VLAN Rules Overview Defining VLAN Rules
page 8-6 OmniSwitch 6600 Family Network Configuration Guide April 2006
Binding Rules
Binding rules restrict VLAN assignment to specific devices by requiring that device traffic match all crite-
ria specified in the rule. As a result, a separate binding rule is required for each device. An unlimited
number of such rules, however, is allowed per VLAN and up to 8,129 of each rule type is allowed per
switch. Although DHCP traffic is examined and processed first by switch software, binding rules take
precedence over all other rules.
The following binding rule types are available. The rule type name indicates the criteria the rule uses to
determine if device traffic qualifies for VLAN assignment. For example, the MAC-Port-IP address bind-
ing rule requires a matching source MAC and IP address in frames received from a device connected to
the port specified in the rule.
• MAC-Port-IP Address
• MAC-Port-Protocol
• MAC-Port
• MAC-IP Address
• Port-IP Address
• Port-Protocol
Note that MAC-port-IP, MAC-port-protocol, MAC-port, and port-IP binding rules are also supported on
Authenticated VLANs (AVLANs). See “Configuring VLAN Rule Definitions” on page 8-11 and
Chapter 21, “Configuring Authenticated VLANs,” for more information.
MAC Address Rules
MAC address rules determine VLAN assignment based on a device’s source MAC address. This is the
simplest type of rule and provides the maximum degree of control and security. Members of the
VLAN
will consist of devices with specific MAC addresses. In addition, once a device joins a MAC address rule
VLAN, it is not eligible to join multiple VLANs even if device traffic matches other VLAN rules.
MAC address rules also capture DHCP traffic, if no other DHCP rule exists that would classify the DHCP
traffic into another VLAN. Therefore, it is not necessary to combine DHCP rules with MAC address rules
for the same VLAN.
Network Address Rules
There are two types of network address rules: IP and IPX. An IP network address rule determines VLAN
mobile port assignment based on a device’s source IP address. An IPX network address rule determines
VLAN mobile port assignment based on a device’s IPX network and encapsulation.
Protocol Rules
Protocol rules determine VLAN assignment based on the protocol a device uses to communicate. When
defining this type of rule, there are several generic protocol values to select from: IP, IPX, AppleTalk, or
DECNet. If none of these are sufficient, it is possible to specify an Ethernet type, Destination and Source
Service Access Protocol (DSAP/SSAP) header values, or a Sub-network Access Protocol (SNAP) type.
Note that specifying a SNAP protocol type restricts classification of mobile port traffic to the ethertype
value found in the IEEE 802.2 SNAP LLC frame header.