We help IT Professionals succeed at work.

F5 10000 Series, LTM - External Interface not comunicating - up on switch, up on F5 interface

On, a secondary standby LTM I am trying to configure.. the external interface shows as up, the switch it is connected to shows as up/up... however the cisco switch doesn't show the mac of the F5 in it's table and the ARP shows up as unresolved, incomplete, or just not there at all.

I tried just about everything I can think of, switch out sfps, changed interfaces, hardcoded everything, set everything on the switch and the F5 interface to exaclty the settings as another 10000 series that is working just fine... no matter what I have done so far, I can't get that port to pass traffic. According to the stats the F5 has inbound but no outbound traffic. The switch shows in and out traffic but no mac for the switch interface...

route is same to the gateway address. 0.0.0.0/0.0.0.0 to GW Address which was pushed from the primary.

The primary works fine, I can ping the self ip, floating ip, and vs ip. If I fail it over to the secondary, I can't ping the floating or the vs address either. same vlan and tagged with the correct switch vlan id.

Any Ideas? This has got me stumped!
Comment
Watch Question

Author

Commented:
Correction... The F5 Interface statistics show in and out traffic with all inbound traffic being dropped
Top Expert 2014

Commented:
Are you using VLAN's?  If so is the traffic tagged, or at least supposed to be tagged?

I know if you configure the F5 to have tagged traffic and the traffic comes in either untagged, or with a different VLAN the F5 will drop it.

Author

Commented:
Hey, both F5's are connected to the same switch. Both interfaces are configured for switchport access vlan xxx. The external interface is on both F5's are tagged xxx. The primary doesn't drop any traffic yet the secondary drops all inbound traffic.
Top Expert 2014
Commented:
I would run a packet capture on the physical interface (tcpdump -i #.#, where #.# is the nubber of the physical interface) of the secondary and see what it thinks is coming in.

I know we had a ton of drops on one of our interfaces where we were using tagged frames.  What we found is that the switch was setup to allow VLAN's that the F5 was not configured for, so the F5 was  dropping all of the frames for the "unknown" VLAN's.

Author

Commented:
You pointed me on the right track. I had the F5 interface set to untagged which should have worked and worked fine on the primary. To fix it, I changed the cisco switchport to trunk with just that vlan allowed and switched the F5 interface to tagged and all is good now Thanks, DC