Forum Discussion

ASA2030_314355's avatar
ASA2030_314355
Icon for Nimbostratus rankNimbostratus
Mar 19, 2017
Solved

Cisco Uplinks connected to F5

I have two F5 connect by HA Also I have Cisco Stack Switch 3850 connect to F5 by 2 uplinks fiber

 

I configure switchport mode access in cisco to pass only one vlan to f5 that I need.

 

conf t

 

int te1/1/1 Switchport mode access switch port access vlan 2020 spanning-tree portfast

 

int te2/1/1 Switchport mode access switch port access vlan 2020 spanning-tree portfast

 

int vlan 2020 ip address 10.0.10.254 255.255.255

 

issue: When I disconnect one of uplinks from cisco to f5 I have wait 7 seconds for failover to another link. after that both uplinks comes down. need to disconnect the uplinks physically.

 

Please help and correct my mistakes.

 

Thanks a lot

 

With my regards,

 

application delivery
ASM Advanced WAF
BIG-IP
devops
  • BigD_300005's avatar
    BigD_300005
    Mar 20, 2017

    With both links connected, do a show interface te1/1/1 and show interface 2/1/1. Do both ports show up or a different status?

     

    Do a "terminal monitor" if you are logged in via VTY.

     

    Pull Te1/1/1, what does Te2/1/1 now say? Did any information regarding Te2/1/1 show during the process of the F5 flipping.

     

    Shutdown Te2/1/1 and re-enable the port with Te1/1/1 still disconnected. Does Te2/1/1 status show up? Does this port work? If not, move Te2/1/1 cable to the port on the F5 that Te1/1/1 was plugged into, does it work now?

     

    Move Te2/1/1 back to the original F5 port is was on, plug Te1/1/1 back in. Verify F5 port configuration on Te2/1/1 peer is properly configured.

     

3 Replies

Sort By
  • BigD_300005's avatar
    BigD_300005
    Icon for Cirrostratus rankCirrostratus
    Mar 20, 2017

    With both links connected, do a show interface te1/1/1 and show interface 2/1/1. Do both ports show up or a different status?

     

    Do a "terminal monitor" if you are logged in via VTY.

     

    Pull Te1/1/1, what does Te2/1/1 now say? Did any information regarding Te2/1/1 show during the process of the F5 flipping.

     

    Shutdown Te2/1/1 and re-enable the port with Te1/1/1 still disconnected. Does Te2/1/1 status show up? Does this port work? If not, move Te2/1/1 cable to the port on the F5 that Te1/1/1 was plugged into, does it work now?

     

    Move Te2/1/1 back to the original F5 port is was on, plug Te1/1/1 back in. Verify F5 port configuration on Te2/1/1 peer is properly configured.

     

  • ASA2030_314355's avatar
    ASA2030_314355
    Icon for Nimbostratus rankNimbostratus
    Mar 21, 2017

    I configure Spanning tree on cisco for active standby. In F5 I don't know the proper configuration for spanning tree. Does F5 support it?

     

    because in f5 both likes was up in cisco one is up another one is down.

     

    Also I use access in cisco . in f5 called untagged. VLAN 4094

     

    When I use trunk (cisco) f5 (Tagged) it is not working fine.

     

  • BigD_300005's avatar
    BigD_300005
    Icon for Cirrostratus rankCirrostratus
    Mar 22, 2017

    You could put the two ports into a port channel. - This might not work on second thought. See edit.

     

    Edit: Te1/1/1 and Te2/1/1 are plugged into the same F5 or is each port it's own F5? It would be odd that spanning-tree is blocking a port if the two ports are plugged into different F5 devices.

     

    I would recommend setting up both the cisco and F5 as trunk ports. Tagged on the F5 and create sub interfaces or SVIs on the Cisco device for each VLAN. This helps for expansion later if you need more VLANs.