protocol based vlans

  • 0
  • 1
  • Question
  • Updated 4 years ago
  • Answered
Create Date: Apr 5 2012 5:57AM

Hello,

I want to change our vlans to protocol based vlans ipv4 (etype 0x0800, 0x0806). Till now we match all unfiltered protocols. At first i tried to list all configured vlans on the switch. This is my way to get the output of all configured Vlans.

set var CLI.OUT " "
show vlan
set var list1 $TCL(list ${CLI.OUT})
show var list1

In the 2nd step I want to bind every listed vlan to the protocol ipv4 (conf vlan protocol ip). But how can I do that? Do you have an idea, how can I make this by scripting?

Thanks for your help.

M

(from matthias_mager)
Photo of EtherNation User

EtherNation User, Official Rep

  • 20,340 Points 20k badge 2x thumb

Posted 4 years ago

  • 0
  • 1
Photo of EtherNation User

EtherNation User, Official Rep

  • 20,340 Points 20k badge 2x thumb
Create Date: Apr 6 2012 2:14AM

I don't know why i worked more than an hour on this. But here is the whole script for you...This was tested in 12.6.2 and works as expected. It has some regex and searchs which are based on the output of show vlan. If your output of show vlan does not match the one in 12.6.2. This won't work.

If you want me to change the script based on your output i can help you with that but for that I would require the output of show vlan which I am sure you would be reluctant to reveal. Enough of talking here is the script

###################################################################################

set var CLI.OUT " "

show vlan
set var input $TCL(split ${CLI.OUT} "\n")
set var v3 $TCL(lsearch -regexp $input "Total number of VLAN*")
set var y2 $TCL(lindex $input $v3)
set var y3 $TCL(lindex $y2 5)

set var y4 $TCL(expr $y3 +1)

set var count 1

while ($count < $y4 ) do

set var y5 $TCL(expr $count +4)
set var y6 $TCL(lindex $input $y5)
set var y7 $TCL(lindex $y6 0)
set var count ($count + 1)
conf vlan $y7 protocol ip
# show var y7

endwhile

#####################################################################################################################

Let me know if that works for you.

Thanks,
Arpit


(from Arpit_Bhatt)
Photo of EtherNation User

EtherNation User, Official Rep

  • 20,340 Points 20k badge 2x thumb
Create Date: Apr 6 2012 2:19AM

Works like a charm on 12.3.3.6 as well. So it should work for any version from 12.3-12.6

(from Arpit_Bhatt)
Photo of EtherNation User

EtherNation User, Official Rep

  • 20,340 Points 20k badge 2x thumb
Create Date: Apr 10 2012 1:35AM

Hi Arpit,

great, it ́s working. My testswitch runs with EXOS Version 12.6.1.3. All configured vlans were changed from "any" to "ipv4" vlans. Only the vlan Mgmt could not changed (--> Error: Cannot configure VLAN Mgmt). I think this is a system internal issue....

Till now we match all unfiltered protocols ("protocol any"). I want to change our vlans to protocol based vlans ipv4 (etype 0x0800, 0x0806) because of security problems with ethertype 0x86dd _ ipv6.
Up to now, unfortunately, I have not dealt a lot with scripting. so i need certain some time to understand each line of the script....

With the scripting function in Ridgline, it is a very big simplification to change the vlan configuration of all switches.

Thanks a lot.

Matthias

(from matthias_mager)
Photo of EtherNation User

EtherNation User, Official Rep

  • 20,340 Points 20k badge 2x thumb
Create Date: Apr 10 2012 8:02AM

Hey Matthias

On a side not just remember that when you set the protocol as IP any other protocol is denied including ELRP or STP as those are not IP packets.

Just remember this if you are doing loop recovery.

P

(from Paul_Russo)
Photo of EtherNation User

EtherNation User, Official Rep

  • 20,340 Points 20k badge 2x thumb
Create Date: Apr 10 2012 10:30AM

ELRP is a very useful tool and be aware that you won't be able to use it...I would rather create an ACL to block the ethertype than creating an ipv4 VLAN

(from Arpit_Bhatt)
Photo of EtherNation User

EtherNation User, Official Rep

  • 20,340 Points 20k badge 2x thumb
Create Date: Apr 12 2012 2:21AM

Hi Prusso,

thanks for your tip. I don ́t use STP, but ELRP. -->

configure protocol IP add snap 0x00bb

Is that ok?

M

(from matthias_mager)
Photo of EtherNation User

EtherNation User, Official Rep

  • 20,340 Points 20k badge 2x thumb
Create Date: Apr 12 2012 6:24AM

Adding it to protocol IP or creating a new protocol with IP and ELRP/EDP should work fine. Check the snap type though I thought it was 0xaa which should cover EDP and ELRP.


Thanks
P

(from Paul_Russo)

This conversation is no longer open for comments or replies.