Page 1 of 1
Set VLAN on selected traffic
Posted: 23 Jul 2009 05:33
by Spack
Hi all,
I wonder if it is possible to set a VLAN for a selected traffic with a policy condition command.
For example:
Code: Select all
policy condition fromPort1 source port 1/1
policy action vlan 1234
So even if port 1/1 is in VLAN 5678 the policy action command will add a new VLAN 1234 on top of this VLAN.
Re: Set VLAN on selected traffic
Posted: 23 Jul 2009 06:24
by cedric1
hello
02.1X-> policy action vlan ?
^
<cr> 802.1P ALTERNATE DISPOSITION DSCP EGRESS FROM
INGRESS MAP MAXIMUM MINIMUM MIRROR NO NO-CACHE
PERMANENT PORT-DISABLE PRIORITY REDIRECT SHARED TOS
(QoS Command Set)
802.1X-> policy action vlan 1234
^
ERROR: Invalid entry: "1234"
802.1X->
this is not possible.
Vlan is a string could be anaything.
Cedric
Re: Set VLAN on selected traffic
Posted: 23 Jul 2009 08:36
by Spack
Yes "policy action vlan" does not exist... But I mean that I'm looking for a command like that as when you want to set the DSCP, you have "policy action dscp XX" or "policy action 802.1p" for 802.1p...
What I want is to be able to classify my frames and the only way I know to do that is to put them in a VLAN.
Re: Set VLAN on selected traffic
Posted: 23 Jul 2009 10:03
by cedric1
hello
for qos you can classify in this way :
Condition Combinations
The CLI prevents you from configuring invalid condition combinations that are never allowed; however, it
does allow you to create combinations that are supported in some scenarios. For example, you might
configure source ip and a destination ip for the same condition.
The following conditions are supported and may be combined with other conditions and/or actions:
• Layer 1—source port, source port group, destination port, destination port group.
• Layer 2—source MAC, source MAC group, destination MAC, destination MAC group, 802.1p, inner
802.1p, ethertype, source VLAN, inner source VLAN, destination VLAN (multicast policies only).
• Layer 3—IP protocol, source IP, source IPv6, multicast IP, destination IP, destination IPv6, source
network group, destination network group, multicast network group, IPv6 traffic, IPv6 next header
(NH), IPv6 flow label (FL), ToS, DSCP, ICMP type, ICMP code.
• Layer 4—source TCP/UDP port, destination TCP/UDP port, service, service group, TCP flags (ECN
and CWR are only supported on the OmniSwitch 6800).
• IP Multicast—An IP multicast condition is used in IGMP ACLs. The multicast IP is the multicast
group address used in the IGMP report packet.
Re: Set VLAN on selected traffic
Posted: 23 Jul 2009 12:34
by climberboy
Why don't you just use QnQ (CVLAN/SVLAN) tagging? You can't do that through QoS, but it would probably achieve the same thing you're trying to do via QoS. Please UG section for more details.
Re: Set VLAN on selected traffic
Posted: 23 Jul 2009 12:47
by Spack
cedric1 wrote:hello
for qos you can classify in this way :
Condition Combinations
The CLI prevents you from configuring invalid condition combinations that are never allowed; however, it
does allow you to create combinations that are supported in some scenarios. For example, you might
configure source ip and a destination ip for the same condition.
The following conditions are supported and may be combined with other conditions and/or actions:
• Layer 1—source port, source port group, destination port, destination port group.
• Layer 2—source MAC, source MAC group, destination MAC, destination MAC group, 802.1p, inner
802.1p, ethertype, source VLAN, inner source VLAN, destination VLAN (multicast policies only).
• Layer 3—IP protocol, source IP, source IPv6, multicast IP, destination IP, destination IPv6, source
network group, destination network group, multicast network group, IPv6 traffic, IPv6 next header
(NH), IPv6 flow label (FL), ToS, DSCP, ICMP type, ICMP code.
• Layer 4—source TCP/UDP port, destination TCP/UDP port, service, service group, TCP flags (ECN
and CWR are only supported on the OmniSwitch 6800).
• IP Multicast—An IP multicast condition is used in IGMP ACLs. The multicast IP is the multicast
group address used in the IGMP report packet.
Yes I know that but let me explain my idea... Like I said in my
previous topic (thank you for your help
), I'm looking for a solution in order to make network monitoring "easier". I saw that with policy commands, I can classify packets from their source port or whatever:
Code: Select all
policy condition fromPort1 source port 1/1
Code: Select all
policy condition fromPort2 source port 1/2
And I can also mirror them to another port:
Code: Select all
policy action mirror1 ingress egress mirror 1/12
And I can apply a policy rule with that (
not tested):
Code: Select all
policy rule mirrorPort1 condition fromPort1 action mirror1
Code: Select all
policy rule mirrorPort2 condition fromPort2 action mirror1
So what I miss, is a way to differentiate packets from port 1 and form port 2 in order to send them to the correct host which want to monitor them. And in order to do that I can build a parallel network only for the mirrored packets in which I will redistribute each stream with the way I have to differentiate them.
So that is why I first think to apply a VLAN ID by stream and then switch those streams based on these VLAN IDs.
Re: Set VLAN on selected traffic
Posted: 28 Jul 2009 03:58
by climberboy
You need to build two conditions:
1. Src port 1/1 && VLAN ID x
2. Src Port 1/2 && VLAN ID y
You'll need 2 rules to mirror each condition to the detination mirroring port.
Re: Set VLAN on selected traffic
Posted: 28 Jul 2009 06:55
by cedric1
hello
Did you test these policy Rules ? Is it working ?
Cedric
Re: Set VLAN on selected traffic
Posted: 28 Jul 2009 11:20
by Spack
Not exactly because I dont want to match the VLAN ID but I want to put matched packets in the corresponding VLAN.
But it doesn't really matter for now because I'm using another way... I think that it's not really optimal but I just match my frames from MAC address and it works on my tests machines... I'll put that in real condition to see what happen...