Minimum number of VLANS tag required for the 5 VLANS on a single interface of F5

Question

I had a question during my preparation for F5: 101 exams.

A BIG-IP Administrator has five VLANS that must be assigned to a single interface.
What is the minimum number of VLANs that need to be set as 'tagged'?

The options are
5
0
1
4

As per my understanding, when a single interface consists of more than one VLAN then each individual VLAN requires a tag, in short, trunking is used to be able to communicate.
But in the case of the F5 appliance, I found out that LACP is known as trunking. So what would be the right answer to the above question?

sebastiansierra · Accepted Answer

Hi Nishal,For a better understanding of the Untagged, referer to this link:https://networkdirection.net/articles/network-theory/taggeduntaggedandnativevlans/In your example:1. The external net has the tagged network 10, so F5 tag the traffic to tag 10, creating a broadcast in this network with all interconnected devices, allowing communication with all hosts.2.The internal net is untagged, The F5 send the traffic to the Switch untagged, The switch set the default vlan for untagged traffic, and interconect with other switch or host where are located the servers with the vlan tagged or untagged, it depends of your network configuration. So then the the broadcast domain is allowed to communicate all the host corresponding to the network configured in the self-ip created with the vlan untagged.

sebastiansierra · Answer

Hi,The minimun number in your example are 4 vlans in tagged mode, because 1 of the vlans can be assigned as untagged.

nishal_rai · Answer

Hello Sebastiansierra,Thank you and sorry for the late response.

nishal_rai · Answer

Sorry Sebastuansierra but, I just found a small issue to understand the answer like in the case of the above question:

When the four VLANs are tagged and a single VLAN is untagged on a single interface of F5 then as per my understanding - when an untagged frame (untagged VLAN) is received by the tagged port then the receiving device like the switch will embed the native VLAN on the untagged frame. And, when the recently added native VLAN tag frame leaves the received device, then the native VLAN is stripped off from the frame field.

Since F5 WAF works on delayed binding if the full proxy is enabled where F5 creates two separate connections between the client and the real server. So, how does the F5 handles that untagged frame on the client-side of the F5 WAF?
As mentioned earlier, when the native VLAN is added on the untagged frame will get stripped out when it leaves the receiving device and the untagged frame does the same with the tagged port if there is a switch or some kind of networking device in between the server-side F5 WAF and the real physical server.

I have also attached the network architecture of the following addressed concerns.

Thank you.

giorgio_serafin · Answer

Hello,I have read your posts but I still don't understand what the answer to the original question is.thank you

Forum Discussion

Minimum number of VLANS tag required for the 5 VLANS on a single interface of F5

5 Replies

Recent Discussions

Failed to convert character dclid=%EDclid!

ASM - Parent policy vs OWASPcompliance

Rewrite uri translation not working

CONNECTION IS LOST DUE TO SELF IP IS DELIVERED

APM OCSP Responder Issues

Related Content

Application Programming Interface (API) Authentication types simplified

Reminder: MFA now required to log in to DevCentral

DevCentral to Require Multi-Factor Authentication for Account Login from September 26

F5 BIG-IP Sizing Requirement

API Security requirement?