HOW TO: LACP trunk (Port-channel) on F5 LTMs.

LinkedIn
Facebook
Facebook
Google+
https://netfixpro.com/lacp-trunk-on-f5-ltms/
RSS
Follow by Email

This article presents an example of creating an LACP port-channel on F5s.

As shown in the diagram above, I have two F5 LTMs F5-1 and F5-2 (running 11.5.x code) connected to Cisco IOS switches Switch1 and Switch2. Both F5’s interface 1.1 and 1.2 are connected to Gig0/1 and Gig0/2 of both switches respectively. Interface 1.1 are part of VLAN named EXTERNAL and interface 1.2 are part of VLAN named INTERNAL on both F5s.

Here is the portion of an existing configuration from F5s and Switches.

Click here →

To view Initial configuration of routers for this article lab

F5-1

Existing Self-IP configuration
root@(F5-1)(cfg-sync In Sync)(Active)(/Common)(tmos)# list net self one-line

net self 10.2.2.1 { address 10.2.2.1/30 allow-service { default } fw-enforced-policy FAILOVER traffic-group traffic-group-local-only vlan FAILOVER }
!
net self EXTERNAL-FLOAT { address 192.168.19.3/24 floating enabled traffic-group traffic-group-1 unit 1 vlan EXTERNAL }
net self EXTERNAL-SELF { address 192.168.19.40/24 traffic-group traffic-group-local-only vlan EXTERNAL }
!
net self INTERNAL-FLOAT { address 172.16.250.1/24 floating enabled traffic-group traffic-group-1 unit 1 vlan INTERNAL }
net self INTERNAL-SELF { address 172.16.250.2/24 traffic-group traffic-group-local-only vlan INTERNAL }
Existing VLAN configuration
root@(F5-1)(cfg-sync In Sync)(Active)(/Common)(tmos)# list net vlan one-line

net vlan FAILOVER { if-index 272 interfaces { 1.4 { } } tag 4092 }
net vlan EXTERNAL { failsafe enabled failsafe-action failover failsafe-timeout 10 if-index 256 interfaces { 1.1 { tagged } } tag 101 }
net vlan INTERNAL { failsafe enabled failsafe-action failover failsafe-timeout 10 if-index 288 interfaces { 1.2 { tagged } } tag 201 }

Switch 1

Existing switch port configuration
interface GigabitEthernet0/1
 switchport trunk allowed vlan 101
 switchport mode trunk
!
interface GigabitEthernet0/2
 switchport trunk allowed vlan 201
 switchport mode trunk

F5-2

Existing Self-IP configuration
root@(F5-2)(cfg-sync In Sync)(Standby)(/Common)(tmos)# list net self one-line

net self 10.2.2.2 { address 10.2.2.2/30 allow-service { default } fw-enforced-policy FAILOVER traffic-group traffic-group-local-only vlan FAILOVER }
!
net self EXTERNAL-SELF { address 192.168.19.41/24 traffic-group traffic-group-local-only vlan EXTERNAL }
net self EXTERNAL-FLOAT { address 192.168.19.3/24 floating enabled traffic-group traffic-group-1 unit 1 vlan EXTERNAL }
!
net self INTERNAL-FLOAT { address 172.16.250.1/24 floating enabled traffic-group traffic-group-1 unit 1 vlan INTERNAL }
net self EXTERNAL-SELF { address 192.168.19.40/24 traffic-group traffic-group-local-only vlan EXTERNAL }
net self INTERNAL-SELF { address 172.16.250.3/24 traffic-group traffic-group-local-only vlan INTERNAL }
Existing VLAN configuration
root@(F5-2)(cfg-sync In Sync)(Standby)(/Common)(tmos)# list net vlan one-line

net vlan FAILOVER { if-index 272 interfaces { 1.4 { } } tag 4092 }
net vlan EXTERNAL { failsafe enabled failsafe-action failover failsafe-timeout 10 if-index 256 interfaces { 1.1 { tagged } } tag 101 }
net vlan INTERNAL { failsafe enabled failsafe-action failover failsafe-timeout 10 if-index 288 interfaces { 1.2 { tagged } } tag 201 }

Switch 2

Existing switch port configuration
interface GigabitEthernet0/1
 switchport trunk allowed vlan 101
 switchport mode trunk
!
interface GigabitEthernet0/2
 switchport trunk allowed vlan 201
 switchport mode trunk
Configuration

Now let’s create port-channels on both F5s and Switches. We will combine both interface 1.1 and 1.2 on F5s as part of a port-channel and both interface Gig0/1 and Gig0/2 on switches as part of port-channel.

On Both F5s

Configure a port-channel on the F5.

Remove all interfaces from both VLANs that needs to be trunked (port-channeled) together.

modify net vlan EXTERNAL interfaces none
modify net vlan INTERNAL interfaces none

Create a port-channel (F5 calls it Trunk)

create net trunk PortChannel { interfaces add { 1.1 1.2 } lacp enabled }

Assign newly created port-channel interface to both VLANs. Since we are combining multiple VLANs, I am tagging VLANs also.

modify net vlan EXTERNAL interfaces add { PortChannel { tagged } } tag 101
modify net vlan INTERNAL interfaces add { PortChannel { tagged } } tag 201

On both Switches

Configure a port-channel on the cisco switch.

It is recommended to clear all configuration of switch-ports before configuring them as part of port-channel on switches. The default interface is a very handy command to clear all configuration of a switch-port.

default interface GigabitEthernet0/1
default interface GigabitEthernet0/2

Create a port-channel on switch1 and trunk both VLANs as part of port-channel.

interface range GigabitEthernet0/1-2
  speed 1000
  dup full
  channel-group 1 mode active

interface Po1
  switchport mode trunk
  switchport trunk allowed vlan add 101,201
Verification

Once configured, verify port-channel status on both F5s and switches.

On a F5

show net trunk

-----------------------------------------------------------------
Net::Trunk
Name  Status  Bandw  Bits  Bits  Errs  Errs   Drops  Drops  Colli
               Mbps    In   Out    In   Out      In    Out  sions
-----------------------------------------------------------------
PC        up   2000  2.5G  2.8G     0     0  109.9K      0      0

  -------------------------------------------
  | Net::LACP Status (trunk: PortChannel)
  -------------------------------------------
  |                      SysID  Key  Priority
  | Actor    00:01:11:11:22:22    3     26496
  | Partner  00:01:11:11:33:33    6     32768

On a switch

show etherchannel summary | be Group
Group  Port-channel  Protocol    Ports
------+-------------+-----------+-----------------------------------------------
1      Po1(SU)         LACP      Gi0/1(P)   Gi0/2(P)

I hope you enjoyed this article. Please feel free to leave a comment or feedback.

LinkedIn
Facebook
Facebook
Google+
https://netfixpro.com/lacp-trunk-on-f5-ltms/
RSS
Follow by Email

Ashutosh Patel

Ashutosh Patel is the Author and editor of netfixpro.com. He currently works as a Network Security Architect. Follow him on following social media to know more about him.

One thought on “HOW TO: LACP trunk (Port-channel) on F5 LTMs.

  • December 18, 2017 at 11:16 AM
    Permalink

    thanks – clearest trunk/PO explanation I could find out there…askF5 never too much help —

    That said :
    I get the following via GUI or CLI

    01070734:3: Configuration error: vmw-compat: vlan member type must be an interface

    jfyi:F5-2 has to EXTERNAL interfaces ;-p

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

Show Buttons
Hide Buttons

Enjoy this article? Please spread the word :)