Last Modified: Apr 24, 2024
Affected Product(s):
BIG-IP All
Known Affected Versions:
13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.2, 13.1.1.3, 13.1.1.4, 13.1.1.5, 13.1.3, 13.1.3.1, 13.1.3.2, 13.1.3.3, 13.1.3.4, 13.1.3.5, 13.1.3.6, 13.1.4, 13.1.4.1, 13.1.5, 13.1.5.1, 14.0.0, 14.0.0.1, 14.0.0.2, 14.0.0.3, 14.0.0.4, 14.0.0.5, 14.0.1, 14.0.1.1, 14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.5, 14.1.0.6, 14.1.2, 14.1.2.1, 14.1.2.2, 14.1.2.3, 14.1.2.4, 14.1.2.5, 14.1.2.6, 14.1.2.7, 14.1.2.8, 14.1.3, 14.1.3.1, 14.1.4, 14.1.4.1, 14.1.4.2, 14.1.4.3, 14.1.4.4, 14.1.4.5, 14.1.4.6, 14.1.5, 14.1.5.1, 14.1.5.2, 14.1.5.3, 14.1.5.4, 14.1.5.6, 15.0.0, 15.0.1, 15.0.1.1, 15.0.1.2, 15.0.1.3, 15.0.1.4, 15.1.0, 15.1.0.1, 15.1.0.2, 15.1.0.3, 15.1.0.4, 15.1.0.5, 15.1.1, 15.1.2, 15.1.2.1, 15.1.3, 15.1.3.1, 15.1.4, 15.1.4.1, 15.1.5, 15.1.5.1, 15.1.6, 15.1.6.1, 15.1.7, 15.1.8, 15.1.8.1, 15.1.8.2, 15.1.9, 15.1.9.1, 15.1.10, 15.1.10.2, 15.1.10.3, 15.1.10.4, 16.0.0, 16.0.0.1, 16.0.1, 16.0.1.1, 16.0.1.2, 16.1.2.2, 16.1.3, 16.1.3.1, 16.1.3.2, 16.1.3.3, 16.1.3.4, 16.1.3.5, 16.1.4, 16.1.4.1, 16.1.4.2, 16.1.4.3
Opened: Nov 25, 2019 Severity: 3-Major
It is not possible to disable the management port on BIG-IP platforms. Note that interface 'mgmt' appears in the 'net' tmsh component, and the utility allows a BIG-IP Administrator to disable that interface. However, should that be attempted, nothing happens as a result of that command and the interface remains fully up.
It is not possible to disable the management port on BIG-IP platforms. BIG-IP Administrators may not be able to carry out planned maintenance as they had originally intended.
A BIG-IP Administrator attempts to disable the 'mgmt' interface via the tmsh utility.
Instead of disabling the management port on the BIG-IP system, disable the port on your switch that the management port connects to. For BIG-IP Virtual Edition (VE), you can disable (disconnect) the interface corresponding to the management port at the hypervisor level. Please note it is not recommended to disable the BIG-IP system's management port by invoking utilities such as 'ifconfig' or 'ip' from Linux. First, these commands do not actually disable the front management port link, and the connecting network device will continue to see the port as up. Second, on some BIG-IP platforms, disabling the management port from Linux may cause some daemons to malfunction as their connection to certain hardware components becomes disrupted. Third, bringing down and then up again the management interface from Linux does not restore any management routes that you may have. That includes both the default management route and other more specific static routes you may have created. In the event you have already used 'ifconfig' or 'ip' commands to disable and then re-enable the management interface from Linux, you can restore your management routes by performing one of the following actions: 1) Reboot the system. 2) Change each of the affected routes twice (first to a dummy next-hop and then to the real one) using the tmsh utility, e.g.: tmsh modify sys management-route default gateway 10.215.50.2 tmsh modify sys management-route default gateway 10.215.50.1 3) Add the routes back to Linux yourself by using the 'route' or 'ip' commands, e.g.: route add -host 10.154.1.241 gw 10.215.50.1 route add -net 192.168.1.0/24 gw 10.215.50.1 or ip route add 10.154.1.241 via 10.215.50.1 ip route add 192.168.1.0/24 via 10.215.50.1
None