net vlan-group
net vlan-group(1) BIG-IP TMSH Manual net vlan-group(1)
NAME
vlan-group - Configures a VLAN group.
MODULE
net
SYNTAX
Modify the vlan-group component within the net module using the syntax
shown in the following sections.
CREATE/MODIFY
create vlan-group [name]
modify vlan-group [name]
options:
app-service [[string] | none]
auto-lasthop [default | enabled | disabled ]
bridge-in-standby [disabled | enabled]
bridge-multicast [disabled | enabled]
bridge-traffic [disabled | enabled]
description [string]
members
[add | delete | replace-all-with] ] {
[vlan name] ...
}
members [default | none]
migration-keepalive [disabled | enabled]
mode [opaque | translucent | transparent | virtual-wire]
proxy-excludes
[add | delete | replace-all-with] ] {
[ip address] ...
}
proxy-excludes [default | none]
edit vlan-group [ [ [name] | [glob] | [regex] ] ... ]
options:
all-properties
non-default-properties
DISPLAY
list vlan-group
list vlan-group [ [ [name] | [glob] | [regex] ] ... ]
show running-config vlan-group
show running-config vlan-group
[ [ [name] | [glob] | [regex] ] ... ]
options:
all-properties
non-default-properties
one-line
show vlan-group
show vlan-group [ [ [name] | [glob] | [regex] ] ... ]
options:
all-properties
(default | exa | gig | kil | meg | peta | raw | tera | yotta | zetta)
field-fmt
DELETE
delete vlan-group [name]
DESCRIPTION
The vlan-group component defines a VLAN group, which is a grouping of
two or more VLANs belonging to the same IP network for the purpose of
allowing Layer 2 packet forwarding between those VLANs.
The VLANs between which the packets are to be passed must be on the
same IP network, and they must be grouped using the vlan-group
component. For example: modify vlan-group network11 members add {
internal external }.
EXAMPLES
create vlan-group my_vlan-group members add { vlan1 vlan2 }
Creates a VLAN group named my_vlan-group that consists of VLANs named
vlan1 and vlan2.
modify vlan-group proxy-excludes add { 10.10.10.1 }
Sets the global VLAN group proxy exclusion list.
delete vlan-group my_vlan-group
Deletes the VLAN group named my_vlan-group.
OPTIONS
app-service
Specifies the name of the application service to which the object
belongs. The default value is none. Note: If the strict-updates
option is enabled on the application service that owns the object,
you cannot modify or delete the object. Only the application
service can modify or delete the object.
bridge-traffic
When enabled, specifies that the VLAN group forwards all frames,
including non-IP traffic. The default value is disabled.
bridge-in-standby
When enabled, specifies that the VLAN group forwards packets, even
when the system is the standby unit in a redundant system. This
option is designed for deployments in which the VLAN group exists
on only one of the units. If that does not match your
configuration, using this option may cause adverse effects. The
default value is disabled.
bridge-multicast
When enabled, allows bridging of non-Internet Protocol (IP)
Address Resolution Protocol (ARP) multicast frames across a VLAN
group. An example of when you might want to use this option is
when you are implementing the Spanning Tree Protocol (STP).
description
User-defined description.
glob Displays the items that match the glob expression. See help glob
for a description of glob expression syntax.
if-index
Displays the index assigned to this VLAN group. It is a unique
identifier assigned for all objects displayed in the SNMP IF-MIB.
members
The names of the VLANs that you want to add to or delete from the
VLAN group.
migration-keepalive
Specifies whether the system will send keepalive frames (TCP
keepalives and empty UDP packets depending on the connection type)
when a node is moved from one VLAN group member to another VLAN
group member for all existing connections that the system has to
that node.
mode Specifies the level of exposure of remote MAC addresses within
VLAN groups. The default value is translucent.
The options are:
virtual-wire
Use this option to create a Layer 2 bridge that only forwards
traffic between two configured members. Traffic forwarded by
such a VLAN group keeps intact the Ethernet header from
ingress to egress, thus making this device transparent. A
VLAN group configured to be virtual-wire is restricted to two
member VLANs.
opaque
Use this option when you have a Cisco router in the network
sending CDP packets to the system. Because opaque VLAN groups
require a source and destination MAC address, and CDP packets
do not contain a source and destination MAC address, the CDP
packets are not forwarded through the VLAN group. This mode
changes the MAC address to the MAC address assigned to the
VLAN group, a proxy ARP with Layer 3 forwarding.
translucent
Uses the real MAC address of the requested host with the
locally unique bit toggled. Specifies that the system uses
Layer 2 forwarding with locally-unique bit, toggled in ARP
response across VLANs.
transparent
Leaves the MAC address unchanged by the traffic management
system. Specifies that the system uses Layer 2 forwarding
with the original MAC address of the remote system preserved
across VLANs.
name Specifies a unique name for the component. This option is required
for the commands create, delete, and modify.
proxy-excludes
Specifies the IP addresses that you want to include in the proxy
ARP exclusion list. If you use VLAN groups, you must configure a
proxy ARP forwarding exclusion list. F5 Networks recommends that
you configure this feature if you use VLAN groups with a redundant
system. The reason is that both units need to communicate directly
with their gateways and the back-end nodes. Creating a proxy ARP
exclusion list prevents traffic from being proxied through the
active unit due to proxy ARP. This traffic needs to be sent
directly to the destination, not proxied.
regex
Displays the items that match the regular expression. The regular
expression must be preceded by an at sign (@[regular expression])
to indicate that the identifier is a regular expression. See help
regex for a description of regular expression syntax.
SEE ALSO
create, delete, edit, glob, list, modify, net interface, net self,
net vlan, regex, show, tmsh
COPYRIGHT
No part of this program may be reproduced or transmitted in any form or
by any means, electronic or mechanical, including photocopying,
recording, or information storage and retrieval systems, for any
purpose other than the purchaser's personal use, without the express
written permission of F5 Networks, Inc.
F5 Networks and BIG-IP (c) Copyright 2008-2013, 2015. All rights
reserved.
BIG-IP 2017-07-06 net vlan-group(1)