With a RAC license you get access to two new commands:
ip lac rfp enable|disable
Detect and stops packets that have not a valid IP source address in any subnet that can be reached on the
incoming interface.
ip lac srceqdest enable|disable
Detects and stops packets to the Return Link with src IP = dest IP.
18.5 VLAN Extension (802.1Q)
IEEE Std 802.1Q defines an Ethernet frame format that can be used to separate virtual VLANs over a
shared physical Ethernet link. When the VSAT is licensed to support virtual LAN (VLAN) trunking, it is
capable of keeping the traffic for different VLANs separated over the satellite link, too. The VSAT can
then carry the traffic for multiple VLANs and allow you to extend the VLANs across the SatLink
network.
By default, the Ethernet interface does not operate in the VLAN trunk mode (802.1Q). The interface must
explicitly be configured to establish a VLAN interface for each applicable VLAN ID and will then
implicitly be set to operate in the VLAN trunk mode (802.1Q). Traffic from VLANs without an
established VLAN interface will be silently discarded by the VSAT, as all traffic in VLAN trunk mode
has to flow through the VLAN interfaces. Make sure that the Ethernet interfaces connected to the VSAT
also operate in VLAN trunk mode (802.1Q) and provide the correct VLAN tag values.
The DHCP server is disabled when the Ethernet interface operates in VLAN trunk mode. The hosts on
each VLAN must either get their IP addresses through manual configuration or there must be another
device on each VLAN that acts as a DHCP server.
By default, all traffic from established VLAN interfaces is mapped to the common satellite channel. By
explicit configuration, each established VLAN can be tied to a GRE tunnel. Then, the specific VLAN
traffic that matches the GRE subnet of the associated GRE tunnel will flow into this GRE tunnel; other
traffic from the VLAN will be routed to the appropriate interface, which may be the DVB interface or an
unblocked VLAN interface. Traffic that comes out of the GRE tunnel gets the associated VLAN tag at
submission to the LAN. Only packets with a destination that matches the subnet of the VLAN interface
will be forwarded; traffic to other destinations is silently discarded. Thus the subnet at the remote GRE
tunnel endpoint should not exceed the subnet of the VLAN interface.
It is assumed that the tunnel destination of each GRE tunnel terminates in a device that is configured to
map to the same VLAN as the local end, as required. Note that the SatLink network is an IP network and
not an Ethernet MAC bridge and thus the VLAN tag will not be carried through the SatLink network, but
must be regenerated locally at the GRE egress point, if required.
Let‘s say that operator wants to connect VLAN and VLAN over the same SatLink VSAT, connecting to
two routers with addresses 10.20.1.1 and 10.20.1.2.
First, establish a local VLAN interface for each of the applicable VLANs:
# eth vlan 15
# eth vlan 16
By default, inter-VLAN communication is blocked. Alternatively, each of the VLANs can explicitly be
allowed local inter VLAN communications through the SatLink VSAT as the local VLAN interface is
To Next Page
Loading...