Configuring Access Guardian Configuring Port-Based Network Access Control
OmniSwitch AOS Release 8 Network Configuration Guide December 2017 page 28-59
• Removing a service mapping configuration requires deleting the entire profile from the switch
configuration (no unp profile profile_name).
• The VLAN tag value indicates whether the VLAN tag information from the classified packets is used
to assign the traffic to a SAP or if specific single or double-tagged values are used to assign the traffic
to a SAP. Specify one of the following VLAN tag values for the profile:
• If classified traffic is untagged, then zero is used for the SAP encapsulation value (for example, 1/2:0).
• The BVLAN associated with an SPB service profile mapping must already exist in the switch
configuration.
• If the VLAN tag value of the classified traffic does not match the tag value specified in the profile,
UNP will check to see if the trust VLAN tag option is enabled for the UNP access port. If so, a SAP is
assigned using the VLAN tag values of the traffic. If not, the traffic is learned as filtering on the UNP
port.
• The default setting for the SPB multicast mode is the head-end mode.
– When the head-end multicast mode is used, a non-unicast packet received on an SPB access port is
replicated once for each receiver in the provider backbone bridge (PBB) network using its unicast
base MAC (BMAC) address.
– When the tandem multicast mode is used, a non-unicast packet received on an SPB access port is
replicated once at each node using the multicast group address.
• The default setting for the VXLAN multicast mode is the hybrid mode.
– When the tandem mode is used, PIM multicast routing is required to discover the neighbor nodes
and assign membership to VTEP nodes that desire to be in the same multicast group. This requires
the manual configuration of a multicast SDP object to tunnel traffic to the other VTEP nodes that
belong to the same multicast group.
– When the head-end mode is used, unicast SDP objects are also manually configured to tunnel traffic
to the far-end nodes. In this case, however, PIM multicast routing is not required. Any broadcast,
unknown unicast, and multicast (BUM) traffic is replicated and one copy is sent to each VTEP node
as specified by the unicast SDP object.
– When the hybrid mode is used, traffic is tunneled from the service instance to both a group of
VTEPs that belong to the same multicast group address and to the VTEP nodes that are not
associated with the same multicast group address.
0 (zero) The VLAN tag of the packet is used to determine the SAP
encapsulation value. For example, a SAP with an encapsulation
value set to 1/12:5 is created when classified traffic received on
UNP access port 1/12 is single-tagged with VLAN ID 5.
Setting the profile tag value to zero has the same result as enabling
trust VLAN tag for a UNP access port.
Outer VLAN tag The outer VLAN tag value to use for the SAP encapsulation value.
Inner and outer VLAN tags The inner and outer VLAN tag values to use for the SAP
encapsulation value.
To Next Page
Loading...
