The BIG-IP Controller supports VLANs based on the IEEE 802.1q Trunk mode on BIG-IP Controller internal interfaces. VLAN tags are not supported on the external interfaces. You can define a single VLAN tag for each IP address defined for each BIG-IP Controller internal interface. This includes node network addresses, administrative addresses, shared administrative aliases, and additional aliases.
In order to use VLAN tags, you must edit /etc/netstart. Additionally, if you plan to use VLAN tags on a redundant BIG-IP system, you must add VLAN tags to the shared IP aliases in BIG/db using the bigpipe ipalias command.
You must specify the VLAN tag ID for the network at the time you define the network address for a particular internal interface. You can do this by extending the additional_xxx definition for the internal interface (where xxx is the interface name, such as exp0, exp1, or hmc0). For example, if you have an internal interface IP defined as:
To define a VLAN tag ID 12 for this network (10.0.0.0), extend the additional_exp1 definition in the following manner:
additional_exp1="broadcast 10.255.255.255 vlan 12"
Do this for each internal interface for which you want to define a VLAN tag ID.
For a redundant configuration, the BIG/db database contains the shared IP addresses for the internal and external interfaces for the BIG-IP Controller. If you plan to use VLAN tags on a redundant BIG-IP system, you must add the shared IP addresses to this database. Use the following syntax to add VLAN tag definitions to BIG/db.
bigpipe ipalias <ifname> <if address> netmask <ip mask> [ broadcast
<ip address> ] [ unit <id> ] [ tag <vlan tag> ]
For example, using the previous example, this line is extended with the same VLAN tag defined for its primary address, in this case 12:
bigpipe ipalias exp1 10.1.1.10 netmask 255.0.0.0 broadcast
10.255.255.255 tag 12
In order to set up multiple VLANs on the same interface, you need to add a new IP address for the interface. The BIG-IP Controller only supports one VLAN ID per network.
For example, to support an additional network, 184.108.40.206, with a VLAN tag ID of 15 on the same interface, add the following line to your /etc/netstart file after the ifconfig command:
/sbin/ifconfig exp1 add 220.127.116.11 netmask 255.0.0.0 media
100BaseTX,FDX broadcast 18.104.22.168 vlan 15
Note that you must add a shared address to the BIG/db file with the bigpipe ipalias command in a redundant BIG-IP system:
bigpipe ipalias exp1 22.214.171.124 netmask 255.0.0.0 broadcast
126.96.36.199 tag 15
Once you have added VLAN tags, you can use the bigpipe interface command to enable, disable, or show the current settings for the interface. To globally enable or disable the VLAN tags for an internal interface, use the following syntax:
bigpipe interface <ifname> vlans [ enable | disable | show ]
For example, use the following command to enable VLAN tags on the interface exp1:
bigpipe interface exp1 vlans enable
You must use the ifconfig command to define multiple, different VLAN tagged networks on the same interface. For example, use the following syntax to add a new VLAN tagged network on the same interface:
ifconfig exp1 add <address> netmask <mask> broadcast <address> vlan
Note that the BIG-IP Controller allows one VLAN tag per network. In a redundant configuration, you need to add a new shared address on the new network with the identical VLAN tag ID in the BIG/db database with the bigpipe ipalias command.
You can also use ifconfig to display VLAN information for the interface exp1 with the following command:
You can also use the netstat utility to display VLAN tag information with the route table for the BIG-IP Controller. Use the following syntax to display VLAN tag information with netstat:
You can use the Configuration utility to enable or disable VLAN tags once they are configured on the BIG-IP Controller.
Note: You can only enable or disable VLAN tags in the Configuration utility. VLAN tags must be configured by adding VLAN tag values to the /etc/netstart file (and the BIG/db with the bigpipe ipalias command for redundant configurations). The Configuration utility can only enable or disable VLAN tags that have been configured in those files.