F5 Networks
Exam - 201 TMOS Administration
Prerequisite: Exam 101- ADF| This exam based on v13.1
Important Notes:
There is no official book to study for the exam
There is no dump for the exam, only practice exam offered by F5 to give you idea about exam questions
Watching Videos @ CBT nuggets, YouTube etc... can help to speed up your learning, but not guaranteed to pass the exam you need to do a lot of reading and practice
Download all DevCentral videos on YouTube!
Download 201 bootcamp Videos on YouTube, it's for old exam version but it's still extremely useful for this exam
Register for LearnF5 - Bunch of free good courses by F5
Download TMSH Command Reference , you don't have to read it all, only read related topics i.e how to create self-ip or vlan (net_self.html) & (net_vlan.html)
Download BIG-IP virtual edition from F5 Downloads and request 2 licenses for HA from Free Trials
you can practice on VMware or F5 201 - TMOS Administration Labs
You have to learn Linux Basics, you can find really good free English / Arabic courses on YouTube, and can read Linux journey
Yes, there are a lot of links, the goal is not only pass the exam but to be a good F5 admin
Special thanks to (Eric Mitchell, Jason Rahm, John Wagnon and Peter Silva)
Study Plan
Section 1: Troubleshoot basic connectivity issues
1.01 - Explain the relationship between interfaces, trunks, VLANs, self-IPs, route and their status / statistics:
Illustrate the use of a trunk in a BIG-IP solution
Demonstrate ability to assign VLAN to interface and/or trunk
Identify, based on traffic, which VLAN/route/egress IP would be used
Distinguish between tagged vs untagged VLAN
Compare Interface status (Up/Down)
Explain the dependencies of interfaces/trunks, vlans, self-IPs
Notes:
if you have Cisco networking background:
Access port (cisco) = untagged port
Trunk port (cisco) = tagged port (802.1Q)
PortChannel or EtherChannel (Cisco) = Trunk or Bundle or Link Aggregation
interface (cisco) = Same concept all about speed/duplex up/down
ip address (cisco) = self-ip
Vlans in F5 world similar to firewall zones
1.02 - Determine expected traffic behavior based on configuration:
Consider the packet and/or virtual server processing order (wildcard vips)
Identify traffic diverted due to status of traffic objects (vs, pool, pool member)
Identify traffic diverted due to persistence
Determine the egress source IP based on configuration
Identify when connection/rate limits are reached
1.03 - Identify the reason a virtual server is not working as expected:
Identify the current configured state of the virtual server
Identify the current availability status of the virtual server
Identify conflicting/misconfigured profiles
Identify misconfigured IP address and/or Port
Tshoot tools:
Virtual server stats, Pool/Pool member stats, Logs, Connect table, Routing table, Connectivity from LTM to pool member (ping telnet curl), Packet capture
1.04 - Identify the reason a pool is not working as expected:
Identify the reason a pool member has been marked down by health monitors
Identify a pool member not in the active priority group
Identify the current configured state of the pool/pool member
Identify the current availability status of the pool/pool member
Section 2: Troubleshoot basic performance issues
2.01 - Determine resource utilization:
Distinguish between control plane and data plane resources
Identify CPU statistics per virtual server
Interpret Statistics for interfaces
Determine Disk utilization and Memory utilization
2.02 - Identify the different virtual server types:
Standard, Forwarding, Stateless, Reject
Performance (Layer 4) and Performance (HTTP)
2.03 - Identify network level performance issues:
Identify when a packet capture is needed within the context of a performance issue
Interpret availability status of interfaces
Identify when drops are occurring
Identify Speed and Duplex
Distinguish TCP profiles (optimized profiles)
2.04 - Identify the reason load balancing is not working as expected:
Consider persistence, priority group activation, rate/connection limits
Identify misconfigurations (incorrect health checks, action on service down, etc.)
Identify current availability status
Section 3: Administer system configuration
3.01 - Identify and report current device status:
Interpret the LCD panel warning messages
Use the dashboard to gauge the current running status of the system
Review the Network Map in order to determine the status of objects
Interpret current systems status via GUI or TMSH
3.02 - Apply procedural concepts required to manage the state of a high availability pair:
Interpret high availability and device trust status
Execute force to standby procedure
Report current active/standby failover state
Execute force to offline procedure
3.10 - Explain config sync:
Demonstrate config sync procedure
Report errors which occur during config sync
Explain when a config sync is necessary
Show config sync status
Compare configuration timestamp
Note: I moved 3.10 section to be right after 3.02 because both related to the same topic which is Device Service Clustering (DSC) F5 HA solution
3.03 - Identify management connectivity configurations:
Identify the configured management-IP address
Interpret port lockdown settings to Self-IP
Show remote connectivity to the BIG-IP Management interface
Explain management IP connectivity issue
Identify HTTP/SSH access list to management-IP address
Note: Packet filters has no affect on management interface/IP, to control the SSH/HTTPS access to the management Interface/IP go to (system > platform > security)
Packet filters has affect on self-ips, in case you need to access the CLI & configuration utility (GUI) from self-ip then you can edit allowed sources on sshd & httpd, considering SSH/HTTPS allowed by port lockdown
3.04 - List which log files could be used to find events and/or hardware issues:
Identify use of /var/log/ltm, var/log/secure, /var/log/audit
Identify severity log level of an event
Identify event from a log message
3.05 - List which log files could be used to find events and/or hardware issues:
Execute UCS backup procedure
Execute UCS restore procedure
Summarize the use case of a UCS backup
Explain proper long-term storage of UCS backup file
Explain the contents of the UCS file (private keys)
3.06 - Apply procedural concepts required to manage software images:
Given an HA pair, describe the appropriate strategy for deploying a new software image
Perform procedure to upload new software image
Show currently configured boot location
Demonstrate creating new volume for software images
3.07 - Identify which modules are licensed and/or provisioned:
Show provisioned modules
Report modules which are licensed
Show resource utilization of provisioned modules
Report modules which are provisioned but not licensed
3.08 - Explain authentication methods:
Explain how to create a user
Explain how to modify user properties
Explain options for remote authentication provider
Explain use of groups using remote authentication provider
3.09 - Identify configured system services:
Show proper configuration for: DNS, NTP, SNMP, syslog
Section 4: Manage existing application delivery services
4.01 - Identify configured system services:
Apply appropriate persistence profile
Apply appropriate HTTPS encryption profile
Apply appropriate protocol specific profile
Identify iApp configured objects
Report use of iRules
Show default pool configuration
4.02 - Apply procedural concepts required to modify and manage pools:
Determine configured health monitor
Determine the load balancing method for a pool
Determine the active nodes in a priority group configuration
Determine pool member service port configuration
Apply appropriate health monitor
Apply load balancing method for a pool
Apply pool member service port configuration
Note: Covered in 1.04 & 2.04
Section 5: Use support resources
5.01 - Define characteristics of a support ticket with F5:
List ways to open support ticket with F5
List where to open a support ticket with F5
List severity levels of a support ticket with F5
List what to include in a support ticket with F5
5.02 - Explain the processes of licensing, license reactivation, and license modification:
Show where to license (activate.F5.com)
Identify license issues
Identify Service Check Date (upgrade)
5.03 - Apply procedural concepts required to perform an End User Diagnostic:
Understand impact of running EUD
Understand requirements of EUD
Understand how to collect EUD output (console/log)
Identify methods of booting the EUD
5.04 - Apply procedural concepts required to generate a qkview and collect results from
iHealth
Identify methods of running qkview
Identify method of retrieving qkview
Understand information contained in qkview
Identify when appropriate to run qkview
Understand where to upload qkview (iHealth)
5.05 - Identify which online support resource/tool to use
DevCentral
AskF5.com
iHealth
Support Portal
Terminology:
DevCentral: online community of technical peers dedicated to learning, exchanging ideas, and solving problems
ASKF5: free Knowledge Centers (documentation & KBs)
iHealth: free online tool for diagnosis, troubleshooting and viewing your system’s running configuration
Support Portal: F5 TAC support for submitting cases