Forum Discussion

gpoverland's avatar
gpoverland
Icon for Nimbostratus rankNimbostratus
Jun 14, 2010

Tagged VLAN / Interface

Quick question on how tagged vlans work in a Cisco environment.

 

 

 

I have a switch with a vtp domain in it, its running transparent. Say I configure vlan 1 on it with an ip of 10.1.1.1 255.255.255.0. now I put a second vlan called vlan 2 on the switch and give it an ip of 10.2.2.2 255.255.255.0. I add a new f5 ltm. I configure the f5 internal interface on vlan 2, tag the interface as 2, and associate the correct physical interface. I do the same with vlan 1. I put my pool members in vlan 2 and virtuals in vlan 1. I configure the IP for the internal vlan (vlan 2) and associate it with the correct vlan. Now,, I do nothing with vlan 1 on the F5 (as far as configuring an IP). Will the Virtual Servers I configure work without a layer 3 interface configured on the F5 and associated with the External VLAN 1?

 

 

If so, can you tell me how?

 

 

Thanks,

 

 

 

 

config
design

2 Replies

Sort By
  • qe_102628's avatar
    qe_102628
    Icon for Nimbostratus rankNimbostratus
    Jun 14, 2010
    1) VTP is a Cisco proprietary thing. The F5 LTM can peak VLAN tags, but not VTP as far as I know. So, configured your environment accordingly (either no tags or use tags, but don't depend on the LTM participating in a Cisco Catalyst VTP session)

     

     

    2) Here's a quick command line recipe - where I've assumed that the LTM will be 10.1.1.5 on the internal VLAN and a single node, 10.1.1.100, exists, serving up HTTP on TCP port 9000 with the virtual 10.2.2.200, which will serve up HTTP on TCP port 80.

     

     

    (but, really, configuring the BIG-IP without a Self-IP on the external network is a bit limiting, so you probably don't want to do that for a production network):

     

     

    b vlan external interfaces 1.1

     

    b vlan internal interfaces 1.2

     

    b self 10.1.1.5 vlan internal netmask 255.255.255.0

     

    b node 10.1.1.100 monitor icmp screen Node1

     

    b pool WebServer9000 { members 10.1.1.100:9000 { monitor tcp } }

     

    b virtual Web80 { destination 10.2.2.200:http mask 255.255.255.0 pool WebServer9000 }

     

     

     

    (the key to the above trick is that I'm specifying a mask on the virtual server. If I didn't, the unit would use the mask from the self-ip, or basically, not really use a netmask. It doesn't really help much, as default routes and other things need to be set to get the traffic moving in the right directions... but it does let one configure a virtual without self-ip's...)

     

     

     

    What really needs to happen is a set of Self-IP's configured on the LTM for each network, so that a route statement can be put in place:

     

    b self 10.2.2.21 netmask 255.255.255.0 vlan external

     

    b route default inet { gateway 10.2.2.2 }

     

     

    and then traffic will start flowing.

     

     

     

    This is covered in the LTM manuals in extensive detail. Good Luck!

     

     

     

     

     

  • gpoverland's avatar
    gpoverland
    Icon for Nimbostratus rankNimbostratus
    Jun 15, 2010
    Ok,, Thanks for the explanation of how this should be setup. I couldn't agree more. What I was asking or trying to ask is that I have a similar (but much more complex) setup running in production that I am trying to figure out how it is working. The F5 does not have an IP configured in the VLAN associated with where the subnet the virtual(s) reside, yet it has a Layer 2 interface (tagged) in the VLAN. The switch has the an IP assigned on the VLAN. With that said, how is the F5 serving up connection to the Virtual(s)? That is the unknown that I can't put my finger on..

     

     

    Thanks,