Forum Discussion
Nishal_Rai
Cirrocumulus
CirrocumulusMinimum number of VLANS tag required for the 5 VLANS on a single interface of F5
I had a question during my preparation for F5: 101 exams. A BIG-IP Administrator has five VLANS that must be assigned to a single interface. What is the minimum number of VLANs that need to be set ...
Hi Nishal,
For a better understanding of the Untagged, referer to this link:
https://networkdirection.net/articles/network-theory/taggeduntaggedandnativevlans/
In your example:
1. The external net has the tagged network 10, so F5 tag the traffic to tag 10, creating a broadcast in this network with all interconnected devices, allowing communication with all hosts.
2.The internal net is untagged, The F5 send the traffic to the Switch untagged, The switch set the default vlan for untagged traffic, and interconect with other switch or host where are located the servers with the vlan tagged or untagged, it depends of your network configuration. So then the the broadcast domain is allowed to communicate all the host corresponding to the network configured in the self-ip created with the vlan untagged.
Hi,
The minimun number in your example are 4 vlans in tagged mode, because 1 of the vlans can be assigned as untagged.
- Nishal_Rai
Sorry Sebastuansierra but, I just found a small issue to understand the answer like in the case of the above question:
When the four VLANs are tagged and a single VLAN is untagged on a single interface of F5 then as per my understanding - when an untagged frame (untagged VLAN) is received by the tagged port then the receiving device like the switch will embed the native VLAN on the untagged frame. And, when the recently added native VLAN tag frame leaves the received device, then the native VLAN is stripped off from the frame field.
Since F5 WAF works on delayed binding if the full proxy is enabled where F5 creates two separate connections between the client and the real server. So, how does the F5 handles that untagged frame on the client-side of the F5 WAF?
As mentioned earlier, when the native VLAN is added on the untagged frame will get stripped out when it leaves the receiving device and the untagged frame does the same with the tagged port if there is a switch or some kind of networking device in between the server-side F5 WAF and the real physical server.I have also attached the network architecture of the following addressed concerns.
Thank you.Hi Nishal,
For a better understanding of the Untagged, referer to this link:
https://networkdirection.net/articles/network-theory/taggeduntaggedandnativevlans/
In your example:
1. The external net has the tagged network 10, so F5 tag the traffic to tag 10, creating a broadcast in this network with all interconnected devices, allowing communication with all hosts.
2.The internal net is untagged, The F5 send the traffic to the Switch untagged, The switch set the default vlan for untagged traffic, and interconect with other switch or host where are located the servers with the vlan tagged or untagged, it depends of your network configuration. So then the the broadcast domain is allowed to communicate all the host corresponding to the network configured in the self-ip created with the vlan untagged.
