net vlan-group
net vlan-group(1) BIG-IP TMSH Manual net vlan-group(1)
NAME
vlan-group - Configures a VLAN group.
MODULE
net
SYNTAX
Modify the vlan-group component within the net module using the syntax shown in the following sections.
CREATE/MODIFY
create vlan-group [name]
modify vlan-group [name]
options:
app-service [[string] | none]
auto-lasthop [default | enabled | disabled ]
bridge-in-standby [disabled | enabled]
bridge-multicast [disabled | enabled]
bridge-traffic [disabled | enabled]
description [string]
members
[add | delete | replace-all-with] ] {
[vlan name] ...
}
members [default | none]
migration-keepalive [disabled | enabled]
mode [opaque | translucent | transparent | virtual-wire]
proxy-excludes
[add | delete | replace-all-with] ] {
[ip address] ...
}
proxy-excludes [default | none]
edit vlan-group [ [ [name] | [glob] | [regex] ] ... ]
options:
all-properties
non-default-properties
DISPLAY
list vlan-group
list vlan-group [ [ [name] | [glob] | [regex] ] ... ]
show running-config vlan-group
show running-config vlan-group
[ [ [name] | [glob] | [regex] ] ... ]
options:
all-properties
non-default-properties
one-line
show vlan-group
show vlan-group [ [ [name] | [glob] | [regex] ] ... ]
options:
all-properties
(default | exa | gig | kil | meg | peta | raw | tera | yotta | zetta)
field-fmt
DELETE
delete vlan-group [name]
DESCRIPTION
The vlan-group component defines a VLAN group, which is a grouping of two or more VLANs belonging to the same
IP network for the purpose of allowing Layer 2 packet forwarding between those VLANs.
The VLANs between which the packets are to be passed must be on the same IP network, and they must be grouped
using the vlan-group component. For example: modify vlan-group network11 members add { internal external }.
EXAMPLES
create vlan-group my_vlan-group members add { vlan1 vlan2 }
Creates a VLAN group named my_vlan-group that consists of VLANs named vlan1 and vlan2.
modify vlan-group proxy-excludes add { 10.10.10.1 }
Sets the global VLAN group proxy exclusion list.
delete vlan-group my_vlan-group
Deletes the VLAN group named my_vlan-group.
OPTIONS
app-service
Specifies the name of the application service to which the object belongs. The default value is none.
Note: If the strict-updates option is enabled on the application service that owns the object, you cannot
modify or delete the object. Only the application service can modify or delete the object.
bridge-traffic
When enabled, specifies that the VLAN group forwards all frames, including non-IP traffic. The default
value is disabled.
bridge-in-standby
When enabled, specifies that the VLAN group forwards packets, even when the system is the standby unit in
a redundant system. This option is designed for deployments in which the VLAN group exists on only one of
the units. If that does not match your configuration, using this option may cause adverse effects. The
default value is disabled.
bridge-multicast
When enabled, allows bridging of non-Internet Protocol (IP) Address Resolution Protocol (ARP) multicast
frames across a VLAN group. An example of when you might want to use this option is when you are
implementing the Spanning Tree Protocol (STP).
description
User-defined description.
glob Displays the items that match the glob expression. See help glob for a description of glob expression
syntax.
if-index
Displays the index assigned to this VLAN group. It is a unique identifier assigned for all objects
displayed in the SNMP IF-MIB.
members
The names of the VLANs that you want to add to or delete from the VLAN group.
migration-keepalive
Specifies whether the system will send keepalive frames (TCP keepalives and empty UDP packets depending
on the connection type) when a node is moved from one VLAN group member to another VLAN group member for
all existing connections that the system has to that node.
mode Specifies the level of exposure of remote MAC addresses within VLAN groups. The default value is
translucent.
The options are:
virtual-wire
Use this option to create a Layer 2 bridge that only forwards traffic between two configured
members. Traffic forwarded by such a VLAN group keeps intact the Ethernet header from ingress to
egress, thus making this device transparent. A VLAN group configured to be virtual-wire is
restricted to two member VLANs.
opaque
Use this option when you have a Cisco router in the network sending CDP packets to the system.
Because opaque VLAN groups require a source and destination MAC address, and CDP packets do not
contain a source and destination MAC address, the CDP packets are not forwarded through the VLAN
group. This mode changes the MAC address to the MAC address assigned to the VLAN group, a proxy ARP
with Layer 3 forwarding.
translucent
Uses the real MAC address of the requested host with the locally unique bit toggled. Specifies that
the system uses Layer 2 forwarding with locally-unique bit, toggled in ARP response across VLANs.
transparent
Leaves the MAC address unchanged by the traffic management system. Specifies that the system uses
Layer 2 forwarding with the original MAC address of the remote system preserved across VLANs.
name Specifies a unique name for the component. This option is required for the commands create, delete, and
modify.
proxy-excludes
Specifies the IP addresses that you want to include in the proxy ARP exclusion list. If you use VLAN
groups, you must configure a proxy ARP forwarding exclusion list. F5 Networks recommends that you
configure this feature if you use VLAN groups with a redundant system. The reason is that both units need
to communicate directly with their gateways and the back-end nodes. Creating a proxy ARP exclusion list
prevents traffic from being proxied through the active unit due to proxy ARP. This traffic needs to be
sent directly to the destination, not proxied.
regex
Displays the items that match the regular expression. The regular expression must be preceded by an at
sign (@[regular expression]) to indicate that the identifier is a regular expression. See help regex for
a description of regular expression syntax.
SEE ALSO
create, delete, edit, glob, list, modify, net interface, net self, net vlan, regex, show, tmsh
COPYRIGHT
No part of this program may be reproduced or transmitted in any form or by any means, electronic or
mechanical, including photocopying, recording, or information storage and retrieval systems, for any purpose
other than the purchaser's personal use, without the express written permission of F5 Networks, Inc.
F5 Networks and BIG-IP (c) Copyright 2008-2013, 2015. All rights reserved.
BIG-IP 2017-07-06 net vlan-group(1)