Configuring VLANs
Fixed Switch Configuration Guide 9-13
Configuring Protocol-Based VLAN Classification
Protocol-based VLANs can be configured using the policy classification CLI commands, as shown
in this section, or by using NetSight Policy Manager.
Procedure 9-4 describes how to define protocol-based frame filtering policies to assign frames to
particular VLANs. Refer to Chapter 16, Configuring Policy for more information.
Example Configuration
This example configures a policy that ensures that IP traffic received on the specified ingress ports
will be mapped to VLAN 2, while all other types of traffic will be mapped to VLAN 3.
1. Two VLANs are created: VLAN 2 and VLAN 3.
4. Optionally, set the GARP join, leave, and
leaveall timer values. Each timer value is in
centiseconds.
set garp timer {[join timer-value]
[leave timer-value]
[leaveall timer-value]} port-string
Caution: The setting of GARP timers is critical and should only be changed by personnel familiar
with 802.1Q standards.
Procedure 9-3 Dynamic VLAN Configuration (continued)
Step Task Command(s)
Procedure 9-4 Configuring Protocol-Based VLAN Classification
Step Task Command(s)
1. Create the VLANs to which frames will be
assigned by the policy. Valid values are 2–4094.
set vlan create vlan-id
2. Configure VLAN egress, which determines
which ports a frame belonging to the VLAN may
be forwarded out on.
The default setting, tagged, allows the port to
transmit frames for a particular VLAN.
set vlan egress vlan-id port-string
[forbidden | tagged | untagged]
3. Disable ingress filtering on the ingress ports on
which the policy will be applied. Disabled is the
default ingress filtering setting.
set port ingress-filter port-string
disable
4. Create the policy profile that enables PVID
override. This function allows a policy rule
classifying a frame to a VLAN to override PVID
assignment configured with the set port vlan
command.
When none of its associated classification rules
match, the configuration of the policy profile
itself will determine how frames are handled by
default. In this case, the default VLAN is
specified with the pvid pvid parameter.
set policy profile profile-index
[name name] [pvid-status {enable |
disable}] [pvid pvid]
5. Configure the administrative rules that will
assign the policy profile to all frames received on
the desired ingress ports.
set policy rule admin-profile port
port-string [port-string port-
string] [admin-pid admin-pid]
6. Configure the classification rules that will define
the protocol to filter on and the VLAN ID to which
matching frames will be assigned.
set policy rule profile-index
{protocol data [mask mask]} [
vlan
vlan]
To Next Page
Loading...
Need help?
General