I have a physical F5 with a vlan called DMZ, this vlan has 2 self ip's one floating, one static, the cluster is fine and synch'd. I connected two interfaces on one of the devcies to a switch and configured port-channeling. On the F5 I configured trunking on the two interfaces and have them untagged in the DMZ vlan. On the F5 the default route is pointing to the default gateway IP of the DMZ. Interfaces on the switch are configured correctly. To make sure there is connectivity I ssh'd into the F5 and tried to ping the default gateway and "destination host unreachable". In the F5 the two interfaces are up but the trunk is labeled as down. Any ideas?

Are you using LACP on your trunk?

First check your layer 2 connectivity. If you take a look at Network -> Arp -> Dynamic list are you able to resolve the MAC address of your default gateway? If you look at the arp table on your switch, are you able to resolve the MAC of the F5's VLAN? Try turning on LACP, if that still doesn't work try associating one of the interfaces directly with your VLAN.

as soon as I disabled lacp on the trunk on the f5, I can now ping the default gateway. Does this mean there is now no trunk?

It means you are not using the LACP algorithm to load balance your links. If you enable LACP on the F5 you have to be sure to add it to the ether-channel configuration on the switch as well.

vlan and self IP config is correct?

9 Replies

Cory_50405
Noctilucent
Mar 26, 2014
Are you using LACP on your trunk?
tolinrome_13817
Nimbostratus
Mar 26, 2014
yes
safeinst_110941
Cirrus
Mar 26, 2014
First check your layer 2 connectivity.

If you take a look at Network -> Arp -> Dynamic list are you able to resolve the MAC address of your default gateway?

If you look at the arp table on your switch, are you able to resolve the MAC of the F5's VLAN?

Try turning on LACP, if that still doesn't work try associating one of the interfaces directly with your VLAN.
tolinrome_13817
Nimbostratus
Mar 26, 2014
as soon as I disabled lacp on the trunk on the f5, I can now ping the default gateway. Does this mean there is now no trunk?
- safeinst_110941
  Cirrus
  Mar 26, 2014
  It means you are not using the LACP algorithm to load balance your links. If you enable LACP on the F5 you have to be sure to add it to the ether-channel configuration on the switch as well.
Cory_50405
Noctilucent
Mar 26, 2014
Disabling LACP didn't remove your dot1q trunking on the BIG-IP. It just disabled your ability to utilize both links for sending/receiving traffic.
tolinrome_13817
Nimbostratus
Mar 26, 2014
the port channel on the switch is protocol - None When I try to enable it by: Switch22(config-if) channel-group 55 mode active Cannot add active-mode port to on-mode port-channel55
tolinrome_13817
Nimbostratus
Mar 26, 2014
the channel group is on the interfaces in the port channel but I'm thinking I need it set to "mode active" but I receive that "Cannot add active-mode port to on-mode port-channel55"
- Cory_50405
  Noctilucent
  Mar 26, 2014
  Sounds like you need to reconfigure your port channel. If the LACP mode is 'active' on the BIG-IP, then it needs to match on the Cisco switch.

Forum Discussion

vlan and self IP config is correct?

9 Replies

Recent Discussions

Open Redirection Mitigation

F5Access | MacOS Sonoma

enable tls1.2 on management interface on F5 ltm running version 10.x

[ASM] - what is "Browser Challenge file" ?

SMS server with BIGIP

Related Content

2 internal server vlans

Disable Inter-VLAN Routing?

VLAN Group and Asymmetric Deployment

virtual server config

Radware config translation