Forum Discussion

Cheeky_168406's avatar
Cheeky_168406
Icon for Nimbostratus rankNimbostratus
Sep 23, 2014

Configuring an interface with a tagged vlan and assigning an IP to it

Hi,

 

So i just configured a tagged vlan over an interface on my Big IP in the production environment and assigned an IP address to it. Its supposed to be a simple point to point connectivity. The IPs are in the same /29 subnets however there is no ping

 

Here are the steps I followed

 

1- Create Vlan Client --> vlan id 1000 --> tagged interface 1/2.2

 

2- Assigned a physical self IP against it 10.18.231.212/29

 

3- Assigned a floating IP for vlan: Client 10.18.231.211/29

 

4- Router IP configured in the same vlan ID is 10.18.231.209/29

 

I suspect there is a cabling issue ? Any comments. The config is pretty straight forward.

 

APM
application delivery
cloud
deployment
LTM
performance
security
vmware

17 Replies

Sort By
  • Cheeky_168406's avatar
    Cheeky_168406
    Icon for Nimbostratus rankNimbostratus
    Sep 23, 2014

    The design is like below

    VLAN Name  IP Network        VLAN ID    IP Address   Hostname    Interface
Ingress    10.18.231.208/29   1000      10.18.231.209   EFS1            1/4
/Client                                 10.18.231.210   EFS2            1/4
                                        10.18.231.211   F5_Floating   
                                        10.18.231.212   F5A_Physical    1/2.2
                                        10.18.231.213   F5B_Physical    1/2.2
  • shaggy_121467's avatar
    shaggy_121467
    Icon for Cumulonimbus rankCumulonimbus
    Sep 23, 2014

    Is the remote interface a trunk port with vlan 1000? You might try making the interface untagged in vlan 1000 to see if it makes a difference.

     

    • Cheeky_168406's avatar
      Cheeky_168406
      Icon for Nimbostratus rankNimbostratus
      Sep 23, 2014
      Hi yes its a trunk port as we are configuring our F5 ports for multiple vlans. However, the very first vlan is not working. There is another vlan assigned on the same port (FYI)
  • shaggy's avatar
    shaggy
    Icon for Nimbostratus rankNimbostratus
    Sep 23, 2014

    Is the remote interface a trunk port with vlan 1000? You might try making the interface untagged in vlan 1000 to see if it makes a difference.

     

    • Cheeky_168406's avatar
      Cheeky_168406
      Icon for Nimbostratus rankNimbostratus
      Sep 23, 2014
      Hi yes its a trunk port as we are configuring our F5 ports for multiple vlans. However, the very first vlan is not working. There is another vlan assigned on the same port (FYI)
  • shaggy_121467's avatar
    shaggy_121467
    Icon for Cumulonimbus rankCumulonimbus
    Sep 23, 2014

    When you ping the F5 self-IP from the router and vice versa, do you see anything populated in the ARP tables for the involved IP addresses?

     

    • Cheeky_168406's avatar
      Cheeky_168406
      Icon for Nimbostratus rankNimbostratus
      Sep 23, 2014
      nope I dont see any arp entries for the new vlan ! The interface is up
    • shaggy_121467's avatar
      shaggy_121467
      Icon for Cumulonimbus rankCumulonimbus
      Sep 23, 2014
      The configuration on the F5-side looks correct. If there's another functional VLAN tagged on the same interface, then it sounds like an interface or VLAN 1000 configuration issue on the remote end or a cabling issue.
  • shaggy's avatar
    shaggy
    Icon for Nimbostratus rankNimbostratus
    Sep 23, 2014

    When you ping the F5 self-IP from the router and vice versa, do you see anything populated in the ARP tables for the involved IP addresses?

     

    • Cheeky_168406's avatar
      Cheeky_168406
      Icon for Nimbostratus rankNimbostratus
      Sep 23, 2014
      nope I dont see any arp entries for the new vlan ! The interface is up
    • shaggy's avatar
      shaggy
      Icon for Nimbostratus rankNimbostratus
      Sep 23, 2014
      The configuration on the F5-side looks correct. If there's another functional VLAN tagged on the same interface, then it sounds like an interface or VLAN 1000 configuration issue on the remote end or a cabling issue.
  • What_Lies_Bene1's avatar
    What_Lies_Bene1
    Icon for Cirrostratus rankCirrostratus
    Sep 23, 2014

    So the switch has the VLAN configured and trunked/tagged on the relevant interfaces connecting the F5s. No pruning taking place?

     

  • Cheeky_168406's avatar
    Cheeky_168406
    Icon for Nimbostratus rankNimbostratus
    Sep 23, 2014
    [root@XXXXX:/S2-green-P:Active] config  tmsh sh net interface 1/2.2 all-properties

Net::Interface
Name   Status   Bits    Bits    Pkts  Pkts   Mcast  Mcast  Errs  Errs  Drops  Drops  Colli       Media   Flow  Trunk    Aggreg
                  In     Out      In   Out      In    Out    In   Out     In    Out  sions               Ctrl                 
------------------------------------------------------------------------------------------------------------------------------
1/2.2      up  69.8M  211.0K  121.0K   355  121.0K    355     0     0  20.1K      0      0  10000SR-FD  tx-rx   none  detached
    so that means media is communicating
  • Cheeky_168406's avatar
    Cheeky_168406
    Icon for Nimbostratus rankNimbostratus
    Sep 23, 2014

    so i figured that the ARP is not getting responded

    config  tcpdump -ni Clients_3:nnn -s0
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on Clients_3:nnn, link-type EN10MB (Ethernet), capture size 65535 bytes
20:20:37.256596 arp who-has 10.18.231.209 tell 10.18.231.212 out slot2/tmm0 lis= flowtype=0 flowid=0 peerid=0 conflags=0 inslot=0 inport=0 haunit=0 peerremote=00000000:00000000:00000000:00000000 peerlocal=00000000:00000000:00000000:00000000 remoteport=0 localport=0 proto=0 vlan=0
20:20:37.256600 arp who-has 10.18.231.209 tell 10.18.231.212 out slot2/tmm0 lis= flowtype=0 flowid=0 peerid=0 conflags=0 inslot=0 inport=0 haunit=0 peerremote=00000000:00000000:00000000:00000000 peerlocal=00000000:00000000:00000000:00000000 remoteport=0 localport=0 proto=0 vlan=0
  • Cheeky_168406's avatar
    Cheeky_168406
    Icon for Nimbostratus rankNimbostratus
    Sep 24, 2014

    another question here is that why the ARP message below shows the vlan=0

     

    ?

     

    • shaggy's avatar
      shaggy
      Icon for Nimbostratus rankNimbostratus
      Sep 24, 2014
      try tcpdump -nei http://support.f5.com/kb/en-us/solutions/public/7000/200/sol7227.html
  • Cheeky_168406's avatar
    Cheeky_168406
    Icon for Nimbostratus rankNimbostratus
    Sep 30, 2014

    so in the end it appears the guys at the router end were configuring wrong IPs against the wrong vlans!