BigIP 3400 management not accessible

Question

Hello, 
&nbsp;  
&nbsp; I upgraded by BigIP 3400 LTM from TMOS 9.3.0 to TMOS 9.4.5, two days back. After upgrading the unit to 9.4.5 build, I was able to access the BigIP via HTTPS and SSH, however after restoring the backed up config file (.ucs) I was unable to access the GUI and after few minutes even I could not SSH. The ping responses also failed at the same time!!! 
&nbsp;  
&nbsp; Strange thing is I can very well access the BigIP from console!!! When I ping the remote PC connected to mgmt. network of BigIP I see the MAC address entry in the ARP cache of eth0 but cannot see any ICMP reply from remote end. Suspecting a problem in remote PC I also tried to connect to the Mgmt port to my laptop with cross cable and appropriate IP address &amp; subnet masks (configured on the laptop), but still unable to login via SSH and HTTPS.  
&nbsp;  
&nbsp; Surprisingly, the other peer BigIP that was upgraded to 9.4.5 from 9.3.0 is working well. It is very well accessible via console, HTTPS and SSH.  
&nbsp;  
&nbsp; What could be the probable issue here?  
&nbsp;  
&nbsp; Appreciate your inputs on this. Thanks in advance.  
&nbsp;  
&nbsp; Sagar 
&nbsp; sagar.brit@gmail.com 
&nbsp; sshah@venturiwireless.com

dennypayne · Answer

UCS files are not designed to be cross-version, so I'm actually surprised that the other one works after loading a 9.3.0 config.  There's probably something in the config that is failing to load because the syntax changed between 9.3.0 and 9.4.5.  You could try manually doing a bigpipe load on the command line and see if you can tell where it fails, and then manually edit the file to remove the offending line.  
    
  The proper way to upgrade (should be documented in the release notes) is to save a current config file as /config.ucs   
    
  bigpipe config save /config.ucs  
    
  and then run the local-install im file.  It will then give you the option to roll the previous config forward.  Then you don't need to restore a config.  
    
  Hope that helps,  
  Denny

hooleylist · Answer

As Denny suggests, ideally you roll forward the existing UCS to the new version during the upgrade.  If one unit is working, you could reset the configuration to defaults and then manually configure the basics including the VLAN and self IP used to sync the config.  You could then sync the config from the good unit to the bad one.  This might be quicker than trying to manually hack the 9.3.0 config files into the expected 9.4.x format. 
&nbsp;  
&nbsp; Aaron

sagar_shah_9610 · Answer

Hey guys thanks a ton for sending in your responses... My local F5 support partner in India mentioned they've seen similar problems with 9.4.x releases. I rolled over the config and tried reconfiguring the box still it worked for few hours but later on the management access went away. However, following solution seems to be working - 
&nbsp;  
&nbsp; ip rule add from  lookup 245 
&nbsp; echo "ip rule add from  lookup 245" &gt;&gt; /config/startup 
&nbsp;  
&nbsp; Hope this helps anyone who runs into problems later on in future with mgmt. access using 9.4.x TMOS releases. 
&nbsp;  
&nbsp; Thanks. 
&nbsp; Sagar.

Forum Discussion

BigIP 3400 management not accessible

3 Replies

Recent Discussions

ASM - Parent policy vs OWASPcompliance

Rewrite uri translation not working

CONNECTION IS LOST DUE TO SELF IP IS DELIVERED

APM OCSP Responder Issues

no available managed rule groups for Israel il-central-1

Related Content

Federated AWS Console Access Made Easy: F5 BIG-IP Access Policy Manager Access Guided Configurations

Reviewing vulnerability scanner results for an Access Policy Manager (APM) protected Virtual Server

Re: BigIP Report

F5 BIG-IP Access Policy Manager (APM) - Idp integration - Cisco vManage

Harnessing the power of F5 BIG-IP Access Policy Manager (APM) and Microsoft