Forum Discussion
nineheadbird_67
Nimbostratus
Nimbostratusmultiple subnets within a vlan not allowed?
We have 6900 LTM connected to Cisco router, on cisco end, there are four subnets on interface vlan 299(see below). Tagged interface 299 from cisco to F5 configured as vlan external on F5, and there are four subnets configured(through self-ip) on the F5 corresponding to the four subnets on Cisco router interface.
I was told by
F5 support multiple subnets within same vlan is not allowed, is that true? I didn't get any error when configure self IPs from different subnets to the same vlan. I would appreciate a lot if experts on this list can clarify this.
Here is cisco side config:
interface Vlan299
description Vlan299
ip address 10.79.1.253 255.255.255.0 secondary
ip address 10.79.0.253 255.255.255.0 secondary
ip address 192.168.0.253 255.255.255.0 secondary
ip address 192.168.1.253 255.255.255.0
ip access-group VLAN-299-OUT out
...
standby version 2
standby 127 ip 192.168.1.254
standby 127 ip 10.79.0.254 secondary
standby 127 ip 10.79.1.254 secondary
standby 127 ip 192.168.0.254 secondary
Here is F5 self IP config:
self 10.79.0.248 {
netmask 255.255.255.0
vlan external
allow default
}
self 10.79.1.248 {
netmask 255.255.255.0
vlan external
allow default
}
self 192.168.0.248 {
netmask 255.255.255.0
vlan external
allow default
}
self 192.168.1.248 {
netmask 255.255.255.0
vlan external
allow default
}
- The_BhattmanI attempted this 2 years ago and failed to make it work, ultimately F5 tech told me it wouldn't work either.
thanks,
CB 
nineheadbird_67We tried this on 9.4.8 and it seems to be working fine, virtual servers configured on all four subnets, just told by the F5 tech can't do that. Do you know what problem you had?
I wonder how to make these four subnets which are on the same vlan on cisco available on the F5? So we need to create four different vlans using untagged interfaces one for each subnet?
Thanks!!- The_BhattmanI wasn't using v9.4.8 back then but basically I had a difficult time sourcing from the correct address. We never persued it since the F5 tech told us it's not supported. However, it turned out to be a mute point because another requirement that came in later made this method null and void for my situation.
CB 
x86brandon_9930Another option would be to create the 4 different VLAN's, create a trunk port to the F5 and add those VLAN's on the F5. It breaks them out as interfaces on the F5 and then you could assign the various self IP's to the appropriate VLAN interface on the F5.- JRahm
Admin
Just to clarify for those unfamiliar with the different naming schemes...
A Cisco "trunk" is an F5 "tagged interface", both referencing 802.1q
A Cisco "EtherChannel" is an F5 "trunk", both referencing link aggregation, though different standards (pagp default for cisco versus lacp for F5, though Cisco supports both) - nineheadbird_67
Those subnets are within same vlan and all have the same vlan id 399 on cisco, to break them out to four different vlans on F5, what're the vlan ids need to be on the F5?
Or these need to be untagged? Right now, they are created as tagged on both ends and the vlan id on cisco match the one on F5.
Also, do you mean create four vlan each tie to one physical interface? Then why do we need to do trunk. My understanding of F5 trunk is to aggregate throughput and the aggregated link is suppose to be treated as one single interface.
Any clarification will be greatly appreciated.
Thanks!! - JRahmAssuming your Cisco Gi0/0 interface connects to your F5 1.1 interface, the configuration would look like this (ips/vlans/etc are just examples):
Cisco: interface GigabitEthernet0/0.790 encapsulation dot1q 790 ip address 10.79.0.253 255.255.255.0 interface GigabitEthernet0/0.791 encapsulation dot1q 791 ip address 10.79.1.253 255.255.255.0 interface GigabitEthernet0/0.1680 encapsulation dot1q 1680 ip address 192.168.0.253 255.255.255.0 interface GigabitEthernet0/0.1681 encapsulation dot1q 1681 ip address 192.168.1.253 255.255.255.0 BIG-IP: vlan vlan_1 { tag 790 interfaces tagged 1.1 } vlan vlan_2 { tag 791 interfaces tagged 1.1 } vlan vlan_3 { tag 1680 interfaces tagged 1.1 } vlan vlan_4 { tag 1681 interfaces tagged 1.1 } self 10.79.0.254 { netmask 255.255.255.0 vlan vlan_1 } self 10.79.1.254 { netmask 255.255.255.0 vlan vlan_2 } self 192.168.0.254 { netmask 255.255.255.0 vlan vlan_3 } self 192.168.2.254 { netmask 255.255.255.0 vlan vlan_4 }
The vlans in this case would be locally significant the router and to the BIG-IP if they are directly connected. If switched, you would need to consider your vlan architecture for such a change. - JRahmfiixed a typo between vlan numbers above.
Wintrode_61162To follow up on this, say I did not want to re-architect (or I am unable to) the VLANs on the switch. Is there a way to TAG two subnets as the same VLAN?
boomchke_11156Looks like Im a little late to the conversation but Jason seems to have hit the nail on the head. I've being doing Cisco for a long time and have never found a good use for the 'secondary IP address' command. Its bad design in my mind. The configuration should be a trunk between the two either with SVI interfaces (VLAN interfaces) on the switch or sub interfaces on a router (router on a stick) if your Cisco doesnt support L3 switching. The general rule of thumb shoudl always be one subnet per one vlan.
Wintrode - Multiple subnets can exist on the same VLAN however its poor design. When you say 'TAG' are you referring to the Cisco side of things or the F5 side of things?
