For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

zafer's avatar
zafer
Icon for Nimbostratus rankNimbostratus
Jul 30, 2009

L2 port security

Hi     i want make secure port on Bigip, terminology name on Cisco pvlan (private vlan)     like this ;     i have 1 internal vlan and assigned port 1.1 and 1.2 to th...
config
design
zafer's avatar
zafer
Icon for Nimbostratus rankNimbostratus
Aug 03, 2009
Hello

 

i attached the topology,

 

vip 0.0.0.0/0.0.0.0:0 with irule (chek ip subnets with vlan id then send firewall else forward)

 

1.14 in external vlan

 

1.1 and 1.2 in internal vlan (the problem is here)

 

host A and host B in same network 192.168.254.0/24

 

in this topology host A can access the host B (if they have not spesific route) they have default gw and its bigip

 

when i look the tcpdump i dont see any packet because bigip forward packet between 1.1 and 1.2 in switch fabric level

 

 

i moved switch 2 behind switch1 and only 1.1 port active on bigip and everything is fine but we dont want move all switch behind 1 switch

 

 

another option ;

 

i tested vlan group like this;

 

1.1 on Vlan A

 

1.2 on Vlan B

 

vlangroup=Vlan+VlanB then created proxy exclutions bla bla

 

 

then i can see packed when i opened tcpdum but this traffic does not hit L3-VIP, also tried L2-Vip still not hits

 

 

any idea?

 

 

zafer