net vlan
net vlan(1) BIG-IP TMSH Manual net vlan(1)
NAME
vlan - Configures a virtual local area network (VLAN).
MODULE
net
SYNTAX
Modify the vlan component within the net module using the syntax shown
in the following sections.
CREATE/MODIFY
create vlan [name]
modify vlan [name]
options:
app-service [[string] | none]
auto-lasthop [default | enabled | disabled ]
description [string]
failsafe [disabled | enabled]
failsafe-action [failover | failover-restart-tm | reboot | restart-all]
failsafe-timeout [integer]
fwd-mode [l3 | passive | virtual-wire | none]
interfaces
[add | delete | modify | replace-all-with] {
[name] ... {
[tagged | untagged]
tag-mode [ customer | service | double | none ]
}
}
interfaces none
learning [disable-drop | disable-forward | enable-forward]
mtu [integer]
sflow {
options:
poll-interval [integer]
poll-interval-global [no | yes]
sampling-rate [integer]
sampling-rate-global [no | yes]
}
source-checking [disabled | enabled]
tag [integer | 4096]
customer-tag [[string] | none]
cmp-hash [default | dst-ip | src-ip | ipport]
dag-tunnel [outer | inner]
dag-round-robin [disabled | enabled]
hardware-syncookie [disabled | enabled]
syncache-threshold [integer]
syn-flood-rate-limit [integer]
edit vlan [ [ [name] | [glob] | [regex] ] ... ]
options:
all-properties
non-default-properties
DISPLAY
list vlan
list vlan [ [ [name] | [glob] | [regex] ] ... ]
show running-config vlan
show running-config vlan
[ [ [name] | [glob] | [regex] ] ... ]
options:
all-properties
non-default-properties
one-line
show vlan
show vlan [ [ [name] | [glob] | [regex] ] ... ]
options:
all-properties
(default | exa | gig | kil | meg | peta | raw | tera | yotta | zetta)
field-fmt
DELETE
delete vlan [name]
DESCRIPTION
VLANs are part of the configuration of the BIG-IP(r) network
components. VLANs can be based on either ports or tags. When creating a
VLAN, a tag value for the VLAN is automatically chosen unless you
specify a tag value on the command line.
VLANs can have both tagged and untagged interfaces. You can add an
interface to multiple VLANs as a tagged interface. You can add an
interface to a single VLAN as an untagged interface. The tagged
traffic can be single tagged and double tagged.
Note: To reset the statistics that display when you use the command
sequence show vlan, you must reset the statistics for the trunks and
interfaces associated with the VLAN.
EXAMPLES
create vlan my_vlan interfaces add { 1.2 1.3 1.4 }
Create the VLAN my_vlan that includes the interfaces 1.2, 1.3, and 1.4.
delete vlan my_vlan
Delete the VLAN named my_vlan.
OPTIONS
app-service
Specifies the name of the application service to which the object
belongs. The default value is none. Note: If the strict-updates
option is enabled on the application service that owns the object,
you cannot modify or delete the object. Only the application
service can modify or delete the object.
description
User-defined description.
failsafe
Enables a fail-safe mechanism that causes the active cluster to
fail over to a redundant cluster when loss of traffic is detected
on a VLAN, and traffic is not restored during the failover timeout
period for that VLAN. The default value is disabled.
When you set the VLAN failsafe option to enabled, the default
failsafe-action value is restart-all. Therefore, when the fail-
safe mechanism is triggered, all the daemons are restarted and the
unit fails over.
failsafe-action
Specifies the action for the system to take when the fail-safe
mechanism is triggered. The default value is failover-restart-tm.
failsafe-timeout
Specifies the number of seconds that an active unit can run
without detecting network traffic on this VLAN before it starts a
failover. The default value is 90 seconds.
fwd-mode
Displays the current forwarding mode which is derived from the
vlan member port-fwd-mode property. This property is read-only and
cannot be modified. See "net interface" for details on port-fwd-
mode.
The options are:
l3 The VLAN consists of interface member(s) with port-fwd-mode
set to l3.
passive
The VLAN consists of interface member(s) with port-fwd-mode
set to passive.
virtual-wire
The VLAN consists of interface member(s) with port-fwd-mode
set to virtual-wire.
none The VLAN has no interface member.
glob Displays the items that match the glob expression. See help glob
for a description of glob expression syntax.
if-index
Displays the index assigned to this VLAN. It is a unique
identifier assigned for all objects displayed in the SNMP IF-MIB.
interfaces
Specifies a list of tagged or untagged interfaces and trunks that
you want to configure for the VLAN. Use tagged interfaces or
trunks when you want to assign a single interface or trunk to
multiple VLANs.
A tagged interface is one that you assign to a VLAN in a way that
causes the system to add a VLAN tag into the header of any frame
passing through that interface or trunk.
A trunk is a combination of two or more interfaces and cables
configured as one link.
tag-mode
Specifies the tag mode of the interface or trunk associated
with. The default value is none.
The available values are:
customer
Specifies tag-mode setting for vlan members that are
facing customer network and carry single tagged traffic.
service
Specifies tag-mode setting for vlan members that are
facing the service provider networks and carry single
tagged traffic.
double
Specifies tag-mode setting for vlan members that are
facing the service provider networks and carry double
tagged traffic.
none Specifies no tag-mode setting.
learning
Specifies whether switch ports placed in the VLAN are
configured for switch learning, forwarding only, or dropped.
The default value is enable-forward.
mtu Sets a specific maximum transition unit (MTU) for the VLAN.
The default value is 1500. This value does not include the
layer2 header.
name Specifies a unique name for the component. This option is
required for the commands create, delete, and modify.
regex
Displays the items that match the regular expression. The
regular expression must be preceded by an at sign (@[regular
expression]) to indicate that the identifier is a regular
expression. See help regex for a description of regular
expression syntax.
sflow
Specifies sFlow settings for the VLAN:
poll-interval
Specifies the maximum interval in seconds between two
pollings. The default value is 0. To enable this
setting, you must also set the poll-interval-global
setting to no.
poll-interval-global
Specifies whether the global VLAN poll-interval setting,
which is available under sys sflow global-settings
module, overrides the object-level poll-interval
setting. The default value is yes.
The available values are:
no Specifies to use the object-level poll-interval
setting.
yes Specifies to use the global VLAN poll-interval
setting.
sampling-rate
Specifies the ratio of packets observed to the samples
generated. For example, a sampling rate of 2000
specifies that 1 sample will be randomly generated for
every 2000 packets observed. The default value is 0. To
enable this setting, you must also set the sampling-
rate-global setting to no.
sampling-rate-global
Specifies whether the global VLAN sampling-rate setting,
which is available under sys sflow global-settings
module, overrides the object-level sampling-rate
setting. The default value is yes.
The available values are:
no Specifies to use the object-level sampling-rate
setting.
yes Specifies to use the global VLAN sampling-rate
setting.
source-checking
Specifies that only connections that have a return route in
the routing table are accepted. The default value is
disabled.
tag Specifies a number that the system adds into the header of
any frame passing through the VLAN. The value can be 1
through 4094, or 4096. The default is to not use this option,
and the system assigns a tag number between 1 to 4094. A VLAN
with the special tag 4096 is not used in the packet
processing path; rather it assists with virtual-wire
configuration, and such VLANs can only have interfaces with
the port-fwd-mode property set to virtual-wire.
customer-tag
Specifies a number that the system adds into the header of
any double tagged frame passing through the VLAN. The value
can be any of the following: 1 through 4094, or none. The
default is none.
cmp-hash
Specifies how the traffic on the VLAN will be disaggregated.
The traffic disaggregation on the VLAN can be based on source
ip, dest ip, or L4 ports. The default cmp hash uses L4 ports.
dag-tunnel
Specifies whether the ip tunnel traffic on the VLAN should be
disaggregated based on the inner ip header or outer ip
header. The default value is outer.
dag-round-robin
Specifies whether intended stateless traffic on the VLAN
should be disaggregated in a round-robin order instead of
using static hash. The stateless traffic include nonIP L2
traffic and user-specified UDP protocols. The sys db variable
dag.roundrobin.redag allows HSBs to round robin stateless
traffic to remote HSBs/blades.
hardware-syncookie
Enables hardware syncookie mode on a VLAN. When enabled, the
hardware per-VLAN SYN cookie protection will be triggered
when the certain traffic threshold is reached on supported
platforms. The default value is disabled.
syncache-threshold
Specifies the number of outstanding SYN packets on the VLAN
that will trigger the hardware per-VLAN SYN cookie
protection. The default value is set to 6000 packets.
syn-flood-rate-limit
Specifies the max number of SYN flood packets per second
received on the VLAN before the hardware per-VLAN SYN cookie
protection is triggered. The default value is set at 1000
packets per second.
SEE ALSO
create, delete, edit, glob, list, ltm virtual, modify, net interface,
net self, net vlan-group, regex, show, tmsh
COPYRIGHT
No part of this program may be reproduced or transmitted in any form or
by any means, electronic or mechanical, including photocopying,
recording, or information storage and retrieval systems, for any
purpose other than the purchaser's personal use, without the express
written permission of F5 Networks, Inc.
F5 Networks and BIG-IP (c) Copyright 2008-2013, 2015-2016. All rights
reserved.
BIG-IP 2017-12-14 net vlan(1)