F5 Trunk port is connected to Cisco Switch Access Port

As Hamish said, the only time the F5 will send traffic across multiple links is when you tell it to.

For me that is most commonly performed using a trunk link on the f5 connected to a Cisco ether-channel at the switch (LACP). The other option that you can do to send traffic across multiple links and also multiple trunks is the VLAN Group.

In your case, if you have not configured a VLAN Group on any device then there should be no risk of looping. If your trunk/ether-channel configuration is setup correctly then that should function correctly also.

I always have a "private" connection between the HA pair of devices to use for things such as network failover and connection mirroring. This private link gets a VLAN assigned to it that is not present on the connection to the switch.

In short, as long as the same VLAN does not exist on the connection to the switch and the connection to the other F5 unit, you should not have issues. I recommend running two links to each f5 and switch as a trunk/ether-channel combination, and then run two links between the pair and set them up as a trunk, also. (We don't run access port configurations anymore, they are too limiting)

Hi Josh,

Thanks for your comment and Hamish as well. So based on the attached diagram, if in case wrong cables are patched (as per scneario in diagram), there will not be any issue or STP looping but the end switch port will be shutdwon or will be in inconsistent error state because it is configured with etherchannel.

From the scenario, the cable for access ports supposedly connected to Data ports of F5 are wrongly connected to one of F5s Trunk interface that is configured as member of Trunk (F5 Term) or Etherchannel(Cisco Term) between F5 devices. And the cables for trunk ports are instead connected to Data ports between F5 device.

And also, what it the Switch access ports that are wrongly connected to F5 trunk ports are configured with portfast? Will it cause any loop?

As per previous question, portfast connected to F5 may cause loops but is it also applicable from scenario in the diagram? https://devcentral.f5.com/questions/trunk-setup-for-cisco-6509-and-f5-ltm-1600

Thanks.

I'm not an expert on Cisco, but in my opinion, portfast has no business in the datacenter, and definitely not on a switch that would be connected to servers or other network devices. Portfast is meant for stuff like desktop PCs and other end user devices.

If the F5 ports are configured as trunk ports with a VLAN tagged and they end up connected to an access port on a switch, I'm fairly certain it would not pass traffic.

The private connection between your F5 units should never be configured to allow traffic to enter via the switch and then cross that link, so should not be able to create a loop. (ie: switch -> f5 1 -> f5 2 -> switch, should never be possible unless you configure it to be so, and is a bad practice if you do configure it as such.) That connection should be setup to only allow each f5 to contact it's peer.

The scenario you are describing would require mis-configuration of the F5, the switch, and the cabling, and is very remote.

Thanks for your comment Josh. So the given scenario should not have any issue or STP loop or will disrupt the existing network in case the cables are wrongly plugged as per scenario in the diagram above (except that the end switch port will go to inconsistent error state because the end F5 devices are configured with Trunk/Etherchannel using LACP mode). Currently, I don't have the configuration information on the switch except that it is configured as an access port.

Thanks.

Hi Hamish,

So if the F5 Trunk ports (Etherchannel) is connected to the cisco switch port configured with access and portfast enabled as per the scenario will not create any issue or STP loop (except the end switch port will be in disabled state? Since F5 is configured as trunk (LACP) and is not bridging STP.

F51 Trunk port1 (LACP active mode) -> Cisco Switch Access port with portfast

F51 Trunk port1 (LACP active mode) -> Cisco Switch Access port with portfast

F51 Trunk port2 -> F52 Trunk port2

F51 dataport -> F52 dataport

Thanks.

It shouldn't do, because as said earlier 2 interfaces in a port-channel will never bridge. But I wouldn't enable port fast on a link to a BigIP. Portfast should ONLY ever be used when connecting to SERVERS that are incapable of bridging (i.e. Only have 1 interface is a good start :) )

NEVER connect a port fast interface to a switch device (And the BigIP should be considered a switch device as it will quite happily bridge interfaces if you tell it to).

H

Hi Hamish, thanks a lot for your comment.