F5 ÅäÖÃÊÖ²á

F5 BIG-IP 10.1-2-ÅäÖÃ

-»ù±¾²ÎÊý

 

ͳһ¹µÍ¨(Öйú)ÓÐÏÞ¹«Ë¾

2012-01-31

 

 

Ç°ÑÔ£º

ÓÐÈ˸øÎÒ˵,¼¤»îÁ˽ÓÏÂÀ´Òª×öʲô?

ÄÇôÎÒÃÇÏÖÔÚ¿ªÊ¼×ö¼¤»îºóµÄÊÂÎñ¡£

µ«ÊÇÇëÏÈ¿´:

ÄãÒ²¿ÉÒÔÓµÓÐF5

http://dynamic.blog.51cto.com/711418/767161

F5 ÅäÖÃÊÖ²á -F5 BIG-IP 10.1-1-¼¤»î

http://dynamic.blog.51cto.com/711418/769081

Èç¹ûÉÏÃæÁ½¸öÎÄÕÂû¿´¹ý£¬Çë±ðÏòÏÂÃæ¿´¡£¿´ÁËÄãÒ²²»ÖªµÀÈçºÎÀ´µÄ¡£

ÇмÇ!

±¾ÎĽéÉÜ:

ÅäÖÃ-»ù±¾²ÎÊý

1. ÅäÖùÜÀí½Ó¿Ú-IP

Ç°ÃæÎÄÕÂÖÐûÌáµ½ÈçºÎÅäÖÃIP,ÏÖÔÚ¿ªÊ¼À´ÅäÖá£

怬-F5

Ñ¡Ôñ-System-Õ¹¿ª:

Ñ¡Ôñ-Platform

ĬÈÏ-Automatic(DHCP),²ÎÕÕÎÒÃÇÇ°Æڹ滮£¬Ñ¡Ôñ-Manual,ÉèÖÃ-IP:

Ìîд.ºì¿òÖеĶ«Î÷¡£

Ñ¡Ôñ-Update

怬-F5

Log in

Hostname :F5-BIGIP-10-1-1.uc-cn.net

IP Address:192.168.1.245

¼ÆËã»úÃûºÍ¹ÜÀíIPÅäÖÃÍê±Ï¡£

ͬÀí:

ÅäÖÃ- F5-BIGIP-10-1-2

Hostname :F5-BIGIP-10-1-2.uc-cn.net

IP Address:192.168.0.245

Update

怬-F5

2. µÇ¼-¹ÜÀí½çÃæ

3. ¼¤»î-License

²ÎÕÕ:

F5 ÅäÖÃÊÖ²á -F5 BIG-IP 10.1-1-¼¤»î

http://dynamic.blog.51cto.com/711418/769081

4. ÅäÖÃ-ϵͳ-ÊôÐÔ

Ñ¡Ôñ-System-Platform- Configuration

²ÎÕÕ:

²ÎÊýÃû	ÈçºÎÀí½â……	ÈçºÎÉèÖÃ……
Host Name	Ö÷»úÃû£¬ÓÃÀ´±êʶF5ϵͳ×ÔÉí¡£ ˵Ã÷ ¸ºÔؾùºâÆ÷Ë«»úϵͳµÄÖ÷»úÃû±ØÐ벻ͬ£¬·ñÔòÔÚË«»úͬ²½Ê±»á²úÉú´íÎó£¬Ò²¿ÉÄܵ¼ÖÂLicense±»ÆÆ»µ¡£	[È¡Öµ·¶Î§] l ±ØÐë·ûºÏDNSÓòÃû±ê×¼¡£ l Ö÷»ú²¿·ÖÒÔ×Öĸ¿ªÍ·ÇÒ²»ÉÙÓÚ2λµÄ×Ö·û´®¡£ [ʾÀý] l Ö÷»úΪ£ºljxc-3600-1 l ±¸»úΪ£ºljxc-3600-2
High availability	¿ÉÓÃģʽ£¬°üÀ¨£º l Single Device£ºµ¥»úģʽ l Redundant Pair£ºË«»úģʽ	[ÅäÖÃÖµ] Redundant Pair
Unit ID	Ë«»úϵͳÖУ¬Ö÷±¸µÄ»ú±êʶ·û¡£ ˵Ã÷ ´ËÅäÖÃÏîÔÚ“High availability”ÅäÖÃΪ“Redundant Pair”ʱ²ÅÏÔʾ¡£	[ÈçºÎÉèÖÃ] µ¥»÷ÏÂÀ­Áбí¿òÑ¡Ôñ¡£ [ʾÀý] l Ö÷»úΪ2¡£ l ±¸»úΪ1¡£
Root Account	ʹÓÃrootÓû§Í¨¹ýÃüÁîÐеǼ¸ºÔؾùºâÆ÷ʱµÄÃÜÂë¡£ ˵Ã÷ Ë«»úϵͳµÄÖ÷±¸»úrootÃÜÂë±ØÐë±£³ÖÒ»Ö¡£	[È¡Öµ·¶Î§] ³¤¶È´óÓÚ6ÇÒ²»³¬¹ý32λµÄ×Ö·û´®¡£ Çø·Ö´óСд£¬½¨ÒéÃÜÂëÖаüº¬´óд¡¢Ð¡Ð´×ÖĸºÍÊý×Ö¡£ [ʾÀý] root
Admin Account	ʹÓÃAdminÓû§Í¨¹ýWebÒ³ÃæµÇ¼¸ºÔؾùºâÆ÷ʱµÄÃÜÂë¡£	[È¡Öµ·¶Î§] ³¤¶È´óÓÚ6ÇÒ²»³¬¹ý32λµÄ×Ö·û´®¡£ Çø·Ö´óСд£¬½¨ÒéÃÜÂëÖаüº¬´óд¡¢Ð¡Ð´×ÖĸºÍÊý×Ö¡£ [ʾÀý] admin

Ñ¡Ôñ-¸üÐÂ

ͬÀí:

ÅäÖõÚ2̨F5

Ñ¡Ôñ-¸üÐÂ

Ñ¡Ôñ- System - Gerneral Properties

Device-General

Local Traffic –Gerneral

ͬÀí:

¶Ô.µÚ2̨½øÐÐÏàͬ²Ù×÷¡£ÓëÉÏÁ½Í¼Ò»Ñù¡£²»×ö½Øͼ½éÉÜ¡£

5. µ÷Õû-ϵͳʱ¼ä

°²×°-SecureCRT & FX(Öն˷ÂÕæÆ÷)V6.5.3 Build 490

´ò¿ª-SecureCRT

È¡Ïû

Ñ¡Ôñ-ÔÚ±êÇ©Ò³ÖÐн¨Á¬½Ó

Ñ¡Ôñ-н¨»á»°

Ñ¡Ôñ-ÏÂÒ»²½

Ñ¡Ôñ-ÏÂÒ»²½

Ñ¡Ôñ-ÏÂÒ»²½

Ñ¡Ôñ-Íê³É¡£

Ñ¡Ôñ-Á¬½Ó

Ñ¡Ôñ-Ö»½ÓÊÜÒ»´Î(O)

Ñ¡Ôñ-NO

Ñ¡Ôñ-È·¶¨

ͬÑù-²Ù×÷-192.168.0.245

¼ì²é-ϵͳʱÖÓ

# date

×¢Òâ:ÏÂÃæÏÔʾµÄCST£¬Èç¹ûÄãÒªÐÞ¸Äʱ¼äҪעÒâʱÇø¡£<´Ë´¦ÔÝʱ²»ÉèÖÃʱ¼ä!>

×¢Òâ:ʱ¼ä¶¼À´Ô´ÓÚÄãµÄÎïÀí»ú£¬ÒòΪÕâÊÇ2̨VMµÄÐéÄâ»ú¡£

ÆÁÄ»ÏÔʾÀàËÆÈçÏÂÐÅÏ¢£º

Èç¹ûϵͳʱÖÓ¸úµ±Ç°Ê±¼äÓÐÆ«²î£¬ÔòʹÓÃdateÃüÁîÐÞ¸ÄϵͳʱÖÓ¡£

ÃüÁî¸ñʽΪ£ºdate MMDDHHMMYYYY.SS

ÀýÈ磺½«Ê±¼äÐÞ¸ÄΪ2010Äê1ÔÂ25ÈÕ14ʱ24·Ö40Ã루¼ÙÉèʱ¼ä£©

# date 012514242010.40

ÆÁÄ»ÏÔʾÀàËÆÈçÏÂÐÅÏ¢£º

Mon Jan 25 14:24:40 CST 2010

½«Ð޸ı£´æµ½BIOS¡£

# hwclock --systohc

6. ÉèÖÃ-²ßÂÔ-ЭÒé

ÉèÖÃЭÒ鿪·Å²ßÂÔ£¬Ê¹¸ºÔؾùºâÆ÷Äܹ»ÔÊÐíÖ¸¶¨µÄЭÒéͨ¹ý¡£

¼ì²é-ÉèÖÃ

# b base list

È·ÈÏÆÁÄ»Êä³öÖÐÊÇ·ñÓÐÈçÏÂÐÅÏ¢

self allow {

default

tcp ssh

tcp domain

tcp snmp

tcp https

tcp 4353

udp domain

udp snmp

udp efs

udp 1026

udp 4353

proto ospf

}

ÉÏÊöÐÅÏ¢±íʾһЩ»ù±¾µÄЭÒ飬ËüÃǵÄÇ°ºó˳Ðò¿ÉÒÔ²»ÓëÉÏÃæµÄÐÅÏ¢Ò»Ö£¬Ö»Òª¾ß±¸ÕâЩЭÒé¼´¿É¡£

Èç¹ûÓÐÈçϼӴֲ¿·ÖÐÅÏ¢£¬»òÐÅÏ¢ÖÐûÓаüÀ¨ÉÏÊöһЩ»ù±¾Ð­Ò飬ÔòÐèÒª¶ÔÆä½øÐÐÅäÖãº

self allow { default none }

ÔòÖ´ÐÐÒÔÏÂÃüÁʹ¸ºÔؾùºâÆ÷¶Ô»ù±¾Ð­Ò鿪·Å¡£

6.1. ÊäÈë

# b self allow { default tcp ssh tcp https udp efs tcp snmp proto ospf udp domain udp snmp tcp 4353 tcp domain udp 4353 }

6.2. ±£´æÉèÖÃ

# b base save

6.3. Èçͼ

´Ë²½ÖеÄÔÝʱδÌí¼ÓÏëÒªµÄ¶«Î÷£¬²»Ó°Ïì´ó¾Ö£¬¼ÌÐøÏòÇ°¡£

6.4. È·ÈÏÐÞ¸ÄÒѾ­³É¹¦

# more /config/bigip_base.conf

Ð޸ijɹ¦ºóbigip_base.confÎļþÖлáÓÐÈçÏÂÐÅÏ¢

self allow {

default

tcp ssh

tcp domain

tcp snmp

tcp https

tcp 4353

udp domain

udp snmp

udp efs

udp 1026

udp 4353

proto ospf

}

×¢Òâ:

·ÇµÃµ½ÏëÒªµÄЧ¹û…

°¦.ûÏëµ½ÐÞ¸ÄȨÏÞÒ²²»ÐÐ!

7. Ö´ÐÐÈçÏÂÃüÁÖØÐÂÆô¶¯¸ºÔؾùºâÆ÷

# reboot

 

±¾Îijö×Ô ¡°IT-Standardization¡± ²©¿Í£¬ÇëÎñ±Ø±£Áô´Ë³ö´¦http://dynamic.blog.51cto.com/711418/769888