Forum Discussion
Jim_McCarron_44
Jun 03, 2011Historic F5 Account
Its not so easy to follow without a diagram. A few questions....
Which VLAN will each channel be in? Is Channel1, going to be in VLAN32? and channel 2 in VLAN 114? If so then this is what we call a dual VLAN setup... with Proxy IP addresses in one subnet, and VIPs in another.
You need to ensure that the proxy IP addresses are routable, as they will be used to talk to any authentication services (domain controllers for CIFS, and NIS servers for NFS). Management IP addresses are used for things like gateway monitoring and communication to the Quorum disk (for redundancy)... you don't need separate VLANs for in-band management. If you make the 114 net non-routable, then you could end up breaking authentication. You'll need to at least allow routing for the proxy IP addresses on the ARX to reach outside resources, and external authentication resources will need to be able to communicate back to the proxy IP addresses.
I don't understand the comment: "2 ports in-band management", your channels should be your "in-band" ports, so Management IP addresses should be assigned to each VLAN, in addition to you MIP's and VIP's.