F5 Logo MyF5
Search
  1. MyF5 Home
  2. BIG-IP TMOS: Tunneling and IPsec
  3. Common Elements for VLAN tasks
Manual Chapter : Common Elements for VLAN tasks

Applies To:

Show Versions Show Versions

BIG-IP AAM

  • 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0

BIG-IP APM

  • 17.0.0, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0

BIG-IP Link Controller

  • 17.0.0, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0

BIG-IP LTM

  • 17.0.0, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0

BIG-IP AFM

  • 17.0.0, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0

BIG-IP ASM

  • 17.0.0, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0
Manual Chapter

Common Elements for VLAN tasks

VLANs
 represent a logical collection of hosts that can share network resources, regardless of their physical location on the network. You create a VLAN to associate physical interfaces with that VLAN.
  1. On the Main tab, click
    Network
    VLANs
    .
    The VLAN List screen opens.
  2. Click
    Create
    .
    The New VLAN screen opens.
  3. In the Name column, click the relevant VLAN name.
    The New VLAN screen opens.
  4. In the Name column, click the relevant VLAN name.
    This displays the properties of the VLAN.
  5. In the
    Name
     field, type a unique name for the VLAN.
  6. In the
    Name
     field, type a unique name for the VLAN.
    In our sample configuration, this name is
    tunnel1
    .
  7. In the
    Name
     field, type
    external
    .
  8. In the
    Name
     field, type
    dns_requests
    .
  9. In the
    Name
     field, type
    HA
    .
  10. In the
    Name
     field, type
    wan
    .
  11. In the
    Name
     field, type
    lan
    .
  12. In the
    Name
     field, type the name of the first VLAN.
    For this example, type
    internal
    .
  13. In the
    Name
     field, type the name of the first VLAN.
  14. In the
    Name
     field, type the name of the first VLAN.
    For this example, type
    link1
    .
  15. In the
    Tag
     field, type a numeric tag, between 1-4094, for the VLAN, or leave the field blank if you want the BIG-IP system to automatically assign a VLAN tag.
    The VLAN tag identifies the traffic from hosts in the associated VLAN.
  16. In the
    Tag
     field, type a numeric tag, between 1-4094, for the VLAN, or leave the field blank if you want the BIG-IP system to automatically assign a VLAN tag.
    The VLAN tag identifies the application traffic for the associated VLAN.
    Each VLAN tag that you specify in this field must be unique on the vCMP system.
  17. From the
    Customer Tag
     list:
    1. Retain the default value of
      None
       or select
      Specify
      .
    2. If you chose
      Specify
       in the previous step, type a numeric tag, between 1-4094, for the VLAN.
    The customer tag specifies the inner tag of any frame passing through the VLAN.
  18. If you want to use Q-in-Q (double) tagging, use the
    Customer Tag
     setting to perform the following two steps. If you do not see the
    Customer Tag
     setting, your hardware platform does not support Q-in-Q tagging and you can skip this step.
    1. From the
      Customer Tag
       list, select
      Specify
      .
    2. Type a numeric tag, from 1-4094, for the VLAN.
    The customer tag specifies the inner tag of any frame passing through the VLAN.
  19. For the
    Interfaces
     setting:
    1. From the
      Interface
       list, select an interface number.
    2. From the
      Tagging
       list, select
      Tagged
       or
      Untagged
      .
      Select
      Tagged
       when you want traffic for that interface to be tagged with a VLAN ID.
    3. If you specified a numeric value for the
      Customer Tag
       setting and from the
      Tagging
       list you selected
      Tagged
      , then from the
      Tag Mode
       list, select a value.
    4. Click
      Add
      .
    5. Repeat these steps for each interface that you want to assign to the VLAN.
  20. For the
    Interfaces
     setting:
    1. From the
      Interface
       list, select an interface number or trunk name.
    2. From the
      Tagging
       list, select
      Tagged
       or
      Untagged
      .
      Select
      Tagged
       when you want traffic for that interface to be tagged with a VLAN ID.
    3. If you specified a numeric value for the
      Customer Tag
       setting and from the
      Tagging
       list you selected
      Tagged
      , then from the
      Tag Mode
       list, select a value.
    4. Click
      Add
      .
    5. Repeat these steps for each interface or trunk that you want to assign to the VLAN.
  21. For the
    Interfaces
     setting:
    1. From the
      Interface
       list, select an interface number.
    2. From the
      Tagging
       list, select
      Tagged
       or
      Untagged
      .
      Select
      Tagged
       when you want traffic for that interface to be tagged with a VLAN ID.
    3. Click
      Add
      .
    4. Repeat these steps for each interface that you want to assign to the VLAN.
  22. For the
    Interfaces
     setting:
    1. From the
      Interface
       list, select an interface number.
    2. From the
      Tagging
       list, select
      Tagged
       or
      Untagged
      .
      Select
      Tagged
       when you want traffic for that interface to be tagged with a VLAN ID.
    3. Click
      Add
      .
  23. For the
    Interfaces
     setting:
    1. From the
      Interface
       list, select an interface number.
    2. From the
      Tagging
       list, select
      Tagged
      .
    3. Click
      Add
      .
  24. For the
    Interfaces
     setting:
    1. From the
      Interface
       list, select an interface number.
    2. From the
      Tagging
       list, select
      Tagged
       or
      Untagged
      .
      Select
      Tagged
       when you want traffic for that interface to be tagged with a VLAN ID.
    3. If you specified a numeric value for the
      Customer Tag
       setting and from the
      Tagging
       list you selected
      Tagged
      , then from the
      Tag Mode
       list, select a value.
    4. Click
      Add
      .
  25. From the
    Interface
     list, select an interface number.
  26. From the
    Tagging
     list, select
    Untagged
    .
  27. Click
    Add
    .
    You can use the same interface for other VLANs later, if you always assign the interface as a tagged interface.
  28. For the
    Interfaces
     setting, click an interface number or trunk name from the
    Available
     list, and use the Move button to add the selected interface or trunk to the
    Untagged
     or
    Tagged
     list. Repeat this step as necessary.
    Put the interface in the
    Tagged
     list when you want the interface to accept traffic for more than one VLAN. You can use the same interface for other VLANs later, as long as you always assign the interface as a tagged interface.
  29. For the
    Interfaces
     setting,
    1. From the
      Interface
       list, select an interface number.
    2. From the
      Tagging
       list, select
      Untagged
      .
    3. Click
      Add
      .
  30. From the
    Configuration
     list, select
    Advanced
    .
  31. If you want the system to verify that the return route to an initial packet is the same VLAN from which the packet originated, select the
    Source Check
     check box.
  32. In the
    MTU
     field, retain the default number of bytes (
    1500
    ).
  33. In the
    MTU
     field, type a new value, represented in bytes.
  34. In the
    MAC Masquerade
     field, type a MAC address.
    In an active-standby configuration for a redundant system, the active unit uses the MAC masquerade address, and the standby unit uses the actual MAC address of the interface.
  35. If you want to base redundant-system failover on VLAN-related events, select the
    Fail-safe
     check box.
  36. From the
    Auto Last Hop
     list, select a value.
  37. From the
    CMP Hash
     list, select
    Source
     if this VLAN is the subscriber side or
    Destination Address
     if this VLAN is the Internet side.
  38. From the
    CMP Hash
     list, select a value.
  39. To enable the
    DAG Round Robin
     setting, select the check box.
  40. From the
    DAG tunnel
     list, select one of these options:
    Inner
    Disaggregates encapsulated packets based on the inner headers. If you select Inner, you must also configure a
    bigdb
     variable to specify a port number before any associated tunnels can use the inner headers.
    Outer
    Uses the outer headers of encapsulated packets without inspecting the inner headers. This is the default value.
  41. From the
    Polling Interval
     list, select
    Specify
    , and type the maximum interval in seconds between polling by the sFlow agent of this VLAN.
  42. From the
    Sampling Rate
     list, select
    Specify
    , and type the ratio of packets observed at this VLAN to the samples you want the BIG-IP system to generate.
    For example, a sampling rate of 2000 specifies that 1 sample will be randomly generated for every 2000 packets observed.
  43. Click
    Repeat
    .
  44. Click
    Finished
    .
  45. Click
    Finished
    .
    The screen refreshes, and it displays the new VLAN in the list.
  46. Click
    Finished
    .
    The screen refreshes, and displays the two new VLANs in the list.
  47. Click
    Repeat
     to delete re-create other customer-related VLANs.
  48. Click
    Update
    .
  49. In the Name column, locate the name of the VLAN for which you want to change the partition, and to the left of the name, select the check box and click
    Delete
    .
    The system prompts you to confirm the delete action.
  50. Locate the
    Partition
     list in the upper right area of the BIG-IP Configuration utility screen, to the left of the
    Log out
     button.
  51. From the
    Partition
     list, confirm or select partition
    Common
    .
  52. Configure the sFlow settings or retain the default values.
  53. Type a name for the VLAN.
    You can specify the same name as the VLAN that you deleted from partition
    Common
     or you can type a unique name.
  54. Type the same tag that was specified in the original VLAN in partition
    Common
    .
    You can specify the original VLAN name in partition
    Common
     or you can type a unique name.
  55. Select the relevant VLAN in the Name column.
    The properties screen for the VLAN opens.
  56. Click the
    Delete
     button.
    The system asks you to confirm this action.
  57. Click
    Delete
    .
  58. To the left of the VLAN name, select the check box and click
    Delete
    .
    The system prompts you to confirm the delete action.
  59. In the
    Tag
     field, type the same tag that was assigned to the VLAN you previously deleted.
  60. If the host and guest VLANs have an optional customer tag, type the same customer tag that was assigned to the VLAN you previously deleted.
  61. For the
    Syncache Threshold
     setting, retain the default value or change it to suit your needs.
    The
    Syncache Threshold
     value represents the number of outstanding SYN flood packets on the VLAN that will trigger the hardware SYN cookie protection feature.
    When the
    Hardware SYN Cookie
     setting is enabled, the BIG-IP system triggers SYN cookie protection in either of these cases, whichever occurs first:
    • The number of TCP half-open connections defined in the LTM setting
      Global SYN Check Threshold
       is reached.
    • The number of SYN flood packets defined in this
      Syncache Threshold
       setting is reached.
  62. For the
    SYN Flood Rate Limit
     setting, retain the default value or change it to suit your needs.
    The
    SYN Flood Rate Limit
     value represents the maximum number of SYN flood packets per second received on this VLAN before the BIG-IP system triggers hardware SYN cookie protection for the VLAN.
Contact Support Contact Support

Have a Question?

Support and Sales >

About F5

Education

F5 Sites

Support Tasks




©2023 F5, Inc. All rights reserved.


Trademarks Policies Privacy California Privacy Do Not Sell My Personal Information