at8000 s configurando vlan avancado
DESCRIPTION
TRANSCRIPT
Marvell Confidential
VLAN Advanced Features
AT - 8000S
Marvell Confidential
Agenda
• Advanced VLAN classification– MAC based VLAN
• Private VLAN Edge
Marvell Confidential
Advanced VLAN Classification
• In Legacy VLAN implementation an untagged packet is classified according to the PVID configured on the port.
• The device implements an additional advance method of untagged packet classification– MAC based VLAN
Marvell Confidential
Packet Classification Flowchart
Is Packet Tagged?
Frame classified according to VLAN tag
Is MAC mapped to VLAN?
Frame classified according to MAC Group to VLAN
mapping
Yes
No
PVID based classification
Marvell Confidential
MAC Based VLANs
• A classification that enables to classify packets to different VLANs based on the packet’s source MAC address.
• This feature is usually used for – VLAN segregation based on device type– Roaming
• Classification can be based on specific MAC address or MAC address prefix
Marvell Confidential
MAC Based VLANs – User Control
• Map MAC addresses and prefixes of MAC addresses to a certain “Group-of-MACs”
• On a specific interface – map a certain Group-of-MACs to a VID. – Can be applied only on general VLAN mode interfaces
• If an untagged packet matches one of the Group-of-MACs defined on the interface, the VID is assigned according.
• Defined rules can’t contain overlapping ranges on the same interface.
Marvell Confidential
MAC Based VLANs – CLI
• Use the following VLAN configuration command to map a MAC address or range of MAC addresses to a group of MAC addresses:
map mac mac-address {prefix-mask | host} macs-group group
• Use the no form of this command to delete the map:
no map mac mac-address {prefix-mask | host}
Marvell Confidential
MAC Based VLANs – CLI
• Use the following Interface configuration command to set a mac-based classification rule:
switchport general map macs-group group vlan vlan-id
• Use the no form of this command to delete the classification:
no switchport general map macs-group group
Marvell Confidential
MAC Based VLANs – CLI
• Use the following EXEC command to show macs-groups information :
show vlan macs-groups
Marvell Confidential
Private VLAN Edge• The device supports private VLAN edge feature
• A port can be defined as a protected port.
• Traffic received on this port will be forwarded only to the specific uplink port defined in the command.
• Only a Gigabit ports can be designated as an uplink port
• Protected port applies VLAN ingress filtering rules
• Uplink port does not apply VLAN egress filtering on traffic received from protected VLAN
Marvell Confidential
Private VLAN Edge
• Traffic tagging by uplink port:– VID exists on uplink port – regular VLAN egress tagging rules. – VID does not exist on uplink port – traffic is forwarded
untagged
• Protected port and uplink port can be in any VLAN mode
• IP address cannot be defined on this protected port
Marvell Confidential
PVE - CLI• Use the following Interface Mode command to define a
protected portswitchport protected ethernet port
Note: Uplink port must be a GE port
• Use the “no” form of command to disable protection:no switchport protected
console(config)# interface ethernet 1/e1console(config-if)# switchport protected ethernet 1/g2console(config-if)#
Marvell Confidential
Private VLAN Edge - Exampleconsole# show interfaces switchport ethernet 1/e1Port : 1/e1Port Mode: AccessGvrp Status: disabledIngress Filtering: trueAcceptable Frame Type: admitAllIngress UnTagged VLAN ( NATIVE ): 1Protected: Enabled, Uplink is 1/g2
Port is member in:
Vlan Name Egress rule Port Membership Type---- -------------------------------- ----------- --------------------1 1 Untagged System
Marvell Confidential