Last Modified: Oct 15, 2025
Affected Product(s):
BIG-IP LTM
Known Affected Versions:
17.1.2.1, 17.1.2.2, 17.5.0, 17.5.1, 17.5.1.2, 17.5.1.3
Fixed In:
17.1.3
Opened: May 05, 2025 Severity: 3-Major
SSL Orchestrator l2 inline monitors may not function correctly on r2000 or r4000 tenants.
The l2 inline service monitored via these interfaces will be marked down.
-- SSL Orchestrator -- l2 inline monitor A traffic capture will show packets being egressed out one interface and not arriving at the other.
The issue is due to the MAC filter that is installed for every interface's MAC address. When the filter also matches a vlan MAC address this issue occurrs. Compare the output of tmsh show net interface all-properties and tmsh show net vlan and make sure there is no MAC overlap. If there is, create some "dummy" vlans to move the overlap. After creating dummy vlans, re-assign the MACs with the following command tmsh modify ltm global-settings general share-single-mac global tmsh modify ltm global-settings general share-single-mac unique
We now provide a workaround to disable MAC filters via xnet_init.tcl echo -e "drvcfg iavf uc_mac_filter 0\ndrvcfg iavf mc_mac_filter 0" >> /config/xnet_init.tcl bigstart restart tmm