Forum Discussion

Sarah_258804's avatar
May 12, 2016

Unable to remove a vlan from the default route domain

I'm trying to remove a vlan from route domain 0 and move it into a new route domain that I've created. I'm getting this error:

 

General error: 01070967:3: The specified vlan, vlangroup or tunnel (/Common/Internal-VLAN) cannot be removed from its default route domain (/Common/0). in statement [SET TRANSACTION END]

 

When I try to create a new vlan I have no option to put it into my new route domain. It goes in to 0 by default. How do I get something to use my new route domain?

 

  • Hi Sarah

     

    I remember this to be a bit confusing too when I did it. Since you're resorting to route domains I assume that you have no other option? It can be really confusing. :)

     

    After creating your vlan you can move it to your route domain by going to Network -> Route domains and then choose the new route domain. In the config section you can move the new vlan to the new route domain. Hope that answers your question?

     

    /Patrik

     

  • Could you please add a simple visio? You might be able to use a performance L4 vip using a router/fw cluster as pool (with address and port translation disabled).

     

    If you go down the route domain paths you might want to look into partitions. They can ease some of the head aches by using the default route domain option. This would minimize the need to specify the %rd-id suffix in the GUI. :)

     

    /Patrik

     

  • Hi Sarah!

     

    Sorry for the late reply. I live in Sweden so my time zone is CET.

     

    Partitions is more of compartmentalization of parts of the configuration. Objects in Common is available to all partitions, while objects in the individual partitions is only available within that partition (there are exceptions, like referencing objects in iRules by absolute path. Ie "pool /Mypartition/mypool").

     

    When having a large F5 configuration, or using route domains, partitions is really great as it allows you to only see the configuration you need at the time.

     

    After looking at your drawing and thinking a bit I'd say route domains is better than the FastL4 VIP I mentioned. Since you need to separate traffic between DMZ and an internal VLAN there's a security factor as well and hence route domains would work better. Better prepare some aspirin though as they could indeed cause head aches. :)

     

    /Patrik

     

  • As long as you specify a default route domain the route domain suffix will automatically be added to your IP addresses. :)

     

    /Patrik