In case anyone else has this problem: https://support.f5.com/csp/article/K16528
Topic
This article applies to BIG-IP 11.x. For information about other versions, refer to the following article:
K11509: Overview of the vlangroup.forwarding.override db key (9.x - 10.x)
The vlangroup.forwarding.override database key allows you to control how the BIG-IP system handles traffic that has a destination MAC address that does not match any of the BIG-IP system's local MAC addresses, when the BIG-IP system is configured with both a VLAN group and a wildcard forwarding virtual server.
Description
When the vlangroup.forwarding.override database key is enabled (default value), traffic with a destination MAC address that does not match any of the BIG-IP system's local MAC addresses is bridged by the VLAN group, even if an applicable wildcard forwarding virtual server is present.
When the vlangroup.forwarding.override database key is disabled, traffic with a destination MAC address that does not match any of the BIG-IP system's local MAC addresses is handled by an applicable wildcard forwarding virtual server (if one exists), even if a VLAN group is present.
Note: The BIG-IP system does not generally receive traffic with a destination MAC address that does not match any of the BIG-IP system's local MAC addresses. However, the BIG-IP system can receive traffic in this situation when the system is configured with a VLAN group. A VLAN group merges two or more member VLANs by bridging them at the Layer 2 level. This action allows a node on a member VLAN to ARP for a destination node on another member VLAN. After the source node has learned the destination node’s MAC address, the source node can send Ethernet frames directly to the destination node by using the BIG-IP system as a Layer 2 switch. It is within this context that the BIG-IP system can receive traffic with a destination MAC address other than its own. Forwarding certain traffic using a wildcard forwarding virtual server instead of VLAN group bridging allows a BIG-IP administrator to control protocol level settings (such as idle timeout values) by way of a FastL4 profile.
Recommendations