Alcatel-Lucent 6600 Understanding VLAN Rule Precedence

VLAN Rules Overview Defining VLAN Rules

page 8-8 OmniSwitch 6600 Family Network Configuration Guide April 2006

Understanding VLAN Rule Precedence

In addition to configurable VLAN rule types, there are two internal rule types for processing mobile port

frames. One is referred to as frame type and is used to identify Dynamic Host Configuration Protocol

(DHCP) frames. The second internal rule is referred to as default and identifies frames that do not match

any VLAN rules.

Note. Another type of mobile traffic classification, referred to as VLAN mobile tagging, takes precedence

over all VLAN rules. If a mobile port receives an 802.1Q packet that contains a VLAN ID tag that

matches a VLAN that has mobile tagging enabled, the port and its traffic are assigned to this VLAN, even

if the traffic matches a rule defined on any other VLAN. See Chapter7, “Assigning Ports to VLANs,” for

more information about VLAN mobile tag classification.

The VLAN rule precedence table on page 8-9 provides a list of all VLAN rules, including the two internal

rules mentioned above, in the order of precedence switch software applies to classify mobile port frames.

The first column lists the rule type names, the second and third columns describe how the switch handles

frames that match or don’t match rule criteria. The higher the rule is in the list, the higher its level of

precedence.

When a frame is received on a mobile port, switch software starts with rule one in the rule precedence

table and progresses down the list until there is a successful match between rule criteria and frame

contents. The exception to this is if there is a binding rule violation. In this case, the frame is blocked and

its source port is not assigned to the rule’s VLAN.

Each binding rule type contains criteria that is used to determine if a mobile port frame qualifies for

assignment to the binding rule VLAN, violates binding rule criteria, or is simply allowed on the port but

not assigned to the rule’s VLAN. For example, as indicated in the rule precedence table, a mobile port

frame is compared to binding MAC-port rule criteria and processed as follows:

•If the frame’s source MAC address matches the rule’s MAC address, then the frame’s port must also

match the rule’s port to qualify for assignment to the rule’s VLAN.

•If the frame’s source MAC matches but the frame’s port does not match, then a violation occurs and

the frame is blocked and the port is not assigned to the rule’s VLAN. There is no further attempt to

match this frame to rules of lower precedence.

•If the frame’s source MAC does not match but the frame’s port does match, the frame is allowed but

the port is not assigned to the rule’s VLAN. The frame is then compared to other rules of lower precen-

dence in the table or carried on the mobile port’s default VLAN if the frame does not match any other

VLAN rules and the mobile port’s default VLAN is enabled.