Allied Telesis x908, X900-12XT/S manual Matching on inner keywords for nested VLANs

Page 10

Making filters by using QoS class-maps

Matching on “inner” keywords for nested VLANs

The match tpid, match inner-tpid,match inner-vlan, and match inner-cos commands all apply to nested VLAN configuration. In this situation, the packets arriving at the core-facing port can have two VLAN tags configured on them.

zThe match tpid command matches on the first Tag Protocol Identifier field in the packet.

zThe match inner-tpidcommand matches on the TPID in the second 802.1Q tag in the packet.

zThe match inner-vlancommand matches on the tunnelled VLAN ID in the second 802.1Q tag in the packet.

zThe match inner-coscommand matches on the 802.1P field in the second tag in the packet.

The following table shows where in the packet the inner and outer tags will be matched.

 

Outer VLAN parameters

Inner VLAN parameters

 

(normal)

 

 

 

 

Customer port

VLAN

1st tag

 

 

 

Core port

1st tag

2nd tag

 

 

 

Nested VLANs disabled

1st tag

2nd tag

 

 

 

Some important points to keep in mind while configuring the “inner” commands are:

zWhen packets arrive at a customer port of a nested VLAN, the command match vlan will match the VID of the nested VLAN that the port is a member of, which is just how this command normally operates.

zWhen packets arrive at a customer port of a nested VLAN, the “inner” commands will match the attributes of the first tag in the packets. This is because when the packet is forwarded from the core port, that first tag will have become the inner tag. So, from the point of view of the nested VLAN, the tag that is on the packet when it arrives into the customer port is the inner tag.

zWhen nested VLANs are disabled, and “inner” commands have been configured in class- maps, these parameters will be applied as though all packets arriving at the switch were double tagged. In other words, there will be no attempt to make a distinction between “customer” and “core” ports. So, if the packets arriving at the switch are not double tagged, then the “inner” commands will just match on whatever data happens to be in the packets at the position where an inner tag would have been.

Therefore, when you disable nested VLANs, you should also remove the match commands.

zWhen nested VLANs are being used, the commands match tpid and match cos cannot be used in class-maps applied to customer ports.

zIf you attach the class-map to a number of ports, they will all be treated like core ports if at least one of the ports is a core port.

Page 10 AlliedWare Plus™ OS How To Note

Page 9 Page 11
Image 10
Page 9 Page 11
Contents AlliedWare PlusTM OS Which products and software version does this Note apply to? Creating hardware ACLs Creating IP hardware ACLsDestination-ip-address TCP and UDP You can filter TCP and UDP packets on the basis Effects of the action keywords in ACLs Creating MAC address hardware ACLsMaking filters by applying hardware ACLs to ports ACLsMaking filters by using QoS class-maps Creating a class-map Specifying what the class-map will match onMatching on inner keywords for nested VLANs So will the following single match command Matching on TCP flagApplying the policy-map to ports Applying the class-maps to a policy-mapMatching on eth-format and protocol Logic of the operation of the hardware filters Combining interface ACLs and QoS class-mapsExamples Blocking all multicast trafficBlocking all multicast traffic except one address Mirroring Http and Smtp trafficMirroring ARP packets Blocking TCP sessions in one direction This example uses two QoS class-mapsHow many filters can you create? Filter rules tableProfile mask Are there enough bytes for your set of filters? Some protocols also use filters, so use some of the length
Related manuals
Manual 8 pages 39.31 Kb Manual 52 pages 56.44 Kb

X900-12XT/S, x908 specifications

The Allied Telesis x908 and the SwitchBlade x900 series of network switches are cutting-edge solutions designed to address the demands of modern networking environments. These switches are known for their high performance, reliability, and robust feature sets, making them ideal for enterprise and service provider networks.

The Allied Telesis x908 series consists of modular and chassis-based systems that can accommodate a variety of network configurations. One of the main features of the x908 series is its ability to offer high scalability with support for a large number of ports. This makes it suitable for data centers and large enterprise networks where space and bandwidth optimization are critical.

In addition to scalability, the x908 series supports advanced Layer 2 and Layer 3 switching capabilities. This allows for efficient traffic management and routing, ensuring that data is delivered swiftly and reliably. The x908 also incorporates intelligent features such as Quality of Service (QoS), which prioritizes critical network traffic, ensuring that time-sensitive data—like voice and video—maintains its quality during transmission.

The SwitchBlade x900 series takes this functionality further with its innovative modular architecture. This allows organizations to configure their networks to meet specific needs by choosing from a variety of interface cards and service modules. The SwitchBlade x900 also supports advanced security features such as Access Control Lists (ACLs) and VLAN segmentation, which provide enhanced protection against unauthorized access and network threats.

Another hallmark of the x908 and SwitchBlade series is their support for high-speed Ethernet technologies, including 10G and 40G Ethernet. This enables organizations to keep pace with the increasing bandwidth demands of applications and services, particularly in cloud computing and data-intensive workloads.

Both the x908 and the SwitchBlade x900 series are designed with energy efficiency in mind, featuring power-saving technologies that reduce overall operational costs. Coupled with Allied Telesis' management tools, which provide detailed analytics and monitoring, network administrators can optimize performance and energy consumption simultaneously.

In summary, the Allied Telesis x908 and SwitchBlade x900 series offer a comprehensive suite of features, high performance, scalability, and advanced networking technologies. They represent a strategic investment for organizations looking to build resilient, efficient, and future-proof network infrastructures.
Top Page Image Contents