ExtremeSwitching (Other)

Expand all | Collapse all

Policy issues: Port PVID on CLI does not reflect "contain to VLAN" / what is default traffic action when containing to vlan?

  • 1.  Policy issues: Port PVID on CLI does not reflect "contain to VLAN" / what is default traffic action when containing to vlan?

    Posted 10-02-2014 17:21
    Hi,
    Currently experimenting on C3 06.61.12.0005

    First

    Using this policy and applying it to a port:

    *********************************************
    ->show policy profile 3
    Profile Index : 3
    Profile Name : Test
    Row Status : active
    Port VID Status : Enable
    Port VID Override : 110
    CoS : 0
    CoS Status : Disable
    Egress Vlans : none
    Forbidden Vlans : none
    Untagged Vlans : 110
    Rule Precedence : 1-31
    :MACSource(1),MACDest(2),IPSource(12),
    :IPDest(13),UDPSrcPort(15),UDPDestPort(16),
    :TCPSrcPort(17),TCPDestPort(18),ICMPType(19),
    :IPTOS(21),IPProto(22),Ether(25),
    :VLANTag(27)
    Admin Profile Usage : none
    Oper Profile Usage : none
    Dynamic Profile Usage : ge.1.17
    *********************************************

    Looking at the port the ingress VLAN still seems to be 1, however it really must be 110 because the traffic is flowing alright. Why doesn't the CLI show the reality?

    *********************************************
    ->show vlan portinfo port ge.1.17
    Port VLAN Ingress Egress
    Filter Vlan
    -----------------------------------------------------------------
    ge.1.17 1 Y untagged: 1,110
    *********************************************

    Other question:

    When setting a "contain to vlan" policy, it seems that the default traffic type will then be "allow". However I want to contain to vlan and be able to make classifications.... In any case I don't find an easy "drop all" rule to put there manually. Where am I thinking wrong?

    Thanks for any advice.


  • 2.  RE: Policy issues: Port PVID on CLI does not reflect "contain to VLAN" / what is default traffic action when containing to vlan?

    Posted 10-08-2014 18:11
    The Port VID Override (=110) will, as applicable, override the Port VLAN (=1). So if I understand your question correctly, the CLI is indeed showing the reality. It's just that it is necessary to look in more than one place in order to develop an understanding of how traffic will behave in a variety of circumstances. Note that the Port VLAN value may well apply to a certain amount of traffic, because that traffic for whatever reason does not invoke Policy Profile 3.

    As to your second question, I believe it would be helpful to see the Profile and underlying Rules that have been set up for the "contan to vlan" role you are discussing. Policy is very flexible and there are typically multiple ways to accomplish any given effect.

    Thank you.