Forum Discussion

Aaron_Baxter_13's avatar
Aaron_Baxter_13
Icon for Nimbostratus rankNimbostratus
Aug 17, 2013

Total newbie issue

I am having issues getting my VLANs/SelfIPs setup. I have a trunk group setup, VLANs setup and a SelfIP setup. From a terminal session I can ping the SlefIP, but nothing else, even devices on the local subnet. A packet capture reveals the ARP request leaving the F5 properly encapsulated but never getting answered. I have attached a server on the local switch on the same subnet with the same results. I cannot ping the F5 even with port lockdown set to all.

 

This is a critical issue and need help resolving ASAP. I greatly appreciate any help the gurus on here could lend.

 

APM
deployment
design
security

4 Replies

Sort By
  • Aaron_Baxter_13's avatar
    Aaron_Baxter_13
    Icon for Nimbostratus rankNimbostratus
    Aug 17, 2013
    I changed to a normal untagged port and traffic flows normally. It is only tagged mode that seem to have the issue.
  • Hamish's avatar
    Hamish
    Icon for Cirrocumulus rankCirrocumulus
    Aug 17, 2013

    Sounds like you don't have the switchport configured to accept 802.1q tags.

    If it's a cisco switch (e..g IOS or NX-OS), the switchport needs to be in trunk mode and have the allowed vlans including your VLAN. e.g.

    interface eth4/18
  description my bigip
  switchport
  switchport mode trunk
  switchport trunk native vlan 1000
  switchport trunk allowed vlan 105,108,1024-1255,2005,2015-2016
  switchport trunk allowed vlan add 2080,2088,4048-4051,4080,4086-4087

    Which puts an NX-OS switchport into trunk (tagged in cisco terms) mode and allows certain VLANs. The native (untagged) vlan is set to 1000 in this case (Which we like to keep not created so that any untagged traffic is just dropped by the switch.

  • Aaron_Baxter_13's avatar
    Aaron_Baxter_13
    Icon for Nimbostratus rankNimbostratus
    Aug 17, 2013

    I was able to find out there must be some sort of a problem with spanning-tree guard loop and the F5s. I'm running HP A series 12500. I disabled loop guard and enabled root guard and the traffic started passing. My apologies for not posting my findings earlier.