This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Policy issues: Port PVID on CLI does not reflect "contain to VLAN" / what is default traffic action when containing to vlan?

Policy issues: Port PVID on CLI does not reflect "contain to VLAN" / what is default traffic action when containing to vlan?

jeronimo
Contributor III

‎10-02-2014 05:21 PM

Hi,
Currently experimenting on C3 06.61.12.0005

First

Using this policy and applying it to a port:

*********************************************
->show policy profile 3
Profile Index : 3
Profile Name : Test
Row Status : active
Port VID Status : Enable
Port VID Override : 110
CoS : 0
CoS Status : Disable
Egress Vlans : none
Forbidden Vlans : none
Untagged Vlans : 110
Rule Precedence : 1-31
:MACSource(1),MACDest(2),IPSource(12),
:IPDest(13),UDPSrcPort(15),UDPDestPort(16),
:TCPSrcPort(17),TCPDestPort(18),ICMPType(19),
:IPTOS(21),IPProto(22),Ether(25),
:VLANTag(27)
Admin Profile Usage : none
Oper Profile Usage : none
Dynamic Profile Usage : ge.1.17
*********************************************

Looking at the port the ingress VLAN still seems to be 1, however it really must be 110 because the traffic is flowing alright. Why doesn't the CLI show the reality?

*********************************************
->show vlan portinfo port ge.1.17
Port VLAN Ingress Egress
Filter Vlan
-----------------------------------------------------------------
ge.1.17 1 Y untagged: 1,110
*********************************************

Other question:

When setting a "contain to vlan" policy, it seems that the default traffic type will then be "allow". However I want to contain to vlan and be able to make classifications.... In any case I don't find an easy "drop all" rule to put there manually. Where am I thinking wrong?

Thanks for any advice.
0 Kudos
1 REPLY 1

Paul_Poyant
New Contributor III

‎10-08-2014 06:11 PM

The Port VID Override (=110) will, as applicable, override the Port VLAN (=1). So if I understand your question correctly, the CLI is indeed showing the reality. It's just that it is necessary to look in more than one place in order to develop an understanding of how traffic will behave in a variety of circumstances. Note that the Port VLAN value may well apply to a certain amount of traffic, because that traffic for whatever reason does not invoke Policy Profile 3.

As to your second question, I believe it would be helpful to see the Profile and underlying Rules that have been set up for the "contan to vlan" role you are discussing. Policy is very flexible and there are typically multiple ways to accomplish any given effect.

Thank you.
0 Kudos
GTM-P2G8KFN