Manual Chapter :
Common Elements for VLAN tasks
Applies To:
Show VersionsBIG-IP APM
- 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0
Common Elements for VLAN tasks
VLANs
represent a logical collection of hosts that can share network resources, regardless of their physical location on the network. You create a VLAN to associate physical interfaces with that VLAN.- On the Main tab, click.The VLAN List screen opens.
- ClickCreate.The New VLAN screen opens.
- In the Name column, click the relevant VLAN name.The New VLAN screen opens.
- In the Name column, click the relevant VLAN name.This displays the properties of the VLAN.
- In theNamefield, type a unique name for the VLAN.
- In theNamefield, type a unique name for the VLAN.In our sample configuration, this name istunnel1.
- In theNamefield, typeexternal.
- In theNamefield, typedns_requests.
- In theNamefield, typeHA.
- In theNamefield, typewan.
- In theNamefield, typelan.
- In theNamefield, type the name of the first VLAN.For this example, typeinternal.
- In theNamefield, type the name of the first VLAN.
- In theNamefield, type the name of the first VLAN.For this example, typelink1.
- In theTagfield, type a numeric tag, between 1-4094, for the VLAN, or leave the field blank if you want the BIG-IP system to automatically assign a VLAN tag.The VLAN tag identifies the traffic from hosts in the associated VLAN.
- In theTagfield, type a numeric tag, between 1-4094, for the VLAN, or leave the field blank if you want the BIG-IP system to automatically assign a VLAN tag.The VLAN tag identifies the application traffic for the associated VLAN.Each VLAN tag that you specify in this field must be unique on the vCMP system.
- From theCustomer Taglist:
- Retain the default value ofNoneor selectSpecify.
- If you choseSpecifyin the previous step, type a numeric tag, between 1-4094, for the VLAN.
The customer tag specifies the inner tag of any frame passing through the VLAN. - If you want to use Q-in-Q (double) tagging, use theCustomer Tagsetting to perform the following two steps. If you do not see theCustomer Tagsetting, your hardware platform does not support Q-in-Q tagging and you can skip this step.
- From theCustomer Taglist, selectSpecify.
- Type a numeric tag, from 1-4094, for the VLAN.
The customer tag specifies the inner tag of any frame passing through the VLAN. - For theInterfacessetting:
- From theInterfacelist, select an interface number.
- From theTagginglist, selectTaggedorUntagged.SelectTaggedwhen you want traffic for that interface to be tagged with a VLAN ID.
- If you specified a numeric value for theCustomer Tagsetting and from theTagginglist you selectedTagged, then from theTag Modelist, select a value.
- ClickAdd.
- Repeat these steps for each interface that you want to assign to the VLAN.
- For theInterfacessetting:
- From theInterfacelist, select an interface number or trunk name.
- From theTagginglist, selectTaggedorUntagged.SelectTaggedwhen you want traffic for that interface to be tagged with a VLAN ID.
- If you specified a numeric value for theCustomer Tagsetting and from theTagginglist you selectedTagged, then from theTag Modelist, select a value.
- ClickAdd.
- Repeat these steps for each interface or trunk that you want to assign to the VLAN.
- For theInterfacessetting:
- From theInterfacelist, select an interface number.
- From theTagginglist, selectTaggedorUntagged.SelectTaggedwhen you want traffic for that interface to be tagged with a VLAN ID.
- ClickAdd.
- Repeat these steps for each interface that you want to assign to the VLAN.
- For theInterfacessetting:
- From theInterfacelist, select an interface number.
- From theTagginglist, selectTaggedorUntagged.SelectTaggedwhen you want traffic for that interface to be tagged with a VLAN ID.
- ClickAdd.
- For theInterfacessetting:
- From theInterfacelist, select an interface number.
- From theTagginglist, selectTagged.
- ClickAdd.
- For theInterfacessetting:
- From theInterfacelist, select an interface number.
- From theTagginglist, selectTaggedorUntagged.SelectTaggedwhen you want traffic for that interface to be tagged with a VLAN ID.
- If you specified a numeric value for theCustomer Tagsetting and from theTagginglist you selectedTagged, then from theTag Modelist, select a value.
- ClickAdd.
- From theInterfacelist, select an interface number.
- From theTagginglist, selectUntagged.
- ClickAdd.You can use the same interface for other VLANs later, if you always assign the interface as a tagged interface.
- For theInterfacessetting, click an interface number or trunk name from theAvailablelist, and use the Move button to add the selected interface or trunk to theUntaggedorTaggedlist. Repeat this step as necessary.Put the interface in theTaggedlist when you want the interface to accept traffic for more than one VLAN. You can use the same interface for other VLANs later, as long as you always assign the interface as a tagged interface.
- For theInterfacessetting,
- From theInterfacelist, select an interface number.
- From theTagginglist, selectUntagged.
- ClickAdd.
- From theConfigurationlist, selectAdvanced.
- If you want the system to verify that the return route to an initial packet is the same VLAN from which the packet originated, select theSource Checkcheck box.
- In theMTUfield, retain the default number of bytes (1500).
- In theMTUfield, type a new value, represented in bytes.
- In theMAC Masqueradefield, type a MAC address.In an active-standby configuration for a redundant system, the active unit uses the MAC masquerade address, and the standby unit uses the actual MAC address of the interface.
- If you want to base redundant-system failover on VLAN-related events, select theFail-safecheck box.
- From theAuto Last Hoplist, select a value.
- From theCMP Hashlist, selectSourceif this VLAN is the subscriber side orDestination Addressif this VLAN is the Internet side.
- From theCMP Hashlist, select a value.
- To enable theDAG Round Robinsetting, select the check box.
- From theDAG tunnellist, select one of these options:InnerDisaggregates encapsulated packets based on the inner headers. If you select Inner, you must also configure abigdbvariable to specify a port number before any associated tunnels can use the inner headers.OuterUses the outer headers of encapsulated packets without inspecting the inner headers. This is the default value.
- From thePolling Intervallist, selectSpecify, and type the maximum interval in seconds between polling by the sFlow agent of this VLAN.
- From theSampling Ratelist, selectSpecify, and type the ratio of packets observed at this VLAN to the samples you want the BIG-IP system to generate.For example, a sampling rate of 2000 specifies that 1 sample will be randomly generated for every 2000 packets observed.
- ClickRepeat.
- ClickFinished.
- ClickFinished.The screen refreshes, and it displays the new VLAN in the list.
- ClickFinished.The screen refreshes, and displays the two new VLANs in the list.
- ClickRepeatto delete re-create other customer-related VLANs.
- ClickUpdate.
- In the Name column, locate the name of the VLAN for which you want to change the partition, and to the left of the name, select the check box and clickDelete.The system prompts you to confirm the delete action.
- Locate thePartitionlist in the upper right area of the BIG-IP Configuration utility screen, to the left of theLog outbutton.
- From thePartitionlist, confirm or select partitionCommon.
- Configure the sFlow settings or retain the default values.
- Type a name for the VLAN.You can specify the same name as the VLAN that you deleted from partitionCommonor you can type a unique name.
- Type the same tag that was specified in the original VLAN in partitionCommon.You can specify the original VLAN name in partitionCommonor you can type a unique name.
- Select the relevant VLAN in the Name column.The properties screen for the VLAN opens.
- Click theDeletebutton.The system asks you to confirm this action.
- ClickDelete.
- To the left of the VLAN name, select the check box and clickDelete.The system prompts you to confirm the delete action.
- In theTagfield, type the same tag that was assigned to the VLAN you previously deleted.
- If the host and guest VLANs have an optional customer tag, type the same customer tag that was assigned to the VLAN you previously deleted.
- For theHardware SYN Cookiesetting, select or clear the check box.When you enable this setting, the BIG-IP system triggers hardware SYN cookie protection for this VLAN.Enabling this setting causes additional settings to appear. These settings appear on specific BIG-IP platforms only.
- For theSyncache Thresholdsetting, retain the default value or change it to suit your needs.TheSyncache Thresholdvalue represents the number of outstanding SYN flood packets on the VLAN that will trigger the hardware SYN cookie protection feature.When theHardware SYN Cookiesetting is enabled, the BIG-IP system triggers SYN cookie protection in either of these cases, whichever occurs first:
- The number of TCP half-open connections defined in the LTM settingGlobal SYN Check Thresholdis reached.
- The number of SYN flood packets defined in thisSyncache Thresholdsetting is reached.
- For theSYN Flood Rate Limitsetting, retain the default value or change it to suit your needs.TheSYN Flood Rate Limitvalue represents the maximum number of SYN flood packets per second received on this VLAN before the BIG-IP system triggers hardware SYN cookie protection for the VLAN.