Shulou(Shulou.com)06/01 Report--

F5_V11 TMSH Command Operation Manual

View the current system configuration:

# show running-config

# show running-config / net interface

# show running-config / ltm pool saves base content:

# save / sys base-config load base content:

# load / sys base-config saves system configuration:

# save / sys config load system configuration:

# load / sys config

# tmsh load sys config default # # V11 restore factory configuration

# date-s "2017-02-20 09:56:00" system time

# clock-w writes the current system time to CMOS

# hwclock-systohc time synchronization to hardware

# synchronize the time before obtaining the certificate

# how to view SSL Cipher

# tmm-clientciphers DEFAULT

#! LOWREX MD5RSAV RC4Mercy SHAV exportable DHERTV AESV on GCMV AESV DHEXIAES3DESNAV AESV 3DESMORSAV 3DESRSAVO3DESRSAVO3DESRSAVO3DESRSAVO3DESRSAVONECDHEVE ECDHEV AES:

View network configuration information:

# list / net vlan

# list / net interface

# list / net arp

# list / net route

# list / net self

# list / net self-allow

# list / net trunk

# list / ltm pool View Pool configuration information

# list / ltm pool [http-pool] View vs configuration information

# list / ltm virtual

# list / ltm virtual-address

View / sys configuration information:

# list / sys db

# list / sys httpd allow

# list / sys management-ip (check the device management port address)

# list / sys management-route (View device management port routing)

# list / sys ntp (view ntp configuration information)

# list / sys provision (check device module activation status)

# list / sys service (check the enabled status of the service)

# list / sys snmp (view snmp configuration information)

# list / sys syslog (view syslog configuration information)

Show / net command:

# show / cli history (view command line history)

# show / net arp (view arp mapping information)

# show / net interface (view statistical traffic information of each API)

# show / net route (View routing table)

# show / net vlan (view individual vlan traffic statistics)

# show / net vlan-group

# show / net trunk (view trunk traffic statistics)

Show / sys command:

# show / sys config-sync (View system configuration synchronization status information)

# show / sys connection

# show / sys connection | grep 1026 # check HA status, normal in pairs

# # 1.1.1.2 udp 53527 1.1.1.1 none 1026 1.1.1.2 none 53527 1.1.1.1

# # 1.1.1.1 udp 48582 1.1.1.2 none 1026 1.1.1.1v 4538 1.1.1.2 none 1026

# show / sys console (check the system serial port debugging speed)

# show / sys cpu

# show / sys hardware (View system hardware information)

# show / sys host-info

# show / sys raid (check hard disk raid status)

# show / sys performance system (view overall system performance)

# show / sys software (view the overall software information of the system)

# show / sys ip-address (check the ip address of the system, including all vs and pool address information)

# show / sys ip-address all-properties (view system address information, including address attributes)

# show / sys license (view system license summary information)

# show / sys license detail

# show / sys log ltm (view system log information)

# show / sys mac-address (view all mac address information in the system)

# show / sys mcp-state (check the running status of mcp)

# show / sys memory (View system memory statistics)

# show / sys ucs (view the saved ucs file name)

# show / sys version (view system software version information)

# show / sys software (view system software version information)

#

# add address to SNAT Pool

# tmsh

# ltm-- > snat

# create snatpool my_snat_pool1 members add {11.12.11.24 11.12.11.25}

#

Guide configuration

# tmsh save sys ucs test.ucs

# / var/local/ucs (ucs directory)

# tmsh load / sys ucs xxxx.ucs no-license (Import configuration V11)

# load / sys ucs xxxx.ucs rma (v10-here's a trick: entering rma won't restore the certificate, so you don't need to reactivate it)

# save / sys config

# tmsh load sys ucs [ucs file name] no-platform-check no-license

Save / sys config

(tmos.ltm) # # show persistence persist-records all-properties (view session persistence table)

# # tmsh show ltm persistence persist-records | grep 8.32 (view session persistence table)

(tmos.ltm) # delete persistence persist-records (delete session persistence)

Use of help commands:

# help / net

# help / net vlan

The use of shortcut keys:

Ctrl + C (discard the command you are currently entering)

Ctrl + A (move the cursor to the beginning)

Use the relevant test commands in tmsh mode:

# run util ping 1.1.1.1 (perform ping operation)

# run util tcpdump (perform tcpdump packet capture analysis)

# run util tracepath 1.1.1.1 (perform tracepath operation)

Create and delete pool: # create / ltm pool [abc] # delete / ltm pool [abc]

Modify the irules content: # edit / ltm rule [replace-302] install the operating system and

#

#

# upload the system to / shared/images

# install system patch:

# install sys software image BIGIP-10.0.0.5376.0.iso volume HD1.2

# install hotfix Hotfix-BIGIP-9.6.1-824.0-HF3.im volume HD1.1

# check the installation progress.

# # root@ (big-ip1) (cfg-sync Standalone) (Active) (/ Common) (tmos) # quit

# # [root@big-ip1:Active:Standalone] images # watch tmsh show sys software status

#

#

Reset the statistics of pool and vs:

# reset-stats / ltm pool

# reset-stats / ltm pool [http-pool]

# reset-stats / ltm virtual

# reset-stats / ltm virtual [vs-test-80]

Start, stop, restart a service in the system:

# start / sys service [snmpd]

# stop / sys service [snmpd]

# restart / sys service [snmpd]

# bigstart status snmpd: check the running status of the process

Define and delete aliases:

# create / cli alias [xx] command ["save / sys config"]

# delete / cli alias [xx] create pool

And add pool-member:

# create / ltm pool [abc] members add {9.9.9.9:http 7.7.7.7:http} pair created

Pool adds health check methods:

# modify / ltm pool [abc] monitor http

# modify / ltm pool [abc] monitor http and https # modify / ltm pool [abc] monitor none create vs, use source address session persistence, and specify the default pool

# create / ltm virtual abcd {destination 6.6.6.6:http persist replace-all-with {source_addr} pool a

Quit: exit tmos

Ifconfig view all IP

CRT---SFTP

Sftp > cd / var/log # cd directory

Sftp > lcd c:\ # lcd local purpose

Sftp > get ltm # get the log of ltm

Tcpdump-I eth2-w / tmp/xxx.cap

# modify syslog

# modify syslog remote-servers delte XX

Command line login device

Input: tmsh

Input: edit sys syslog all-properties

Change include none to

Include "

Filter f_remote_loghost {

Level (notice..emerg)

}

Destination d_remote_loghost {

Udp (\ "145.0.132.11\" port (514))

Udp (\ "145.0.131.11\" port (514))

Udp (\ "145.0.133.11\" port (514))

}

Log {

Source (s_syslog_pipe)

Filter (f_remote_loghost)

Destination (d_remote_loghost)

}

"

This machine: 172.18.126.104

Certificate directory: (download certificate)

1./config/filestore/files_d/Common_d/certificate_d

2./config/filestore/files_d/Common_d/certificate_key_d

Qkview tool can collect configuration information and log information on BIG-IP for offline fault diagnosis.

1. Method 1: execute # qkview on the command line, and the output file is saved in / var/tmp/.out Note: .out files need to be transferred in ASCII format if transferred through ftp.

two。 Method 2: if it is managed through the Web interface, it can be managed by System-- > > Support-- > > Qkview

# full_box_reboot: upgrade and restart

# switchboot

-s snaplen snaplen represents the number of bytes intercepted from a packet. 0 means that the packet is not truncated and the complete packet is captured. By default, tcpdump displays only part of the packet, with a default of 68 bytes.

-v outputs a slightly more detailed information, such as ttl and service type information that can be included in the ip package

Tcpdump-ni0.0-S0-w / var/tmp/test.cap host 146.240.31.148-vvv

Ssldump-I 1.1 host 145.255.248.82

The configuration file is in the config directory

Cp syslog-ng.conf syslog-ng.conf.default / / backup the configuration file of the original syslog-ng; the old version

Show persistence persist-records all-properties

More / var/log/ltm

Show sys connection ss-server-addr 192.168.1.1 ss-server-port 90

USB disk boot installation system

# # image2disk-instslot=HD1.3

#

#

# change the system port to display as a number

List cli global-setting service

Modify cli global-setting service number

-

Create net route 10.0.0.0/24 gw 10.128.10.1

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.