Alcatel-Lucent 6850-48 Guida Di Rete
VLAN Rules Overview
Defining VLAN Rules
page 8-6
OmniSwitch AOS Release 6 Network Configuration Guide
September 2009
Binding Rules
Binding rules restrict VLAN assignment to specific devices by requiring that device traffic match all crite-
ria specified in the rule. As a result, a separate binding rule is required for each device. An unlimited
number of such rules, however, is allowed per VLAN and up to 8129 of each rule type is allowed per
switch. Although DHCP traffic is examined and processed first by switch software, binding rules take
precedence over all other rules.
ria specified in the rule. As a result, a separate binding rule is required for each device. An unlimited
number of such rules, however, is allowed per VLAN and up to 8129 of each rule type is allowed per
switch. Although DHCP traffic is examined and processed first by switch software, binding rules take
precedence over all other rules.
The following binding rule types are available. The rule type name indicates the criteria the rule uses to
determine if device traffic qualifies for VLAN assignment. For example, the MAC-Port-IP address bind-
ing rule requires a matching source MAC and IP address in frames received from a device connected to
the port specified in the rule.
determine if device traffic qualifies for VLAN assignment. For example, the MAC-Port-IP address bind-
ing rule requires a matching source MAC and IP address in frames received from a device connected to
the port specified in the rule.
• MAC-port-IP Address
• MAC-port
• port-protocol
Note that MAC-port-IP and MAC-port binding rules are also supported on Authenticated VLANs
(AVLANs). See
(AVLANs). See
for more information.
MAC Address Rules
MAC
address rules determine VLAN assignment based on a device’s source MAC address. This is the
simplest type of rule and provides the maximum degree of control and security. Members of the VLAN
will consist of devices with specific MAC addresses. In addition, once a device joins a MAC address rule
VLAN, it is not eligible to join multiple VLANs even if device traffic matches other VLAN rules.
will consist of devices with specific MAC addresses. In addition, once a device joins a MAC address rule
VLAN, it is not eligible to join multiple VLANs even if device traffic matches other VLAN rules.
MAC address rules also capture DHCP traffic, if no other DHCP rule exists that would classify the DHCP
traffic into another VLAN. Therefore, it is not necessary to combine DHCP rules with MAC address rules
for the same VLAN.
traffic into another VLAN. Therefore, it is not necessary to combine DHCP rules with MAC address rules
for the same VLAN.
Network Address Rules
There are two types of network address rules: IP and IPX. An IP network address rule determines VLAN
mobile port assignment based on a device’s source IP address. An IPX network address rule determines
VLAN mobile port assignment based on a device’s IPX network and encapsulation.
mobile port assignment based on a device’s source IP address. An IPX network address rule determines
VLAN mobile port assignment based on a device’s IPX network and encapsulation.
Protocol Rules
Protocol rules determine VLAN assignment based on the protocol a device uses to communicate. When
defining this type of rule, there are several generic protocol values to select from: IP, IPX, AppleTalk, or
DECNet. If none of these are sufficient, it is possible to specify an Ethernet type, Destination and Source
Service Access Protocol (DSAP/SSAP) header values, or a Sub-network Access Protocol (SNAP) type.
defining this type of rule, there are several generic protocol values to select from: IP, IPX, AppleTalk, or
DECNet. If none of these are sufficient, it is possible to specify an Ethernet type, Destination and Source
Service Access Protocol (DSAP/SSAP) header values, or a Sub-network Access Protocol (SNAP) type.
Note that specifying a SNAP protocol type restricts classification of mobile port traffic to the ethertype
value found in the IEEE 802.2 SNAP LLC frame header.
value found in the IEEE 802.2 SNAP LLC frame header.
IP protocol rules also capture DHCP traffic, if no other DHCP rule exists that would classify the DHCP
traffic into another VLAN. Therefore, it is not necessary to combine DHCP rules with IP protocol rules for
the same VLAN.
traffic into another VLAN. Therefore, it is not necessary to combine DHCP rules with IP protocol rules for
the same VLAN.