For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

CVela_52327's avatar
CVela_52327
Icon for Nimbostratus rankNimbostratus
Aug 18, 2009

Outbound SNAT for LDAP server connectivity

Hi All     We've got the F5's set up with SNAT for all outbound LDAP requests. Prior to failover, the servers which sit behind the LTMs have no issues connecting through the LTMs out to the...
config
design
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Aug 19, 2009
Hi, KC,

 

 

It sounds like the upstream switch may not have updated its ARP cache. You could try enabling MAC masquerading on the LTM VLAN that the outbound LDAP connections go out. This should shorten the time it takes for the upstream switches to accept the traffic after a failover.

 

 

For details on configuring MAC masquerading and selecting a unique MAC address, you can check two AskF5 solutions:

 

 

SOL7214 - Configuring MAC masquerading

 

https://support.f5.com/kb/en-us/solutions/public/7000/200/sol7214.html

 

 

BEST PRACTICE: SOL3523 - Choosing a unique Media Access Control (MAC) address for MAC masquerade

 

https://support.f5.com/kb/en-us/solutions/public/3000/500/sol3523.html

 

 

Aaron