1

TMSH

BIG-IP system can also be configured using the command line interface(CLI) using what is known as the
“Traffic Management Shell or TMSH” TMSH is used for administering the device and performing specific
BIG-IP operations. You can also view statistics and performance data about the device.

Accessing the TMSH:

In order to access tmsh, you will first need to verify your access. In order to do so, you can review user
account under System>Users>User List and clicking on the name of the user.

RAKESH https://www.linkedin.com/in/rakesh-sa-b2b664167
 2

Understanding the Hierarchical Structure of tmsh:

Text Configuration Files:

The text configuration is stored in multiple files under the /config directory. These files include:

• bigip.conf – This file contains objects for managing local traffic including virtual servers, load
balancing pools, profiles, policies, SNAT’s and traffic group object associations.
• bigip_base.conf-This file contains the BIG-IP system specific configuration such as network
components which include self-IP addresses, VLANs, interfaces, device trust certificates and
traffic group definitions. When you synchronise the configuration between multiple BIG-IP
devices, this file will not be transferred and is device specific.
• bigip_user.conf-this file contains all user roles on the BIG-IP system.

tmsh load sys config: manages the following

• Rebuilds all local traffic object stored in the bigip.conf

• Rebuilds all network objects stored in bigip_base.conf
• Rebuilds all system user accounts stored in bigip_user.conf
• Maintains the management IP address
• Maintains the BIG-IP license file

RAKESH https://www.linkedin.com/in/rakesh-sa-b2b664167
 3

• Maintains the files stored under/shared/folder

• Maintains modified bigdb variables

Administrative Partitions:

A BIG_IP device gives you the ability to create additional user accounts and assign specific user roles to
each of these accounts. This is beneficial because it gives you the ability to divide your administrative
tasks among different employees which limiting the access each user has to only that required.

F5 has taken this a bit further and enables you to divide the configuration of the BIG-IP device into
different Administrative Partitions. This enables you to segment your configuration into different
application groups where each administrative group responsible for that application will get their
respective rights. Each administrative group will only work in their own administrative partitions this
prohibiting from affecting other applications.

RAKESH https://www.linkedin.com/in/rakesh-sa-b2b664167
 4

The following objects can be divided into separate partitions:

Shutting Down and Restarting the BIG-IP system:

• Using the WebGUI

• LCD Panel
• AOM
• bigstart restart

TMSH Structure:

RAKESH https://www.linkedin.com/in/rakesh-sa-b2b664167
 5

List – VIP

List – Pool

RAKESH https://www.linkedin.com/in/rakesh-sa-b2b664167
 6

List - SSL Profiles

List – Monitor

RAKESH https://www.linkedin.com/in/rakesh-sa-b2b664167
 7

List – Persistent

Network

Config Sync

RAKESH https://www.linkedin.com/in/rakesh-sa-b2b664167
 8

UCS

Running config vs startup config

Create- Monitor

RAKESH https://www.linkedin.com/in/rakesh-sa-b2b664167
 9

Create – Pool

Create – SSL profile

RAKESH https://www.linkedin.com/in/rakesh-sa-b2b664167
 10

Create- VIP

Modify

RAKESH https://www.linkedin.com/in/rakesh-sa-b2b664167
 11

Config merge

CLI re-License

THANK YOU FOR READING

RAKESH https://www.linkedin.com/in/rakesh-sa-b2b664167
 12

RAKESH https://www.linkedin.com/in/rakesh-sa-b2b664167