Urgent Enquiry

That's not a problem at all, you can use up to (if I remember correctly) 128 VLANs on version 9.4 and even more on v10.x.

 

 

Provided there's a mechanism for processing traffic, such as a SNAT or a Virtual Server, BigIP can route to locally connected subnets, otherwise it'll use the configured routes like static routes or the default gateway - obviously I'm not going into massive detail here but regardless of whether the VLAN is 'internal' or 'external' there's no hidden extras!

 

 

Hope this helps!

Hi, yes you can of course create multiple VLANs on the bigIP ,(around 4096 in version 9 or 10). The way the BIGIP works regarding VLANs is as follow : When a trafic is received on a VLAN, if it is relative to a SelfIP of a BigIP in this VLAN, the "port LockDown" option on the VLAN provide security, to disallow access to the SSH/HTTPS and other protocols to the BigIP. If it is relative to a Virtual Server (Host Type or Network Type), AND if the Virtual Server is configured to "listen" on this VLAN (the Enabled/Disabled VLAN option listbox on the Virtual), the traif cpass through the "policy" (forwarding, load balancing, reject, ...). If there is no Virtual configured for the destination of the IP packet on this packet, and no NAT rule exist for this destination IP, the packet is silently dropped (you can see in the statistics of the interfaces the DROP values incremented). So, if you want to forward trafic between 2 VLANS on the same box, you can create: - a wildcard virtual server of type "network", enabled on those 2 VLANS, and choose the "Forwarding" type for the VS. - 2 Virtual Servers, one for every network on each VLAN, listening on the correct VLAN, and select "Forwarding". If you want more "restricted" accesses, you can also create a network VS, with the port number you want to forward. All the other ports will be dropped if there is no other VS. HTH /Phil