© Copyright IBM Corp. 2011 Chapter 14. VMready 173
VLAN Maps
A VLAN map (VMAP) is a type of Access Control List (ACL) that is applied to a
VLAN or VM group rather than to a switch port as with regular ACLs (see “Access
Control Lists” on page 79). In a virtualized environment, VMAPs allow you to create
traffic filtering and metering policies that are associated with a VM group VLAN,
allowing filters to follow VMs as they migrate between hypervisors.
N/OS 6.8 supports up to 128 VMAPs. Individual VMAP filters are configured in the
same fashion as regular ACLs, except that VLANs cannot be specified as a filtering
criteria (unnecessary, since VMAPs are assigned to a specific VLAN or associated
with a VM group VLAN).
VMAPs are configured using the following ISCLI configuration command path:
Once a VMAP filter is created, it can be assigned or removed using the following
commands:
•
For regular VLANs, use config-vlan mode:
•
For a VM group, use the global configuration mode:
Note: Each VMAP can be assigned to only one VLAN or VM group. However, each
VLAN or VM group may have multiple VMAPs assigned to it.
The optional
serverports
or
non-serverports
parameter can be specified to
apply the action (to add or remove the VMAP) for either the switch server ports
(
serverports
) or switch uplink ports (
non-serverports
). If omitted, the
operation will be applied to all ports in the associated VLAN or VM group.
Note: VMAPs have a lower priority than port-based ACLs. If both an ACL and a
VMAP match a particular packet, both filter actions will be applied as long as
there is no conflict. In the event of a conflict, the port ACL will take priority,
though switch statistics will count matches for both the ACL and VMAP.
RS G8000(config)# access-control vmap <VMAP ID> ?
action Set filter action
egress-port Set to filter for packets egressing this port
ethernet Ethernet header options
ipv4 IP version 4 header options
meter ACL metering configuration
packet-format Set to filter specific packet format types
re-mark ACL re-mark configuration
statistics Enable access control list statistics
tcp-udp TCP and UDP filtering options
RS G8000(config)# vlan <VLAN ID>
RS G8000(config-vlan)# [no] vmap <VMAP ID> [serverports|
non-serverports]
RS G8000(config)# [no] virt vmgroup <ID> vmap <VMAP ID>
[serverports|non-serverports]
To Next Page
Loading...
Need help?
General
