Defining VLAN Rules Configuring VLAN Rule Definitions
OmniSwitch 6600 Family Network Configuration Guide April 2006 page 8-11
Configuring VLAN Rule Definitions
Consider the following when configuring rules for a VLAN:
• The VLAN must already exist. Use the vlan command to create a new VLAN or the show vlan
command to verify a VLAN is already configured. Refer to Chapter 4, “Configuring VLANs,” for
more information.
• Which type of rule to define; DHCP, binding, MAC address, protocol, network address, custom, or
port. Refer to “VLAN Rule Types” on page 8-4 for a summary of rule type definitions.
• What is the rule’s precedence compared to other rules defined for other VLANs. If mobile port traffic
matches rules defined for more than one VLAN, the mobile port is dynamically assigned to the VLAN
with the higher precedence rule. Refer to “Understanding VLAN Rule Precedence” on page 8-8 for
more information.
• It is possible to define multiple rules for the same VLAN, as long as each rule is different. If mobile
port traffic matches only one of the rules, the port and traffic are dynamically assigned to that VLAN.
• There is no limit to the number of rules defined for a single VLAN and up to 8,129 of each rule type is
allowed per switch.
• It is possible to create a custom rule or protocol rules based on Ether type, SNAP type, or DSAP/SSAP
values. It is recommended, however, to use predefined rules (such as MAC address, network address,
and generic protocol rules) whenever possible to ensure accurate results when capturing mobile port
traffic.
• When a VLAN is administratively disabled, static port and dynamic mobile port assignments are
retained but traffic on these ports is not forwarded. However, VLAN rules remain active and continue
to classify mobile port traffic for VLAN membership.
• When a VLAN is deleted from the switch configuration, all rules defined for that VLAN are automati-
cally removed and any static or dynamic port assignments are dropped.
• It is possible to define MAC-port-IP, MAC-port-protocol, MAC-port, and port-IP binding rules for
Authenticated VLANs (AVLANs). However, these rules are not active until the avlan port-bound
command is issued for the AVLAN. Note that these rules only apply to traffic received on authenti-
cated ports. See Chapter 21, “Configuring Authenticated VLANs,” for more information.
14. Network Address Frame contains a matching IP sub-
net address, or
Frame contains a matching IPX
network address.
Frame source is assigned to the
rule’s VLAN.
Frame source is assigned to the
rule’s VLAN.
15. Protocol Frame contains a matching proto-
col type.
Frame source is assigned to the
rule’s VLAN.
16. Custom (User Defined) Frames contain data that matches
customized rule criteria.
Frame source is assigned to the
rule’s VLAN.
17. Default Frame does not match any rules. Frame source is assigned to
mobile port’s default VLAN.
Precedence Step/Rule Type Condition Result