net vlan
net vlan(1) BIG-IP TMSH Manual net vlan(1)
NAME
vlan - Configures a virtual local area network (VLAN).
MODULE
net
SYNTAX
Modify the vlan component within the net module using the syntax shown in the following sections.
CREATE/MODIFY
create vlan [name]
modify vlan [name]
options:
app-service [[string] | none]
auto-lasthop [default | enabled | disabled ]
description [string]
failsafe [disabled | enabled]
failsafe-action [failover | failover-restart-tm | reboot | restart-all]
failsafe-timeout [integer]
fwd-mode [l3 | passive | virtual-wire | none]
interfaces
[add | delete | modify | replace-all-with] {
[name] ... {
[tagged | untagged]
tag-mode [ customer | service | double | none ]
}
}
interfaces none
learning [disable-drop | disable-forward | enable-forward]
mtu [integer]
sflow {
options:
poll-interval [integer]
poll-interval-global [no | yes]
sampling-rate [integer]
sampling-rate-global [no | yes]
}
source-checking [disabled | enabled]
tag [integer | 4096]
customer-tag [[string] | none]
cmp-hash [default | dst-ip | src-ip | ipport]
dag-tunnel [outer | inner]
dag-round-robin [disabled | enabled]
hardware-syncookie [disabled | enabled]
syncache-threshold [integer]
syn-flood-rate-limit [integer]
edit vlan [ [ [name] | [glob] | [regex] ] ... ]
options:
all-properties
non-default-properties
DISPLAY
list vlan
list vlan [ [ [name] | [glob] | [regex] ] ... ]
show running-config vlan
show running-config vlan
[ [ [name] | [glob] | [regex] ] ... ]
options:
all-properties
non-default-properties
one-line
show vlan
show vlan [ [ [name] | [glob] | [regex] ] ... ]
options:
all-properties
(default | exa | gig | kil | meg | peta | raw | tera | yotta | zetta)
field-fmt
DELETE
delete vlan [name]
DESCRIPTION
VLANs are part of the configuration of the BIG-IP(r) network components. VLANs can be based on either ports or
tags. When creating a VLAN, a tag value for the VLAN is automatically chosen unless you specify a tag value on
the command line.
VLANs can have both tagged and untagged interfaces. You can add an interface to multiple VLANs as a tagged
interface. You can add an interface to a single VLAN as an untagged interface. The tagged traffic can be
single tagged and double tagged.
Note: To reset the statistics that display when you use the command sequence show vlan, you must reset the
statistics for the trunks and interfaces associated with the VLAN.
EXAMPLES
create vlan my_vlan interfaces add { 1.2 1.3 1.4 }
Create the VLAN my_vlan that includes the interfaces 1.2, 1.3, and 1.4.
delete vlan my_vlan
Delete the VLAN named my_vlan.
OPTIONS
app-service
Specifies the name of the application service to which the object belongs. The default value is none.
Note: If the strict-updates option is enabled on the application service that owns the object, you cannot
modify or delete the object. Only the application service can modify or delete the object.
description
User-defined description.
failsafe
Enables a fail-safe mechanism that causes the active cluster to fail over to a redundant cluster when
loss of traffic is detected on a VLAN, and traffic is not restored during the failover timeout period for
that VLAN. The default value is disabled.
When you set the VLAN failsafe option to enabled, the default failsafe-action value is restart-all.
Therefore, when the fail-safe mechanism is triggered, all the daemons are restarted and the unit fails
over.
failsafe-action
Specifies the action for the system to take when the fail-safe mechanism is triggered. The default value
is failover-restart-tm.
failsafe-timeout
Specifies the number of seconds that an active unit can run without detecting network traffic on this
VLAN before it starts a failover. The default value is 90 seconds.
fwd-mode
Displays the current forwarding mode which is derived from the vlan member port-fwd-mode property. This
property is read-only and cannot be modified. See "net interface" for details on port-fwd-mode.
The options are:
l3 The VLAN consists of interface member(s) with port-fwd-mode set to l3.
passive
The VLAN consists of interface member(s) with port-fwd-mode set to passive.
virtual-wire
The VLAN consists of interface member(s) with port-fwd-mode set to virtual-wire.
none The VLAN has no interface member.
glob Displays the items that match the glob expression. See help glob for a description of glob expression
syntax.
if-index
Displays the index assigned to this VLAN. It is a unique identifier assigned for all objects displayed in
the SNMP IF-MIB.
interfaces
Specifies a list of tagged or untagged interfaces and trunks that you want to configure for the VLAN. Use
tagged interfaces or trunks when you want to assign a single interface or trunk to multiple VLANs.
A tagged interface is one that you assign to a VLAN in a way that causes the system to add a VLAN tag
into the header of any frame passing through that interface or trunk.
A trunk is a combination of two or more interfaces and cables configured as one link.
tag-mode
Specifies the tag mode of the interface or trunk associated with. The default value is none.
The available values are:
customer
Specifies tag-mode setting for vlan members that are facing customer network and carry single
tagged traffic.
service
Specifies tag-mode setting for vlan members that are facing the service provider networks and
carry single tagged traffic.
double
Specifies tag-mode setting for vlan members that are facing the service provider networks and
carry double tagged traffic.
none Specifies no tag-mode setting.
learning
Specifies whether switch ports placed in the VLAN are configured for switch learning, forwarding
only, or dropped. The default value is enable-forward.
mtu Sets a specific maximum transition unit (MTU) for the VLAN. The default value is 1500. This value
does not include the layer2 header.
name Specifies a unique name for the component. This option is required for the commands create, delete,
and modify.
regex
Displays the items that match the regular expression. The regular expression must be preceded by an
at sign (@[regular expression]) to indicate that the identifier is a regular expression. See help
regex for a description of regular expression syntax.
sflow
Specifies sFlow settings for the VLAN:
poll-interval
Specifies the maximum interval in seconds between two pollings. The default value is 0. To
enable this setting, you must also set the poll-interval-global setting to no.
poll-interval-global
Specifies whether the global VLAN poll-interval setting, which is available under sys sflow
global-settings module, overrides the object-level poll-interval setting. The default value is
yes.
The available values are:
no Specifies to use the object-level poll-interval setting.
yes Specifies to use the global VLAN poll-interval setting.
sampling-rate
Specifies the ratio of packets observed to the samples generated. For example, a sampling rate
of 2000 specifies that 1 sample will be randomly generated for every 2000 packets observed. The
default value is 0. To enable this setting, you must also set the sampling-rate-global setting
to no.
sampling-rate-global
Specifies whether the global VLAN sampling-rate setting, which is available under sys sflow
global-settings module, overrides the object-level sampling-rate setting. The default value is
yes.
The available values are:
no Specifies to use the object-level sampling-rate setting.
yes Specifies to use the global VLAN sampling-rate setting.
source-checking
Specifies that only connections that have a return route in the routing table are accepted. The
default value is disabled.
tag Specifies a number that the system adds into the header of any frame passing through the VLAN. The
value can be 1 through 4094, or 4096. The default is to not use this option, and the system assigns
a tag number between 1 to 4094. A VLAN with the special tag 4096 is not used in the packet
processing path; rather it assists with virtual-wire configuration, and such VLANs can only have
interfaces with the port-fwd-mode property set to virtual-wire.
customer-tag
Specifies a number that the system adds into the header of any double tagged frame passing through
the VLAN. The value can be any of the following: 1 through 4094, or none. The default is none.
cmp-hash
Specifies how the traffic on the VLAN will be disaggregated. The traffic disaggregation on the VLAN
can be based on source ip, dest ip, or L4 ports. The default cmp hash uses L4 ports.
dag-tunnel
Specifies whether the ip tunnel traffic on the VLAN should be disaggregated based on the inner ip
header or outer ip header. The default value is outer.
dag-round-robin
Specifies whether intended stateless traffic on the VLAN should be disaggregated in a round-robin
order instead of using static hash. The stateless traffic include nonIP L2 traffic and user-
specified UDP protocols. The sys db variable dag.roundrobin.redag allows HSBs to round robin
stateless traffic to remote HSBs/blades.
hardware-syncookie
Enables hardware syncookie mode on a VLAN. When enabled, the hardware per-VLAN SYN cookie protection
will be triggered when the certain traffic threshold is reached on supported platforms. The default
value is disabled.
syncache-threshold
Specifies the number of outstanding SYN packets on the VLAN that will trigger the hardware per-VLAN
SYN cookie protection. The default value is set to 6000 packets.
syn-flood-rate-limit
Specifies the max number of SYN flood packets per second received on the VLAN before the hardware
per-VLAN SYN cookie protection is triggered. The default value is set at 1000 packets per second.
SEE ALSO
create, delete, edit, glob, list, ltm virtual, modify, net interface, net self, net vlan-group, regex, show,
tmsh
COPYRIGHT
No part of this program may be reproduced or transmitted in any form or by any means, electronic or
mechanical, including photocopying, recording, or information storage and retrieval systems, for any purpose
other than the purchaser's personal use, without the express written permission of F5 Networks, Inc.
F5 Networks and BIG-IP (c) Copyright 2008-2013, 2015-2016. All rights reserved.
BIG-IP 2017-12-14 net vlan(1)