Forum Discussion

dragonflymr's avatar
dragonflymr
Icon for Cirrostratus rankCirrostratus
Oct 28, 2015

Set VLAN and Tunnel Traffic to All VLANs and Tunnels via tmsh

Hi,

I am puzzled how to do that.

Scenario:

Virtual with All VLANs and Tunnels in GUI:

ltm virtual name {
    auto-lasthop disabled
    destination 1.1.1.1:http
    ip-protocol tcp
    last-hop-pool last_hop_pl
    mask 255.255.255.255
    pool pool
    profiles {
        tcp { }
    }
    source 0.0.0.0/0
    vs-index 604
}

tmsh mod ltm virtual name vlans add {VLANID} vlans-enabled issued

ltm virtual name {
    auto-lasthop disabled
    destination 1.1.1.1:http
    ip-protocol tcp
    last-hop-pool last_hop_pl
    mask 255.255.255.255
    pool pool
    profiles {
        tcp { }
    }
    source 0.0.0.0/0
    vlans {
        VLAN299
    }
    vlans-enabled
    vs-index 604
}

tmsh mod ltm virtual name vlans none or default issued

ltm virtual name {
    auto-lasthop disabled
    destination 1.1.1.1:http
    ip-protocol tcp
    last-hop-pool last_hop_pl
    mask 255.255.255.255
    pool pool
    profiles {
        tcp { }
    }
    source 0.0.0.0/0
    vlans-enabled
    vs-index 604
}

So vlans-enabled is still there - in GUI it equals setting Enabled on... with no VLAN in Selected area.

In effect no traffic is allowed from ANY VLAN to this virtual.

I tried everything I could figure out to remove vlans-enabled and end up with original virtual config (first listing) but failed.

Is there any trick to do that from tmsh or it's only possible from GUI? Tested on 11.5.3HF2 VE.

Piotr

2 Replies

  • Well, as last resort I tried: tmsh mod ltm virtual name vlans none vlans-disabled and it worked - not very intuitive I guess Same result is when tmsh mod ltm virtual name vlans default vlans-disabled is used Piotr
  • Hi,

    Below my bash script for manipulating VLAN Enabled on. Probably not perfect one but it's working quite OK for bulk changes 🙂

    Be advised, end of lines should be Unix style, so just LF, not CRLF

    Specify virtuals to manipulate by virtual name

    ! /bin/bash
    
     Find by virtual name from $1 (can use RegEx)
     Set VLANs and Tunnels to Enabled on using VLAN from $3 based on operation in $2
     $2 values:
      add  Add items to the set
      def  Reset to the default value - no $3 necessary
      del  Delete specific items from the set
      non  Remove all items from the set, no access from any VLAN will be possible - no $3 necessary
      rep  Replace the set with a new set
    
     Warning: For rep operation previously set VLANS are deleted and
     replaced with new VLAN
    
    output=$(tmsh list ltm virtual | grep "ltm virtual" | awk -F" " '{ print $3 }' | grep $1)
    
    for LINE in ${output}; do
       echo ${LINE}
    
         case "$2" in
            add)
                tmsh mod ltm virtual ${LINE} vlans add { $3 } vlans-enabled ;;
            def)
                tmsh mod ltm virtual ${LINE} vlans default vlans-disabled ;;
            del)
                tmsh mod ltm virtual ${LINE} vlans delete  { $3 }
                test=$(tmsh list ltm virtual one-line | grep "vlans {" | awk -F" " '{ print $3 }' | grep $1)
                echo $test
                if [ "$test" = '' ]; then
                    echo "Last VLAN deleted"
                    tmsh mod ltm virtual ${LINE} vlans default vlans-disabled
                fi ;;
            non)
                tmsh mod ltm virtual ${LINE} vlans none ;;
            rep)
                tmsh mod ltm virtual ${LINE} vlans replace-all-with { $3 } vlans-enabled ;;
        esac
    
    done
    

    Specify virtuals by VLAN name currently set as Enabled on

    ! /bin/bash
    
     Find virtuals with VLAN enbled on specified in $1 set VLAN to value in $3
     based on operation in $2
     $2 values:
      add  Add items to the set
      def  Reset to the default value - no $3 necessary
      del  Delete specific items from the set
      non  Remove all items from the set, no access from any VLAN will be possible - no $3 necessary
      rep  Replace the set with a new set
    
     Warning: For rep operation previously set VLANS are deleted and
     replaced with new VLAN
    
    output=$(tmsh list ltm virtual one-line | grep "vlans {.*\ $1\ " | awk '{ print $3 }')
    for LINE in ${output}; do
       echo ${LINE}
    
         case "$2" in
            add)
                tmsh mod ltm virtual ${LINE} vlans add { $3 } vlans-enabled ;;
            def)
                tmsh mod ltm virtual ${LINE} vlans default vlans-disabled ;;
            del)
                tmsh mod ltm virtual ${LINE} vlans delete  { $3 }
                test=$(tmsh list ltm virtual ${LINE} one-line | grep "vlans {" | awk -F" " '{ print $3 }')
                echo $test
                if [ "$test" = '' ]; then
                    echo "Last VLAN deleted"
                    tmsh mod ltm virtual ${LINE} vlans default vlans-disabled
                fi ;;
            non)
                tmsh mod ltm virtual ${LINE} vlans none ;;
            rep)
                tmsh mod ltm virtual ${LINE} vlans replace-all-with { $3 } vlans-enabled ;;
        esac
    
    done
    

    Piotr