Manual Chapter : About VLANs with identical names and different tags

Applies To:

Show Versions Show Versions

BIG-IP AAM

  • 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0

BIG-IP APM

  • 17.0.0, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0

BIG-IP Analytics

  • 17.0.0, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0

BIG-IP Link Controller

  • 17.0.0, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0

BIG-IP LTM

  • 17.0.0, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0

BIG-IP PEM

  • 17.0.0, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0

BIG-IP AFM

  • 17.0.0, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0

BIG-IP DNS

  • 17.0.0, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0

BIG-IP ASM

  • 17.0.0, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0
Manual Chapter

About VLANs with identical names and different tags

Sometimes a host administrator might publish a VLAN to a guest, but the guest administrator has already created, or later creates, a VLAN with the same name but with a different VLAN tag. In this case, the guest VLAN always overrides the host VLAN. The VLAN can still exist on the host (for other guests to subscribe to), but it is the guest VLAN that is used.
Whenever host and guest VLANs have the same names but different tags, traffic cannot flow between the identically-named VLANs at Layer 2. That is, when the tags do not match, the underlying Layer 2 infrastructure of the VLANs does not match, thereby preventing the host from reaching the guest.
The example here shows the
tmsh
command sequence for creating two separate VLANs with the same names and different tags, and the resulting traffic flow issue.
# While logged into the guest, create a VLAN: [root@G1:/S1-green-P:Active:Standalone] config #
tmsh create net vlan
VLAN_A
tag
1000
# Show that no VLANs exist on the host: [root@host_210:/S1-green-P:Active:Standalone] config #
tmsh list net vlan all
[root@host_210:/S1-green-P:Active:Standalone] config # # On the host, create a VLAN with the same name as the guest VLAN but with a unique tag on the host: [root@host_210:/S1-green-P:Active:Standalone] config #
tmsh create net vlan
VLAN_A
tag
1001
# Publish the host VLAN to the guest: [root@host_210:/S1-green-P:Active:Standalone] config #
tmsh modify vcmp guest
guest1
vlans add {
VLAN_A
}
# Within the guest, show that the guest still has its own VLAN only, and not the VLAN published from the host: [root@G1:/S1-green-P:Active:Standalone] config #
tmsh list net vlan all
net vlan VLAN_A { if-index 192 tag 1000 }
# Within the guest, create a self IP address for the VLAN: [root@G1:/S1-green-P:Active:Standalone] config #
tmsh create net self 10.1.1.1/24 vlan
VLAN_A
# On the host, create a self IP address for the identically-named VLAN: [root@host_210:/S1-green-P:Active:Standalone] config #
tmsh create net self 10.1.1.2/24 vlan
VLAN_A
# From the host, open a connection to the guest, and notice that because the two VLANs have different tags, the connection fails: [root@host_210:/S1-green-P:Active:Standalone] config #
ping -c2 10.1.1.1
PING 10.1.1.1 (10.1.1.1) 56(84) bytes of data. From 10.1.1.2 icmp_seq=1 Destination Host Unreachable From 10.1.1.2 icmp_seq=2 Destination Host Unreachable --- 10.1.1.1 ping statistics --- 2 packets transmitted, 0 received, +2 errors, 100% packet loss, time 3000ms pipe 2