User Guide

ManualsBrandsAlcatel-Lucent ManualsOtherOMNIACCESS SAFEGUARD CONTROLLER

131

132

133

134

135

136

137

138

139

140

OmniAccess SafeGuard OS Administration Guide

131

Chapter 5: Setting Up SafeGuard Switches

Ingress VLAN Classification

A frame can be tagged, untagged or priority-tagged. When a switch receives a frame, it

will first classify the incoming frame to assign the VLAN ID, as described in the

following points:

■ If the frame is 802.1Q tagged, the switch uses the VID in the frame to assign the

VLAN ID.

■ If the frame is untagged or priority-tagged, the switch uses one of four

classifications methods to assign the VLAN ID. Internally, each packet is evaluated

in the following precedence order. The switch uses whichever method matches

first.

— MAC-based VLAN assigns the VLAN ID based on the source MAC address

in the frame using a global MAC-based VLAN association table. The MAC

address is the hardwired address built into the NIC (network interface card)

of the endpoint device. These VLANs offer the capability of defining a VLAN

composed of specific hosts.

The MAC-based VLAN association table is configured globally. Each entry in

the table defines mapping between a MAC-address and an associated VLAN

ID. Any incoming frame with the matching source MAC address is assigned

the associated VLAN ID. The MAC-based association table is built using CLI

commands.

— IP subnet-based classification assigns the VLAN ID based on the source IP

address in the packet using an IP subnet-based VLAN association table. The

IP subnet-based VLAN association table is defined globally. Each entry in the

table defines mapping between the IP subnet address (address/mask) and

associated VLAN ID. Any incoming IP packet with the matching IP source

address is assigned the associated VLAN ID. This type of VLAN permits

multiple subnets on a single interface. IP subnet-based VLANs are typically

used when all of the hosts can belong to the same VLAN.

— Protocol-based classification assigns the VLAN ID based on the type field of

the Ethernet header in the packet. Protocol-based VLANs are configured on a

per-interface basis and use the VID that is mapped from the link-layer

protocol carried in the frame.

— Port-based classification assigns the VLAN ID based on the Port VID (PVID)

configured on the ingress port.LAN membership on assignment to a port or to

a group of ports. If no other classification matches, SafeGuard OS uses port-

based classification as the default classification method.

All frames assigned a VLAN ID for a VLAN that does not exist will be discarded.

NOTE: By default, the PVID of a port is set to 1. The user needs to set the

proper PVID on every port.