Configuring VLAN Rule Definitions Defining VLAN Rules
page 12-10 OmniSwitch 6800/6850/9000 Network Configuration Guide March 2008
Note. If the contents of a mobile port frame matches the values specified in both an IP network address
rule and a port-protocol binding rule, the IP network address rule takes precedence. However, if the
contents of such frame violates the port-protocol binding rule, the frame is dropped.
Configuring VLAN Rule Definitions
Note the following when configuring rules for a VLAN:
• The VLAN must already exist. Use the vlan command to create a new VLAN or the show vlan
command to verify a VLAN is already configured. Refer to Chapter 4, “Configuring VLANs,” for
more information.
• Which type of rule is needed; DHCP, binding, MAC address, protocol, network address, or port. Refer
to “VLAN Rule Types” on page 12-4 for a summary of rule type definitions.
• IP network address rules are applied to traffic received on both mobile and fixed ports. If traffic
contains a source IP address that is included in the subnet specified by the rule, the traffic is dropped.
This does not occur, however, if the IP network address rule is configured on the default VLAN for the
fixed port.
• If mobile port traffic matches rules defined for more than one VLAN, the mobile port is dynamically
assigned to the VLAN with the higher precedence rule. Refer to “Understanding VLAN Rule Prece-
dence” on page 12-8 for more information.
• It is possible to define multiple rules for the same VLAN, as long as each rule is different. If mobile
port traffic matches only one of the rules, the port and traffic are dynamically assigned to that VLAN.
• There is no limit to the number of rules defined for a single VLAN and up to 8129 rules are allowed
per switch.
• It is possible to create a protocol rule based on Ether type, SNAP type, or DSAP/SSAP values.
However, using predefined rules (such as MAC address, network address, and generic protocol rules) is
recommended to ensure accurate results when capturing mobile port traffic.
9. MAC Address Frames contain a matching source
MAC address.
Frame source is assigned to the
rule’s VLAN.
10. MAC Range Frame contains a source MAC
address that falls within a specified
range of MAC addresses.
Frame source is assigned to the
rule’s VLAN.
11. Network Address
(See note below regarding IP Net-
work Address and Port-Protocol
Binding rule precedence.)
Frame contains a matching IP sub-
net address, or
Frame contains a matching IPX
network address.
Frame source is assigned to the
rule’s VLAN.
Frame source is assigned to the
rule’s VLAN.
12. Protocol Frame contains a matching proto-
col type.
Frame source is assigned to the
rule’s VLAN.
13. Default Frame does not match any rules. Frame source is assigned to
mobile port’s default VLAN.
Precedence Step/Rule Type Condition Result
To Next Page
Loading...
