F5 Device Troubleshooting CLI Commands

I have segregated some F5 commands and theory in configuration and troubleshooting

format, which further are separated as System, Software, Network, Directories and Backup
System

Commands Explanation
Config# tmsh reboot Device reboot
config # shutdown -r now
config # shutdown -H now Device operation will halt, but will
be powered ON
config # shutdown -P now Device will power OFF
Config# switchboot -l Shows current, default and
available boot images
Tmos# reboot volume HD1.1 to boot the BIG-IP system to
volume HD1.1 running BIG-IP
12.0.0, Current config is not
restored after reboot
Tmos# show sys hardware Device show number details
(tmos)# show sys hardware | grep Appliance Serial
(tmos)# show cm device Hostname, Mgmt Ip
#tmsh show /sys license | less shows license
# qkview qkview utility is a script,
# qkview -s0 -f /var/tmp/f5waf25.qkview automatically collects
configuration and diagnostic
information from f5
# tar -czpf /var/tmp/logfiles.tar.gz /var/log/* Create a tar archive named
logfiles.tar.gz in the /var/tmp
directory which contains all the
files in the /var/log directory
config # bigstart status command returns output for
config # bigstart status | grep mcpd daemons related to the
unprovisioned module
Config# ntpq –pn Check system time is in sync with
ntp server
Config# ntpstat Stratum and in sync
Config# top Real time cpu utilization
Config# ps –ef Cpu utilization with each PID
Config# keyswap.sh sccp To verify that the BIG-IP system
synchronized the new or replaced
secure shell (SSH) keys with the
Switch Card Control Processor
(SCCP)
config # tmsh show sys log Logs shown
 Sys::Log

daemon : Unix Daemon Logs

gtm : Global Traffic Manager Logs
kernel : Linux Kernel Messages
ltm : Local Traffic Manager Logs
mail : Mail Daemon Logs
messages : Application Messages
security : Security Related Messages
tmm : Traffic Manager Microkernel Logs
user : Various user process logs
webui : Logs for the Web User Interface
audit : Audits of configuration changes
Config# zcat can run the Linux zcat command
at the system prompt to expand the
codes in log messages to provide
more information.

Software

Commands Explanation
Tmos#show sys version OS version details
Tmos# show sys software To view the complete list of currently
installed software images
Tmos# list sys software image To view the software images available
for installation in /shared/images/
Tmos# show sys software status To show the status of the hotfix
installation
Config# md5sum /shared/images/BIGIP- to obtain the MD5 checksum value for
12.0.0.0.0.606.iso the BIG-IP 12.0.0 .iso file
Config# md5sum --check Hotfix-BIGIP-11.0.0- output verifies the integrity of the
8120.0-HF1.iso.md5 Hotfix-BIGIP-11.0.0-8120.0-HF1.iso
file
Config# md5sum -c EUD_B-11.4.0.4.0.im.md5 to check the EUD ISO or IM file
integrity

Network

Commands Explanation
#tmsh list sys management-ip Shows system management IP
address
Root# netstat –nr/-r Route table of F5 with default
gateway
# tmsh list net self-allow Port lockdown - the default
supported protocols and services
#nslookup www.stonegreyband.com check system is able to resolve
# dig www.stonegreyband.com names
(tmos.net)#show interface <interface_key> Display the current status of a
# tmsh show net interface specific interface
(tmos.net)#show interface Display the current status of all
interfaces.
config # tmsh list net interface media-active vendor SFP device serial number
serial
config # tmsh list net interface all-properties All interface details
(tmos)# list net interface media-capabilities Display the valid media types for a
specific interface. 100TX-
HD,1000T-FD
Config# ifconfig eth0 Interface eth0 details
Config# ping --help Ping command options
(tmos)# ping -I 192.168.1.245 192.168.1.246 PING 192.168.1.246
(192.168.1.246) from
192.168.1.245 : 56(84) bytes of
data
Config# telnet 10.2.0.11 80 Command to server for port 80
Get / http/1.1 service confirmation
Config# curl http://10.2.0.11 Html content from server
TCPDUMP
tcpdump -ni /<partition_name>/<vlan_name> when you run tcpdump on a
VLAN that resides in a non-
default partition, you must specify
the path to the VLAN object in
the tcpdump syntax
tmsh show /sys hardware |grep–ipva To determine whether your
platform contains a PVA chip
mergecap -a file1 file2 file3 file4 -w combined_file After all tcpdump processes are
completed, combine them into a
single file
tcpdump -ni<interface_number> tcpdump on a hardware switch
interface, it is rate-limited to 200
packets per second
tcpdump -ni 0.0 captures traffic from all VLANs in
all route domains when you invoke
it from the default route domain
tcpdump –i /common/internal –c 30 30 packets capture on internal
VLAN
tcpdump –i internal / 1.2 / eth0 by default it captures starting/firs
t96 bytes of a packet
tcpdump –i internal –s0 not restricting packet size for
capture, will capture full packet
tcpdump –i internal –nn -nn means no name resolution in
capture output
tcpdump –i 0.0 –w /var/tmp/New-TCPDMP.pcap capture all interface traffic and
write it to a file a given location
 tcpdump –i 0.0 –s0 arp –nn will capture ARP protocol packets
only
tcpdump –i 0.0:p host 192.168.1.101 –nn :p peer side when SNAT is used
we want to see server side
communication of the same host
with NAT address as well
tcpdump –i 0.0:p host 192.168.1.101 –nn and not tcp exclude tcp port 443 packet
port 443 communication, and net
172.16.1.0/24 IP in the network
172.16.1.0/24

Backup

Commands Explanation
(tmos)# list /sys ucs Shows details of file in
/var/local/ucs/
Tmos# show sys ucs
Tmos# save sys ucsfilename.ucs Creates ucs backup file for current
config
Tmos# save sys ucsfilename.ucs Creates ucs backup file for current
config
# save /sys ucs /var/tmp/MyUCS.ucs passphrase encrypt the UCS archive with a
password passphrase
# save /sys ucs /var/tmp/MyUCS.ucs no-private-key exclude SSL private keys from the
UCS archive

Happy Reading…

Follow for more updates: https://www.linkedin.com/in/rakesh-sa-b2b664167

Thanks

Rakesh