net self
net self(1) BIG-IP TMSH Manual net self(1)
NAME
self - Configures a self IP address for a VLAN.
MODULE
net
SYNTAX
Modify the self component within the net module using the syntax shown
in the following sections.
CREATE/MODIFY
create self [name]
modify self [name]
options:
address [ip address/netmask]
address-source [from-management | from-user]
allow-service [all | default | none]
allow-service
[add | delete | replace-all-with] {
[protocol:port] ...
}
app-service [[string] | none]
description [string]
fw-enforced-policy [ [policy_name] | none ]
fw-staged-policy [ [policy_name] | none ]
service-policy [ [policy_name] | none ]
traffic-group [[string] | default | non-default | none]
vlan [name]
edit self [
[ [name] | [glob] | [regex] ] ... ]
options:
all-properties
non-default-properties
reset-stats self [ [ [name] | [glob] | [regex] ] ... ]
fw-enforced-policy-rules { [rule name] }
fw-staged-policy-rules { [rule name] }
options:
fw-context-stat
mv self [ [[source-name] [destination-name]] | [[name] to-folder [folder-name]] | [[name...name] to-folder [folder-name]] ]
options:
to-folder
DISPLAY
list self
list self
[ [ [name] | [glob] | [regex] ] ... ]
show running-config self
show running-config self
[ [ [name] | [glob] | [regex] ] ... ]
options:
all-properties
non-default-properties
one-line
show self [name]
options:
fw-context-stat
DELETE
delete self [name]
DESCRIPTION
A self IP address is an IP address that is assigned to the system. Self
IP addresses are part of the configuration of the BIG-IP(r) network
components. You must define at least one self IP address for each VLAN.
EXAMPLES
create self mySelf address 10.10.10.24/16 vlan internal
Adds the self IP address 10.10.10.24 to the VLAN named internal. This
entry is named mySelf. Alternatively, the name can encompass the IP
address and mask fields, like the following example.
create self 10.10.10.24/16 vlan internal
Adds the self IP address 10.10.10.24 to the VLAN named internal.
modify self 10.1.1.1/16 vlan external traffic-group
/Common/traffic-group-1
Enables a floating IP address on the external VLAN. The traffic-group
option makes this virtual address available to whichever device is
active on the given traffic-group. In other words, when the standby
device becomes the active device for that traffic-group, it uses this
virtual address. Only one of the devices in the traffic-group can use
the IP address at any given time.
mv /net self /Common/10.10.10.15/24 /Common/myselfIP2
Moves/Renames the Self IP from 10.10.10.15/24 to myselfIP2.
Note: If you wish to change the name of the self IP, you may use a name
that is the same as the IP Address or a name that does not represent a
different IP Address than the one configured. If using prefix-length
adornment on the name, it must match the existing prefix-length/netmask
for the self IP.
Please refer to the mv manual page for additional examples on how to
use the mv command.
Options
allow-service
Specifies the type of protocol/service that the VLAN handles. If
you use this property to allow SSH, HTTP, and/or HTTPS service,
administrators can use this self-IP address to log into the BIG-IP
system; this makes the current self-IP available as a management-
IP address on the VLAN.
The options are:
add Adds the specified protocol/service to the VLAN.
all Specifies that the VLAN handles all protocols/services.
app-service
Specifies the name of the application service to which the
object belongs. The default value is none. Note: If the
strict-updates option is enabled on the application service
that owns the object, you cannot modify or delete the object.
Only the application service can modify or delete the object.
default
Specifies that the system uses a pre-defined set of network
protocols/services that are commonly required for BIG-IP
deployment. You can customize this set of services with the
self-allow component.
This is not the default for the allow-service property; none,
described below, is the actual default.
delete
Removes the specified protocol/service from the VLAN.
none Specifies that the VLAN handles no protocols/services. This
is the default setting for a self IP address.
replace-all-with
Replaces the current protocol/service that the VLAN handles
with the specified protocol/service.
address
Specifies the IP address and netmask to be assigned to the system.
This is an optional field. If not specified, the name of the entry
must appear in the format [ip address/mask].
address-source
Specifies the source of the self IP. This is an optional field. If
not specified, the default value of from-user is used.
The options are:
from-management
Assigns the self IP with the management IP rather than the
provided address or entry name.
from-user
Assigns the self IP with the provided address or entry name.
fw-context-stat
Used to show or reset firewall statistics for the self IP.
description
User-defined description.
floating
Read-only property based on the traffic-group. A floating self IP
address is a self IP address for a VLAN that serves as a shared
address by all devices of a BIG-IP traffic-group.
fw-enforced-policy
Specifies an enforced firewall policy. fw-enforced-policy rules
are enforced on a self IP address.
fw-enforced-policy-rules
Specifies firewall rules enforced on net self via referenced fw-
enforced-policy.
fw-staged-policy
Specifies a staged firewall policy. fw-staged-policy rules are not
enforced while all the visibility aspects namely statistics,
reporting and logging function as if the fw-staged-policy rules
were enforced on a self IP address.
service-policy
Configures the service policy for the self IP address. If set, it
will enforce the service policy for incoming network traffic. The
service policy can be used to set specific policy based
configurations like flow timers, which applies to the flows that
matches the policy specification.
fw-staged-policy-rules
Specifies firewall rules staged on net self via referenced fw-
staged-policy.
glob Displays the items that match the glob expression. See help glob
for a description of glob expression syntax.
regex
Displays the items that match the regular expression. The regular
expression must be preceded by an at sign (@[regular expression])
to indicate that the identifier is a regular expression. See help
regex for a description of regular expression syntax.
unit Read-only property that specifies the unit in a redundant system.
Based on traffic-group.
traffic-group
Specifies the traffic group of the self IP address. The default
traffic group is traffic-group-local-only, the non-floating
traffic-group.
inherited-traffic-group
Read-only property that indicates if the traffic-group is
inherited from the parent folder.
vlan Specifies the VLAN for which you are setting a self IP address.
This option is required.
SEE ALSO
create, delete, edit, glob, list, modify, mv, net self-allow, net
service-policy, net vlan, net vlan-group, regex, security log profile,
show, tmsh
COPYRIGHT
No part of this program may be reproduced or transmitted in any form or
by any means, electronic or mechanical, including photocopying,
recording, or information storage and retrieval systems, for any
purpose other than the purchaser's personal use, without the express
written permission of F5 Networks, Inc.
F5 Networks and BIG-IP (c) Copyright 2008-2013, 2016. All rights
reserved.
BIG-IP 2017-09-06 net self(1)