Useful F5 TMSH commands

Useful F5 TMSH commands

These are TMSH commands I've needed repeatedly during lab work, where I've frequently had to setup a Virtual Edition F5 to test something out.  As always the idea if to get the mgmt interface reachable so you can use the GUI to license the box (physical or virtual) and complete setup.
TMSH came in with 11.4 I think but can't remember.  The management interface traditionally always came up with 192.168.1.245, but these days finally has a DHCP client available, theres plenty of times when that doesn't work or needs turning on though.

To add a static route to the mgmt interface:
tmsh
sys
create management-ip x.x.x.x/24
create management-route default gateway x.x.x.x
save config

Alternatively to activate the DHCP client:
tmsh modify sys db dhclient.mgmt value enabled

To add a default route:
tmsh create net route 0.0.0.0/0 gw x.x.x.x

save /sys config

After configuring AD, this is a handy way to test:
adtest -t auth -r "sjhwilkes.local" -u shamilton -w "password"

Installing new TMOS image from CLI:
tmsh install sys software image BIGIP-11.6.0.0.0.401.iso volume HD1.2 create-volume

When troubleshooting packet flow this is a helpful little guide to how internal routing works.  Experienced F5 folk understand the great power these boxes have, but a lot of complexity comes along with that - this is where the whole ADC/load balancer debate comes in.  Clearly I'm biased, but there's a world of things that can be done with an F5 which in my opinion makes it an Application Delivery Controller.  As to where exactly the distinguishing line falls and what other devices are where, gets into religion real fast...

1) Look for a match in a packet filter rule

2) Look for a virtual server match

3) Examine source IP for a stand alone SNAT

4) Check if the destination is a NAT

5) Check for a match with a self-IP

6) Search for an existing connection