net self
net self(1) BIG-IP TMSH Manual net self(1)
NAME
self - Configures a self IP address for a VLAN.
MODULE
net
SYNTAX
Modify the self component within the net module using the syntax shown in the following sections.
CREATE/MODIFY
create self [name]
modify self [name]
options:
address [ip address/netmask]
address-source [from-management | from-user]
allow-service [all | default | none]
allow-service
[add | delete | replace-all-with] {
[protocol:port] ...
}
app-service [[string] | none]
description [string]
fw-enforced-policy [ [policy_name] | none ]
fw-staged-policy [ [policy_name] | none ]
service-policy [ [policy_name] | none ]
traffic-group [[string] | default | non-default | none]
vlan [name]
edit self [
[ [name] | [glob] | [regex] ] ... ]
options:
all-properties
non-default-properties
reset-stats self [ [ [name] | [glob] | [regex] ] ... ]
fw-enforced-policy-rules { [rule name] }
fw-staged-policy-rules { [rule name] }
options:
fw-context-stat
mv self [ [[source-name] [destination-name]] | [[name] to-folder [folder-name]] | [[name...name] to-folder [folder-name]] ]
options:
to-folder
DISPLAY
list self
list self
[ [ [name] | [glob] | [regex] ] ... ]
show running-config self
show running-config self
[ [ [name] | [glob] | [regex] ] ... ]
options:
all-properties
non-default-properties
one-line
show self [name]
options:
fw-context-stat
DELETE
delete self [name]
DESCRIPTION
A self IP address is an IP address that is assigned to the system. Self IP addresses are part of the
configuration of the BIG-IP(r) network components. You must define at least one self IP address for each VLAN.
EXAMPLES
create self mySelf address 10.10.10.24/16 vlan internal
Adds the self IP address 10.10.10.24 to the VLAN named internal. This entry is named mySelf. Alternatively,
the name can encompass the IP address and mask fields, like the following example.
create self 10.10.10.24/16 vlan internal
Adds the self IP address 10.10.10.24 to the VLAN named internal.
modify self 10.1.1.1/16 vlan external traffic-group /Common/traffic-group-1
Enables a floating IP address on the external VLAN. The traffic-group option makes this virtual address
available to whichever device is active on the given traffic-group. In other words, when the standby device
becomes the active device for that traffic-group, it uses this virtual address. Only one of the devices in the
traffic-group can use the IP address at any given time.
mv /net self /Common/10.10.10.15/24 /Common/myselfIP2
Moves/Renames the Self IP from 10.10.10.15/24 to myselfIP2.
Note: If you wish to change the name of the self IP, you may use a name that is the same as the IP Address or
a name that does not represent a different IP Address than the one configured. If using prefix-length
adornment on the name, it must match the existing prefix-length/netmask for the self IP.
Please refer to the mv manual page for additional examples on how to use the mv command.
Options
allow-service
Specifies the type of protocol/service that the VLAN handles. If you use this property to allow SSH,
HTTP, and/or HTTPS service, administrators can use this self-IP address to log into the BIG-IP system;
this makes the current self-IP available as a management-IP address on the VLAN.
The options are:
add Adds the specified protocol/service to the VLAN.
all Specifies that the VLAN handles all protocols/services.
app-service
Specifies the name of the application service to which the object belongs. The default value is
none. Note: If the strict-updates option is enabled on the application service that owns the object,
you cannot modify or delete the object. Only the application service can modify or delete the
object.
default
Specifies that the system uses a pre-defined set of network protocols/services that are commonly
required for BIG-IP deployment. You can customize this set of services with the self-allow
component.
This is not the default for the allow-service property; none, described below, is the actual
default.
delete
Removes the specified protocol/service from the VLAN.
none Specifies that the VLAN handles no protocols/services. This is the default setting for a self IP
address.
replace-all-with
Replaces the current protocol/service that the VLAN handles with the specified protocol/service.
address
Specifies the IP address and netmask to be assigned to the system. This is an optional field. If not
specified, the name of the entry must appear in the format [ip address/mask].
address-source
Specifies the source of the self IP. This is an optional field. If not specified, the default value of
from-user is used.
The options are:
from-management
Assigns the self IP with the management IP rather than the provided address or entry name.
from-user
Assigns the self IP with the provided address or entry name.
fw-context-stat
Used to show or reset firewall statistics for the self IP.
description
User-defined description.
floating
Read-only property based on the traffic-group. A floating self IP address is a self IP address for a VLAN
that serves as a shared address by all devices of a BIG-IP traffic-group.
fw-enforced-policy
Specifies an enforced firewall policy. fw-enforced-policy rules are enforced on a self IP address.
fw-enforced-policy-rules
Specifies firewall rules enforced on net self via referenced fw-enforced-policy.
fw-staged-policy
Specifies a staged firewall policy. fw-staged-policy rules are not enforced while all the visibility
aspects namely statistics, reporting and logging function as if the fw-staged-policy rules were enforced
on a self IP address.
service-policy
Configures the service policy for the self IP address. If set, it will enforce the service policy for
incoming network traffic. The service policy can be used to set specific policy based configurations like
flow timers, which applies to the flows that matches the policy specification.
fw-staged-policy-rules
Specifies firewall rules staged on net self via referenced fw-staged-policy.
glob Displays the items that match the glob expression. See help glob for a description of glob expression
syntax.
regex
Displays the items that match the regular expression. The regular expression must be preceded by an at
sign (@[regular expression]) to indicate that the identifier is a regular expression. See help regex for
a description of regular expression syntax.
unit Read-only property that specifies the unit in a redundant system. Based on traffic-group.
traffic-group
Specifies the traffic group of the self IP address. The default traffic group is traffic-group-local-
only, the non-floating traffic-group.
inherited-traffic-group
Read-only property that indicates if the traffic-group is inherited from the parent folder.
vlan Specifies the VLAN for which you are setting a self IP address. This option is required.
SEE ALSO
create, delete, edit, glob, list, modify, mv, net self-allow, net service-policy, net vlan, net vlan-group,
regex, security log profile, show, tmsh
COPYRIGHT
No part of this program may be reproduced or transmitted in any form or by any means, electronic or
mechanical, including photocopying, recording, or information storage and retrieval systems, for any purpose
other than the purchaser's personal use, without the express written permission of F5 Networks, Inc.
F5 Networks and BIG-IP (c) Copyright 2008-2013, 2016. All rights reserved.
BIG-IP 2017-09-06 net self(1)