Alcatel-Lucent 6850-48 Guida Di Rete
VLAN Rules Overview
Defining VLAN Rules
page 8-8
OmniSwitch AOS Release 6 Network Configuration Guide
September 2009
Understanding VLAN Rule Precedence
In addition to configurable VLAN rule types, there are two internal rule types for processing mobile port
frames. One is referred to as frame type and is used to identify Dynamic Host Configuration Protocol
(DHCP) frames. The second internal rule is referred to as default and identifies frames that do not match
any VLAN rules.
frames. One is referred to as frame type and is used to identify Dynamic Host Configuration Protocol
(DHCP) frames. The second internal rule is referred to as default and identifies frames that do not match
any VLAN rules.
Note. Another type of mobile traffic classification, referred to as VLAN mobile tagging, takes precedence
over all VLAN rules. If a mobile port receives an 802.1Q packet that contains a VLAN ID tag that
matches a VLAN that has mobile tagging enabled, the port and its traffic are assigned to this VLAN, even
if the traffic matches a rule defined on any other VLAN. See
over all VLAN rules. If a mobile port receives an 802.1Q packet that contains a VLAN ID tag that
matches a VLAN that has mobile tagging enabled, the port and its traffic are assigned to this VLAN, even
if the traffic matches a rule defined on any other VLAN. See
more information about VLAN mobile tag classification.
The VLAN rule precedence table on
provides a list of all VLAN rules, including the two internal
rules mentioned above, in the order of precedence that switch software applies to classify mobile port
frames. The first column lists the rule type names, the second and third columns describe how the switch
handles frames that match or don’t match rule criteria. The higher the rule is in the list, the higher its level
of precedence.
frames. The first column lists the rule type names, the second and third columns describe how the switch
handles frames that match or don’t match rule criteria. The higher the rule is in the list, the higher its level
of precedence.
When a frame is received on a mobile port, switch software starts with rule one in the rule precedence
table and progresses down the list until there is a successful match between rule criteria and frame
contents. The exception to this is if there is a binding rule violation. In this case, the frame is blocked and
its source port is not assigned to the rule’s VLAN.
table and progresses down the list until there is a successful match between rule criteria and frame
contents. The exception to this is if there is a binding rule violation. In this case, the frame is blocked and
its source port is not assigned to the rule’s VLAN.
Each binding rule type contains multiple parameters that are used to determine if a mobile port frame qual-
ifies for assignment to the binding rule VLAN, violates one of the binding rule parameter values, or is
simply allowed on the port but not assigned to the binding rule VLAN. For example, as indicated in the
rule precedence table, a mobile port frame is compared to binding MAC-port rule criteria and processed as
follows:
ifies for assignment to the binding rule VLAN, violates one of the binding rule parameter values, or is
simply allowed on the port but not assigned to the binding rule VLAN. For example, as indicated in the
rule precedence table, a mobile port frame is compared to binding MAC-port rule criteria and processed as
follows:
• If the frame’s source MAC address matches the rule’s MAC address, then the frame’s port must also
match the rule’s port to qualify for assignment to the rule’s VLAN.
• If the frame’s source MAC matches but the frame’s port does not match, then a violation occurs and
the frame is blocked and the port is not assigned to the rule’s VLAN. There is no further attempt to
match this frame to rules of lower precedence.
match this frame to rules of lower precedence.
• If the frame’s source MAC does not match but the frame’s port does match, the frame is allowed but
the port is not assigned to the rule’s VLAN. The frame is then compared to other rules of lower prece-
dence in the table or carried on the mobile port’s default VLAN if the frame does not match any other
VLAN rules and the mobile port’s default VLAN is enabled.
dence in the table or carried on the mobile port’s default VLAN if the frame does not match any other
VLAN rules and the mobile port’s default VLAN is enabled.
In the above example, the MAC address parameter defines a critical match value for the binding rule. The
port parameter defines a non-critical match value for the binding rule. When a critical match occurs, the
contents of a frame must also match all other parameter values or the frame is dropped. If a non-critical
match occurs, the frame is still processed even if it does not match all other parameters.
port parameter defines a non-critical match value for the binding rule. When a critical match occurs, the
contents of a frame must also match all other parameter values or the frame is dropped. If a non-critical
match occurs, the frame is still processed even if it does not match all other parameters.