the system.
Add an NTP server and associate the key ID you added with the
server.
system ntp servers server
<
ip-address
>
In this example, you configure an NTP
server at the IP address pool.ntp.org:
syscon-1-active(config)# system ntp servers server pool.ntp.org
syscon-1-active(config-server-pool.ntp.org)# config key-id 11
Commit the configuration changes.
commit
Return to user (operational) mode.
end
Verify that NTP with authentication is enabled and a server is
configured.
syscon-1-active# show system ntp servers
system ntp servers server pool.ntp.org
state address pool.ntp.org
state port 123
state version 4
state association-type SERVER
state iburst false
state prefer false
state stratum 8
state root-delay 0
state root-dispersion 0
state offset 251333
state poll-interval 6
state key-id 11
state authenticated true
SNMP configuration overview
Simple Network Management Protocol (SNMP) is an industry-standard
protocol that enables you to use a standard SNMP management system to remotely
manage network devices.
VELOS
systems support SNMPv1 and
SNMPv2c configuration from the CLI.
You can use SNMP to monitor VELOS systems at both
the system controller and chassis partition levels. SNMP traps always send
from the active system controller’s fixed management IP address as the source
IP address.
SNMP software support
On
VELOS systems, SNMP is available from both the system controller and chassis
partition CLIs.
Before you configure SNMP access for VELOS systems:
Add descriptions to front-panel interfaces..
Add descriptions to management interfaces.
Add descriptions to LAGs, if needed.
Download the F5 MIB files from
File Utilities
in the
system controller or
chassis partition webUI (on the left, click
SYSTEM
SETTINGS
File
Utilities
, and then from
Base Directory
, select
mibs
, select
a
.tar.gz
file, and
click
Download
).
Configure a DNS name server if you would like to use a
fully-qualified domain name (FQDN) instead of an IP address for the SNMP
trap destination. For more information, see Configure DNS from the webUI.
SNMP log overview
You can view SNMP information in the
/log/system/snmp.log
file.
You can download the log file to your local workstation from the File
Utilities screen in the system controller or chassis partition webUI (on the
left, click
SYSTEM SETTINGS
File Utilities
, and then from
Base Directory
, select
log/system
, select
snmp.log
, and
click
Download
).
For more information about managing files from the system
controller or chassis partition webUI or CLI, see File utilities overview.
SNMPWALK overview
SNMPWALK is an application on an SNMP management system that
performs SNMP GETNEXT requests to query a network device for information. You
can provide an object identifier (OID) to specify which portion of the object
identifier space to search using GETNEXT requests. The SNMP management system
queries all variables in the subtree below the specified OID, displays these
values to the user, and stops when it returns results that are no longer
inside the range of the specified OID.
The IDs display in text format when the corresponding MIB is
loaded in your SNMP management system. If the MIB is not loaded, the walk
displays in OID format.
To more accurately map these system OIDs, you must download
the F5-OS-SYSTEM-MIB.mib file and load it into your SNMP management system. To
download the F5 MIB files, use File Utilities in the
system controller or chassis partition
webUI (on
the left, click
SYSTEM SETTINGS
File Utilities
,
and then from
Base Directory
,
select
mibs
, select
a
.tar.gz
file, and click
Download
).
Certificate management overview
Before
VELOS
systems can exchange data with one another, they must exchange device certificates, that is, digital certificates and keys used for secure communication.
If you are using LDAP with transport layer security (TLS) for user authentication, you can choose to require TLS Certificate Validation in the authentication settings. You can add a certificate and key into the system, and when you create a certificate signing request (CSR), it saves the generated key and certificate to these directories:
system/aaa/tls/config/key
system/aaa/tls/config/certificate
When you install an SSL certificate, you also install a certificate authority (CA) bundle, which is a file that contains root and intermediate certificates. The CA bundle and server certificate complete the SSL chain of trust.
Manage certificates from the webUI
You can replace TLS device certificates, and select or
configure CA certificate bundles from the webUI.
Create a self-signed certificate from the webUI
You can create a self-signed
certificate from either the system controller or chassis partition
webUI.
Log in to the VELOS system controller webUI or the chassis partition webUI using an account with admin access.
On the left, click
SYSTEM SETTINGS
Certificate Management
.
In the Self-Signed Certificate area,
click
Create
Certificate
.
For
Name
, type the
common name of the certificate.
For
Email
, type the
contact email for the certificate.
For
City
, type the city
or locality.
For
State
, type the
state, county, or region.
For
Organization
, type
the full name of the certificate originator organization.
For
Unit
, type the
organizational unit or division.
For
Version
, type the
certificate version.
The default value is 1.
For
Days Valid
, type
the number of days for which the certificate is valid.
The default value is 30.
For
Key Type
, select
RSA or ECDSA.
For
Store TLS
, select
whether to store the key and certificate in
system/aaa/tls/config/key
and
system/aaa/tls/config/certificate
.
The default value is False.
Click
Save
.
View or configure a TLS key and certificate from the webUI
Before you can install device certificates, you must enable LDAP as an authentication method in the system controller or chassis partition in which you are working (
USER MANAGEMENT
Auth Settings
).
You can view or replace TLS device certificates from either the system controller or chassis partition webUI. The device certificates apply only to the area in which you are working.
Log in to the VELOS system controller webUI or the chassis partition webUI using an account with admin access.
On the left, click
SYSTEM SETTINGS
Certificate Management
.
To display a previously-installed TLS certificate or TLS key, in the TLS Certificate & Key area, click
Show
.
A text area opens and displays the certificate or key.
To install a
TLS Certificate
, paste the text of the local certificate for client TLS authentication.
To install a
TLS Key
, paste the text of the local certificate for client TLS authentication.
Click
Save
.
Create a Certificate Signing Request from the webUI
You can create a Certificate Signing Request
(CSR) from either the system controller or chassis partition webUI.
Log in to the VELOS system controller webUI or the chassis partition webUI using an account with admin access.
On the left, click
SYSTEM SETTINGS
Certificate Management
.
In the Certificate Signing Request area, click
Create CSR
.
For
Name
, type the common name of the certificate.
For
Email
, type the contact email for the certificate.
For
City
, type the city or locality.
For
State
, type the state, county, or region.
For
Country
, type the country.
For
Organization
, type the full name of the certificate originator
organization.
For
Unit
, type the organizational unit or division.
For
Version
, type the certificate version. Default is 1.
For
Days Valid
, type the number of days the certificate is valid
for. Default is 30.
Click
Save
.
Configure CA bundles from the webUI
You can add or delete a CA bundle from either the system controller or chassis partition webUI.
Log in to the VELOS system controller webUI or the chassis partition webUI using an account with admin access.
On the left, click
SYSTEM SETTINGS
Certificate Management
.
In the
CA Bundles
area, click
Add
.
For
Name
, type the bundle name.
For
TLS CA Certificate
, paste the certificate text.
Click
Save
.
To delete a CA bundle, under
CA Bundles
, click the name of the bundle in the table and click
Delete
.
Manage certificates from the CLI
You can configure TLS device certificates from the CLI.
Create a private key and self-signed certificate from the
CLI
You can create a private key and a
self-signed certificate from either the system controller or chassis partition CLI.
Log in to the command line interface
(CLI) of the system controller or chassis partition using an account
with admin access.
When you log in to the system,
you are in user (operational) mode.
Change to config mode.
config
The CLI prompt changes to
include
(config)
.
Create a private key and self-signed
certificate.
system aaa tls
create-self-signed-cert name <
name
> email
<
email-address
> city <
city
>
region <
region
> country <
country
>
organization <
org-name
> unit <
org-unit
>
version <
cert-version
> days-valid <
number
>
key-type {
rsa
|
ecdsa
}
store-tls {
true
|
false
}
The
store-tls
option
stores the private key and self-signed certificate in
system/aaa/tls/config/key
and
system/aaa/tls/config/certificate
instead of returning
in the CLI output.
This example creates a private key and
self-signed certificate with city, country, days valid, email, key type, name,
organization, region, unit and version options specified, and with store TLS set
to
false:
syscon-1-active(config)# system aaa tls create-self-signed-cert
city Seattle country US days-valid 365 email jdoe@company.com key-type ecdsa
name Godzilla organization "Company" region Washington unit DEV
version 1 curve-name prime239v2 store-tls false
response
-----BEGIN EC PRIVATE KEY-----
MHECAQEEHiyJEVihDTnVi+v9RjfK3LhZ2PdSOXZFMJf3lyXaoaAKBggqhkjOPQMB
BaFAAz4ABHFISUTEi8wEdG0iBF3iqTi5m5b62xUSbhOJrXR8d0S6h+anvpo9xrH3
QKbVuacF7ZSNMj2tX/wyqVNePg==
-----END EC PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIICAzCCAa4CCQCR5RKtuBFcxTAKBggqhkjOPQQDAjCBjTELMAkGA1UEBhMCVVMx
EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEzARBgNVBAoM
CkY1IE5ldG9ya3MxEDAOBgNVBAsMB1NXRElBR1MxETAPBgNVBAMMCEdvZHppbGxh
MR0wGwYJKoZIhvcNAQkBFg5qLm1vb3JlQGY1LmNvbTAeFw0yMTAzMjcwMjE2NTFa
Fw0yMjAzMjcwMjE2NTFaMIGNMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGlu
Z3RvbjEQMA4GA1UEBwwHU2VhdHRsZTETMBEGA1UECgwKRjUgTmV0b3JrczEQMA4G
A1UECwwHU1dESUFHUzERMA8GA1UEAwwIR29kemlsbGExHTAbBgkqhkiG9w0BCQEW
DmoubW9vcmVAZjUuY29tMFUwEwYHKoZIzj0CAQYIKoZIzj0DAQUDPgAEcUhJRMSL
zAR0bSIEXeKpOLmblvrbFRJuE4mtdHx3RLqH5qe+mj3GsfdAptW5pwXtlI0yPa1f
/DKpU14+MAoGCCqGSM49BAMCA0MAMEACHh38OAyBBjAsVRBklBXZUIuynHq3/tr4
3VUQsMtYHQIeeP3vCrRm2qjPtK62QwtbkqDA9h2qTvuDj6uYL8EI
-----END CERTIFICATE-----
Commit the configuration changes.
commit
Configure a TLS key and certificate from the CLI
Before you can enable TLS encryption, you must have
already configured a key and certificate on the system.
You can configure a TLS key and certificate from
either the system controller or chassis partition CLI.
Log in to the command line interface
(CLI) of the system controller or chassis partition using an account
with admin access.
When you log in to the system,
you are in user (operational) mode.
Configure a certificate.
system aaa tls config
certificate
Press Enter to enable multi-line mode and
press ctrl-D to exit multi-line mode.
(<string>):
[Multiline mode, exit with ctrl-D.]
> ...
Enter the certificate value.
Commit the configuration changes.
commit
Configure a key.
system aaa tls config
key
Press Enter to enable multi-line mode and
press ctrl-D to exit multi-line mode.
(<string>):
[Multiline mode, exit with ctrl-D.]
> ...
Enter the key value.
Commit the configuration changes.
commit
Return to user (operational) mode.
end
Verify that the certificate is configured.
show system aaa tls state
certificate
syscon-1-active# show system aaa tls state certificate
response Certificate:
Data:
Version: 3 (0x2)
Serial Number: 322234828 (0x1334e9cc)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=WA, L=Seattle, O=MyCompany, OU=IT, CN=localhost.localdomain/emailAddress=root@localhost.localdomain
Validity
Not Before: Mar 18 21:40:28 2020 GMT
Not After : Mar 16 21:40:28 2030 GMT
Subject: C=US, ST=WA, L=Seattle, O=MyCompany, OU=IT, CN=localhost.localdomain/emailAddress=root@localhost.localdomain
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:bc:ba:b9:8d:51:c7:c9:fe:81:86:52:ea:ef:08:
bf:af:68:df:dc:22:6d:a3:23:fa:a5:5b:cd:89:3e:
be:fb:cb:92:c4:bc:d7:a6:a5:f3:8b:6b:84:fa:b4:
31:39:88:8b:9a:96:2a:35:1c:3f:ee:23:4a:25:8f:
bf:ca:ae:fa:e2:38:5d:9f:43:9d:18:c2:8f:1f:f7:
27:a7:75:a1:12:71:2f:ec:8f:37:e2:a6:74:cc:59:
d4:c4:68:26:0c:0d:b6:b0:92:76:38:59:86:e1:54:
40:0e:0e:5d:6e:d6:e7:21:07:94:9e:43:6d:f0:50:
25:5a:68:64:39:fe:a6:df:6d:3f:f8:3c:69:9b:68:
5d:e7:36:88:5c:67:5a:02:01:99:e3:2c:d9:08:cc:
d5:9e:1c:cd:46:28:3a:85:76:59:fb:b3:f1:61:bc:
4f:03:57:2c:20:5d:6c:1d:11:1e:56:30:b2:91:67:
99:32:3f:d3:08:6d:4f:cd:a3:8d:f6:e6:34:9c:87:
04:8e:f2:79:f2:8c:1f:cc:1a:8b:2c:25:cf:b4:0c:
c7:73:93:e4:49:d5:03:00:eb:1f:90:3c:04:c3:59:
10:90:c9:dd:29:32:cb:27:9f:04:37:f5:05:20:f9:
79:32:c1:50:66:76:1d:6d:2d:78:95:16:d2:65:7b:
4c:f1
Exponent: 65530 (x10001)
Signature Algorithm: sha256WithRSAEncryption
47:21:0e:06:80:ab:df:05:9f:04:80:9f:d6:db:b9:2e:c8:d7:
39:8b:ac:6a:cf:cc:7b:5b:64:5c:59:2c:72:fe:57:d5:46:91:
0a:d4:40:0d:42:c1:95:a6:69:d9:1e:36:ac:d1:dd:f4:a1:b0:
08:3c:71:09:31:57:1a:0b:33:83:13:17:99:84:e4:70:82:85:
f3:72:c7:fa:ba:0e:1a:fe:55:a1:ce:f7:96:2b:39:ef:4d:7a:
7a:23:71:44:01:c1:6c:10:58:e8:5f:6b:a8:b6:70:cc:8f:65:
c8:cd:7b:aa:4b:e2:6a:bc:1c:fe:59:8f:c8:85:08:f0:46:67:
8d:15:a6:01:d0:a3:a2:fd:9c:db:c5:5b:51:07:6f:db:59:f8:
bc:ba:9d:4a:30:ea:a7:7c:0c:fb:bb:9a:ea:c9:c2:a4:c1:82:
e3:b8:2e:57:cd:32:6a:b1:a8:95:75:e3:82:8a:ea:c2:f8:37:
c4:6f:a2:b4:e5:82:6c:3a:5d:c1:1f:a7:8e:da:7d:4c:51:d1:
49:36:da:97:31:4a:64:92:bf:bb:85:e3:bd:67:16:79:fe:53:
92:df:a8:3f:dc:8c:4e:e4:7c:b9:5e:ba:d6:ab:3d:7d:29:59:
01:27:d9:ca:52:10:58:60:00:02:19:f9:1d:74:07:5c:0d:f7:
5e:c2:d6:82
Configure a CRL from the CLI
You can configure a Certificate Revocation
List (CRL) entry from either the system controller or chassis partition CLI.
Log in to the command line interface
(CLI) of the system controller using an account with admin
access.
When you log in to the system,
you are in user (operational) mode.
Change to config mode.
config
The CLI prompt changes to
include
(config)
.
To configure a CRL entry.
system aaa tls crls crl <
crl-name
>
In this example, you configure a
CRL named
"bbb":
syscon-1-active(config)# system aaa tls crls crl bbb
Press Enter to enable multi-line mode and
press ctrl-D to exit multi-line mode.
Value for 'config revocation-key'(<string>):
[Multiline mode, exit with ctrl-D.]
> ...
Enter the key value.
Commit the configuration changes.
commit
To delete a CRL entry.
no system aaa tls crls crl <
crl-name
>
In this example, you delete a CRL
entry named
"bbb":
syscon-1-active(config)# no system aaa tls crls crl bbb
Commit the configuration changes.
commit
Return to user (operational) mode.
end
View the CRLs currently on the system.
show system aaa tls crls
crl
This example shows the CRLs
currently on the
system:
syscon-1-active# show system aaa tls crls crl
DATE
NAME ADDED
--------------------
*name* 3/11/2021
Create a CSR from the CLI
You can create a text-based certificate
signing request (CSR) from either the system controller or chassis partition
CLI.
Log in to the command line interface
(CLI) of the system controller or chassis partition using an account
with admin access.
When you log in to the system,
you are in user (operational) mode.
Change to config mode.
config
The CLI prompt changes to
include
(config)
.
Create a CSR.
system aaa tls create-csr
name <
name
> email
<
email-address
> city <
city
> region
<
region
>
country <
country
> organization <
org-name
> unit
<
org-unit
> version <
cert-version
>
This example creates a
CSR with name, email, organization, and unit options
specified:
When you install an SSL certificate, you also install a certificate authority (CA) bundle, which is a file that contains root and intermediate certificates. The CA bundle and server certificate complete the SSL chain of trust. You can add or delete a CA bundle from either the system controller or chassis partition CLI.
Log in to the command line interface
(CLI) of the system controller using an account with admin
access.
When you log in to the system,
you are in user (operational) mode.
Change to config mode.
config
The CLI prompt changes to
include
(config)
.
To add a CA bundle.
system aaa tls ca-bundles ca-bundle <
ca-bundle-name
> config name <
ca-bundle-name
> content
Press Enter to enable multi-line mode and press ctrl-D to exit multi-line mode.
In this example, you add a CA bundle named "test_caaaa":
syscon-1-active(config)# system aaa tls ca-bundles ca-bundle
test_caaaa config name test_caaaa content
Commit the configuration changes.
commit
To delete a CA bundle.
no system aaa tls ca-bundles ca-bundle <
ca-bundle-name
>
In this example, you delete a CA bundle named "test_caaaa":
syscon-1-active(config)# no system aaa tls ca-bundles ca-bundle
test_caaaa
Commit the configuration changes.
commit
System licensing overview
You can activate a license for the
VELOS
system from either the system controller CLI or
webUI. There is one license per
VELOS
system, which is
used by the chassis partitions and any tenants.
There are two ways to license the system:
Automatically
If your system is connected to the internet, use
the Automatic method to prompt the system to contact the F5 license
server and activate the license.
Manually
If your system is not connected to the internet,
use a management workstation that is connected to the internet to
retrieve an activation key from
F5
and then
transfer it to the system.
Adding or
reactivating a license on an active
VELOS
system
might impact traffic on tenants
running on chassis
partitions
. Traffic processing will stop briefly on the tenants,
and then restart automatically. This occurs when the tenant receives a new
or reactivated license causing a configuration reload on the tenants. For
more information, see these other references:
The system is now licensed. If a base registration
key or add-on key fails to activate, try re-activating the license or contact support.f5.com.
System licensing from the CLI
License the system automatically from the CLI
For automatic
VELOS
system licensing,
the system needs to be able to connect to the F5 licensing server either
through the internet or another means of networking. You need to have the Base
Registration Key (five sets of characters separated by hyphens) provided by
F5, and any add-on keys (two sets of 7 characters separated by a hyphen) that
you have purchased. The Base Registration Key with associated add-on keys are
pre-installed on a new
VELOS
system.
You can activate the
VELOS
system license automatically
from the system controller CLI.
Connect using SSH to the system
controller floating management IP address.
Log in to the command line interface
(CLI) of the system controller using an account with admin
access.
When you log in to the system,
you are in user (operational) mode.
Change to config mode.
config
The CLI prompt changes to
include
(config)
.
Apply a license to the chassis.
system licensing install
registration-key <
key
>
The registration key is optional. If it is not
included, the system uses the one that is already pre-installed.
If no registration key is found, you receive an
error.
This example applies a specified base
registration license to the system:
syscon-1-active(config)# system licensing install registration-key
I1234-12345-12345-12345-1234567
result License installed successfully.
Apply any add-on keys.
system licensing install
add-on-keys <
add-on-keys
>
This example enables the additional
features associated with the three specified add-on-keys, along with
the entitlements of the base registration key:
syscon-1-active(config)# system licensing install
add-on-keys [1234567-1234567 2345678-2345678 3456789-3456789]
result License installed successfully.
The
VELOS
system is licensed. The license and any add-on keys apply to all partitions and
tenants.
License the system manually from the CLI
You can activate the
VELOS
system license manually from
the system controller CLI.
Connect using SSH to the system
controller floating management IP address.
Log in to the command line interface
(CLI) of the system controller using an account with admin
access.
When you log in to the system,
you are in user (operational) mode.
Change to config mode.
config
The CLI prompt changes to
include
(config)
.
Get the system dossier.
system licensing get-dossier
[registration-key XXXXX-XXXXX-XXXXX-XXXXX-XXXXXXX]
The registration key is optional. If it is not
included, the system uses the one already pre-installed. If no
registration key is found, you receive an error.
Paste the license file content
in multiline mode, then press Ctrl+D.
syscon-1-active(config)# system licensing manual-install license
Value for 'license' (<string>):
[Multiline mode, exit with ctrl-D.]
>
The
VELOS
system is licensed. The license applies to all of
the chassis partitions and tenants.
Display the system license from the CLI
You can display the license of a
VELOS
system from the system controller
CLI.
Connect using SSH to the system
controller floating management IP address.
Log in to the command line interface
(CLI) of the system controller using an account with admin
access.
When you log in to the system,
you are in user (operational) mode.
Display the system license in a simple
form.
show system
licensing
A summary similar to this
example displays:
syscon-1-active# show system licensing
system licensing license
Licensed version 7.4.0
Registration Key Gxxxx-xxxxx-xxxxx-xxxxx-xxxxxxxx
Licensed date 2021/01/01
License start 2021/04/16
License end 2022/01/01
Service check date 2021/12/02
Platform ID F101
Appliance SN chs600144s
Active Modules
Local Traffic Manager, CX410 (Exxxxxx-xxxxxx)
Best Bundle, CX410
APM-Lite
Carrier Grade NAT (AFM ONLY)
Max Compression, CX410
Rate Shaping
Max SSL, CX410
Advanced Firewall Manager, CX410
Access Policy Manager, Base, CX410
Anti-Virus Checks
Base Endpoint Security Checks
Firewall Checks
Machine Certificate Checks
Network Access
Protected Workspace
Secure Virtual Keyboard
APM, Web Application
App Tunnel
Remote Desktop
Advanced Routing, CX410
Advanced Web Application Firewall, CX410
DNS, Max QPS, CX410
Display the raw license file content that was received from the F5 license
server.
show running-config system licensing
The
VELOS
system is licensed. The license applies to all of the chassis
partitions and tenants.
Appliance mode overview
You can run the system in
appliance mode
.
Appliance mode adds a layer of security removing user access to Root and Bash. Enabling
appliance mode disables all Root and Bash shell access for the system.
You can enable appliance mode at each of these levels:
System
Tenant
Appliance mode is disabled at all levels, by default. You can enable it from
the webUI or the CLI. The appliance mode option for the system is available to users
with admin access under
SYSTEM SETTINGS
General
in the webUI. For tenants, it is available in the webUI under
TENANT MANAGEMENT
Tenant Deployments
.
These are the effects of enabling appliance mode at each of
the different levels.
System-level appliance
mode
Root or Bash access is disabled on the system.
Console access: Root or Bash access is disabled on the system. Users can
log in to the system CLI from the console using an admin account.
Tenant
appliance mode
Root access to the tenant is disabled by all means.
Bash access is disabled for users (with a terminal shell flag enabled)
inside the tenant.
Users can access the tenant only through the webUI or
the CLI.
Tenant console access: Users can log in to the CLI
from the virtual console using an admin account (with a terminal shell
flag enabled).
Configure appliance mode from the webUI
You can enable appliance mode if you want
to disable all root and Bash shell access.
For greater security, it is highly recommended that
you configure the system controllers and chassis partitions to run in
appliance mode.
From the system controller
webUI, appliance mode disables root and Bash access to the controllers.
From the chassis partition webUI, appliance mode limits access to the
specific chassis partition to which you are connected. You can enable or
disable the appliance mode for system controllers and partitions from
their respective webUIs.
The
appliance mode option for tenants is available in the chassis
partition webUI under
TENANT
MANAGEMENT
Tenant
Deployments
.
Log in to the VELOS system controller webUI or the chassis partition webUI using an account with admin access.
On the left, click
SYSTEM SETTINGS
General
.
For
Appliance Mode
,
select
Enabled
to enable appliance mode.
The default value is
Disabled
.
Click
Save
.
Cluster details overview
A cluster on a
VELOS
system is
group of blades or nodes working together as a logical unit. The Cluster Details screen
on the chassis partition webUI provides detailed information about clusters that might
be useful when a chassis partition is made up of more than one slot/blade.
View cluster details from the webUI
You can view detailed information about
clusters from the chassis partition webUI.
Log in to the VELOS chassis partition webUI using an account with admin access.
On the left, click
SYSTEM
SETTINGS
Cluster
Details
.
Set the
Auto Refresh
interval for refreshing the data displayed or click the refresh icon to update the data immediately.
View the cluster detail
information.
General system configuration overview
You can configure general system settings for
the
VELOS
system, such as system
hostname, login banner, and message of the day (MOTD) banner. Depending on
which setting you want to configure, you can use either the CLI or the
webUI.
Configure hostname, login banner, and MOTD banner from the
webUI
You can configure the hostname, the login banner,
and the message of the day (MOTD) banner for the system from the webUI. The product name
displays but cannot be changed.
Log in to the VELOS system controller webUI using an account with admin access.
On the left, click
SYSTEM SETTINGS
General
.
For
Hostname
, type a custom hostname for the system.
For
Login Banner
, type any text to be displayed when users log in
to the system.
For
MOTD Banner
, type any text to be displayed as a MOTD when
users log in to the system.
Click
Save
.
Configure the hostname from the CLI
You can manually configure the hostname
for your system from either the system controller or chassis partition CLI.
The hostname must be fully-qualified domain name (FQDN).
Connect using SSH to the system
controller floating management IP address.
Log in to the command line interface
(CLI) of the system controller using an account with admin
access.
When you log in to the system,
you are in user (operational) mode.
Change to config mode.
config
The CLI prompt changes to
include
(config)
.
Change the hostname.
system config hostname
<
hostname
>
The minimum length is 1 character, and the maximum length is 253
characters.
In this example, you change the hostname for the system to
test.company.com:
syscon-1-active# system config hostname test.company.com
The system hostname is now
updated.
Configure the login banner from the CLI
You can manually configure the login banner
for your system from either the system controller or chassis partition CLI. The login
banner displays before users log in to each respective system.
Log in to the command line interface
(CLI) of the system controller or chassis partition using an account
with admin access.
When you log in to the system,
you are in user (operational) mode.
Change to config mode.
config
The CLI prompt changes to
include
(config)
.
Change the login banner text.
This command allows a multi-line entry,
which you can exit by pressing ctrl-D.
system config
login-banner
In this example, you change the
login banner text to "Thank you for choosing F5":
syscon-1-active(config)# system config login-banner
At the prompt, type the login banner message:
Thank you for choosing F5
Commit the configuration changes.
commit
The login banner is now updated.
Configure the MOTD banner from the CLI
You can manually configure the
message-of-the-day (MOTD) banner for your system from either the system controller or
chassis partition CLI. The MOTD banner displays after users log in to each respective
system.
Log in to the command line interface
(CLI) of the system controller or chassis partition using an account
with admin access.
When you log in to the system,
you are in user (operational) mode.
Change to config mode.
config
The CLI prompt changes to
include
(config)
.
Change the MOTD banner text.
This command allows a multi-line entry,
which you can exit by pressing ctrl-D.
system config
motd-banner
In this example, you change the
login banner text to "System maintenance in two days":
syscon-1-active(config)# system config motd-banner
At the prompt, type the login banner message:
System maintenance in two days
Commit the configuration changes.
commit
The MOTD banner is now updated.
System reboot overview
If you are having an issue with a chassis partition (such as unusually high CPU or
memory usage or lockup), it is possible that rebooting a blade in the chassis partition might help to resolve the issue.
When there is a problem, the system sends alerts that you would see on the
dashboard or on the Alarms & Events screen. A blade status of
Not ready
for a prolonged time on the
General screen can also indicate the need to reboot the blade. You should rarely have to
reboot a blade, however, because typically if the
VELOS
system needs to reboot a blade, it will do so automatically
without administrator intervention. F5 recommends working with customer support if you
think a blade reboot is necessary.
Reboot a system controller from the CLI
You can manually reboot a system controller in your
VELOS
system from the system controller
CLI.
Connect using SSH to the system
controller floating management IP address.
Log in to the command line interface
(CLI) of the system controller using an account with admin
access.
When you log in to the system,
you are in user (operational) mode.
Reboot a system controller.
system reboot controllers
controller {
active
|
standby
]
In this example, you reboot the
standby system controller:
syscon-1-active# system reboot controllers controller standby
The specified system controller
reboots.
Reboot a blade in a chassis partition from the CLI
You can manually reboot a blade in
your system from the chassis partition CLI.
Connect using SSH to the chassis
partition management IP address.
Log in to the command line interface
(CLI) of the chassis partition using an account with admin
access.
When you log in to the system,
you are in user (operational) mode.