Blade ICE BMD00178 manual Vlan Maps

BLADEOS 6.3 Application Guide

VLAN Maps

A VLAN map (VMAP) is an Access Control List (ACL) that can be assigned to a VLAN rather than to a switch port as with regular ACLs. In a virtualized environment, VMAPs allow you to create traffic filtering and metering policies that are associated with a VM group VLAN, allowing ACLs to follow VMs as they migrate between hypervisors.

VMAPs are configured from the ACL menu, available with the following CLI command:

#/cfg/acl/vmap <1-128>

BLADEOS 6.3 supports up to 128 VMAPs. Individual VMAP filters are configured in the same fashion as regular ACLs, except that VLANs cannot be specified as a filtering criteria since the filter is explicitly assigned to a VLAN by nature.

Once a VMAP filter is created, it can be assigned or removed using the following commands:

￿For a regular VLAN:

/cfg/l2/vlan <VLAN ID>/vmap {addrem} <VMAP ID> [intportsextports]

￿For a VM group:

/cfg/virt/vmgroup <ID>/vmap {addrem} <VMAP ID> [intportsextports]

When the optional intports or extports parameter is specified, the action to add or remove the VMAP is applied for only the switch server ports (intports) or uplink ports (extports). If omitted, the operation will be applied to all ports in the associated VLAN or VM group.

Note – VMAPs have a lower priority than port-based ACLs. If both an ACL and a VMAP match a particular packet, both filter actions will be applied as long as there is no conflict. In the event of a conflict, the port ACL will take priority.