88 RackSwitch G8000: Application Guide
VLAN Maps
A VLAN map (VMap) is an ACL that can be assigned to a VLAN or VM group rather
than to a switch port as with IPv4 ACLs. This is particularly useful in a virtualized
environment where traffic filtering and metering policies must follow virtual
machines (VMs) as they migrate between hypervisors.
The G8000 supports up to 128 VMaps.
Individual VMap filters are configured in the same fashion as IPv4 ACLs, except that
VLANs cannot be specified as a filtering criteria (unnecessary, since the VMap are
assigned to a specific VLAN or associated with a VM group VLAN).
VMaps are configured using the following ISCLI configuration command path:
Once a VMap filter is created, it can be assigned or removed using the following
configuration commands:
•
For a IPv4 VLAN, use config-vlan mode:
•
For a VM group (see “VM Group Types” on page 166), use the global
configuration mode:
Note: Each VMap can be assigned to only one VLAN or VM group. However, each
VLAN or VM group may have multiple VMaps assigned to it.
When the optional
serverports
or
non-serverports
parameter is specified,
the action to add or remove the VMap is applied for either the switch server ports
(
serverports
) or uplink ports (
non-serverports
). If omitted, the operation will
be applied to all ports in the associated VLAN or VM group.
RS G8000(config)# access-control vmap <VMap ID> ?
action Set filter action
egress-port Set to filter for packets egressing this port
ethernet Ethernet header options
ipv4 IP version 4 header options
meter ACL metering configuration
packet-format Set to filter specific packet format types
re-mark ACL re-mark configuration
statistics Enable access control list statistics
tcp-udp TCP and UDP filtering options
RS G8000(config)# vlan <VLAN ID>
RS G8000(config-vlan)# [no] vmap <VMap ID> [serverports|
non-serverports]
RS G8000(config)# [no] virt vmgroup <ID> vmap <VMap ID>
[serverports|non-serverports]
To Next Page
Loading...
Need help?
General
