User`s guide
108 XgOS User’s Guide • September 2014
Setting Allowed VLANs Per vNIC
With the Allowed VLANs feature, you can specify a list of VLANs that are allowed
to pass over any trunk vNICs. (Access mode vNICs cannot receive the Allowed
VLANs setting.) With this feature, the Network Cloud has a set of ranges of VLAN
IDs that are allowed, and only traffic that is in the specified VLAN range is allowed
to pass over trunk vNICs connected to the Network Cloud. By default, this option is
set to allow all VLANs (1-4095) on the Network Cloud. Allowed VLANs are
configured per network, so the server will receive the associated VLAN traffic when
one or more vNICs terminated in a Network Cloud are deployed to any number of
servers.
Consider an environment where virtualized servers are hosting many VMs. Different
VMs must use different VLANs all running across a shared pair of vNICs, so
limiting the range of VLANs is important because you will want to allow each vNIC
to pass traffic for only very specific VLAN(s). Limiting the VLANs for a specific
vNIC prevents the owners of the VMs from changing their own VLAN to another
VLAN that has not been “allowed” and, in turn, accessing other data. So, the
primary use case is where you want a Xsigo vNIC deployed to a hypervisor as a
Trunk Mode vNIC. Then, you would define which vLANs are “allowed” to pass
across that vNIC, thus isolating the VLAN traffic for the appropriate VM(s) only.
The Allowed VLAN range configured for the vNIC follows the vNIC. If you move or
re-terminate the vNIC on a different server, the VLAN range will remain configured
for the vNIC as long as the vNIC is connected to the Network Cloud.
Use the set vnic add allowed-vlan command to control which VLANs are
allowed to pass over vNICs.
Command Syntax
enables qas-
-----------------------------------------------------------------
1 record displayed
set vnic <vnic-name> remove allowed-vlans <VLAN-range>
set vnic <vnic-name> add allowed-vlans <VLAN-range>
show vnic <vnic-name> -detail