Identify a connection with layer 2 parameters

Generally, to identify a connection, the Citrix ADC appliance uses the 4-tuple of client IP address, client port, destination IP address, and destination port. When you enable the L2 Connection option, the Layer 2 parameters of the connection (channel number, MAC address, and VLAN ID) are used in addition to the normal 4-tuple.

Enabling the L2Conn parameter for a load balancing virtual server allows multiple TCP and non-TCP connections with the same 4-tuple (<source IP>:<source port>::<destination IP>:<destination port>) to co-exist on the Citrix ADC appliance. The appliance uses both the 4-tuple and the Layer 2 parameters to identify TCP and non-TCP connections.

You can enable the L2Conn option in the following scenarios:

  • Multiple VLANs are configured on the Citrix ADC appliance, and a firewall is set up for each VLAN.
  • You want the traffic originating from the servers in one VLAN and bound for a virtual server in another VLAN to pass through the firewalls configured for both VLANs.

Therefore, when an nCore Citrix ADC appliance on which the l2Conn parameter is set for one or more load balancing virtual servers is downgraded to a Classic build or to an nCore build that does not support the l2Conn parameter, the load balancing configurations that use the l2Conn parameter become ineffective.

To configure the L2 connection option by using the CLI

At the command prompt, type:

add lb vserver <name> <serviceType> <IPAddress>@ <port> -l2Conn ON


 add lb vserver LB-VIP1 HTTP 80 -l2Conn ON

To configure the L2 connection option by using the GUI

  1. Navigate to Traffic Management > Load Balancing > Virtual Servers, and open a virtual server.
  2. In Advanced Settings, select Traffic Settings, and select Layer 2 Parameters.
Identify a connection with layer 2 parameters