VLAN Properties
The VLAN Properties Is used to create new VLANs for use in the system. Users are able to set the following attributes per VLAN.
.png?Policy=eyJTdGF0ZW1lbnQiOlt7IlJlc291cmNlIjoiaHR0cHM6Ly9kemY4dnF2MjRlcWhnLmNsb3VkZnJvbnQubmV0L3VzZXJmaWxlcy80MTcwMy81NDk1Mi9ja2ZpbmRlci9pbWFnZXMvcXUvMjAyNS9pbWFnZSgxMSkucG5nIiwiQ29uZGl0aW9uIjp7IkRhdGVMZXNzVGhhbiI6eyJBV1M6RXBvY2hUaW1lIjoxNzYyMTUwNDgyfX19XX0_&Signature=ptMw0DG-4Op2vv-1mylvqvNPjMBGCePEA3p4f~cuQb7oWv-Ndr6nUtdUWHkZkfDY2S09Md1P8iHCZeCArF-iGmOEnJsBcJbWwDMYf4X0GBS~KijNgExw-i5AAvmeZJjFkPWXG0We32qrkXq6Hk-1tVxw55NnNdys6KSbkvM~IWPvvNXZuQqhAELRtaTHzm1o9zlv9tF5x55stBLbbzEoGJYrLFRKJNRj0eSb8eE2YHWkJ9-6KVWSpgv8ZxrWrbnkA4rBecp8riCEtvOggqnA3i0wMTOKZAMaixEoZa6sJyCmX6U6zrQk2vxeh3dWb9QmkEBd9LSyy5-frdTL7NB6qQ__&Key-Pair-Id=K2TK3EG287XSFC)
System VLAN Properties Attributes
| Attribute | Values | Default | Req | Description |
|---|---|---|---|---|
| Vlan-id | 0..4095 | N/A | Y | VLAN ID to be added/modified |
| Bridge-type | full | private-vlan | tls |
Full | Y | Most VLANs will be of type full bridged and the default can be used. Private vlan creates a vlan that allows UNI ports to communicate upstream to servers, but not between uni ports on the system. Isolates UNI port users from each other. TLS does an unconditional push of a vlan tag onto traffic for transparent transport of a UNI port to another location. |
| Acl-mode | tbasic | default-accept | default-drop | disabled | Disabled | N |
When set to disabled, the VLAN is open and acts as a normal Layer 2 switch. strong>Basic ACL default deny will all traffic on the VLAN and requires a basic ACL to allow access to the VLAN. Extended ACLs are not allowed. default-accept will accept all traffic by default and forward it and allows extended ACLs to deny specific traffic. default-drop will deny all traffic by default and an ACL is required to allow access for specific traffic. |
| Description | String | N/A | N |
Allows user to set the Name or description of the VLAN. |
| Enable-dai | true | false | False | N |
Allows the user to enable Dynamic ARP inspection to look for Layer 2 spoofing type attacks. |
| Stp-id | 0..8 | 0 | N |
By default is set to be associated with the common spanning tree (0). Assigning a vlan to STP IDs 1..8 associate it with one of the eight possible MSTI (Multiple Spanning Tree Instances). |
- Command Path – tolt>system>vlan>properties>
- Module – tolt
- Container – system
- Container – vlan
- Container – properties
- Types –
- *Vlan-id – VLAN ID to be added/modified
- full (default) | private-vlan | tls
- Bridge-type – Most VLANs will be of type full bridged and the default can be used. Private vlan creates a vlan that allows UNI ports to communicate upstream to servers, but not between uni ports on the system. Isolates UNI port users from each other. TLS does an unconditional push of a vlan tag onto traffic for transparent transport of a UNI port to another location. .
- Single
- Acl-mode – When set to disabled, the VLAN is open and acts as a normal Layer 2 switch.
Basic ACL default deny will all traffic on the VLAN and requires a basic ACL to allow access to the VLAN. Extended ACLs are not allowed.
default-accept will accept all traffic by default and forward it and allows extended ACLs to deny specific traffic.
default-drop will deny all traffic by default and an ACL is required to allow access for specific traffic.
- basic | default-accept | default-drop | disabled (default)
- Description – Allows user to set the Name or description of the VLAN.
- string
- Enable-dai – Allows the user to enable Dynamic ARP inspection to look for Layer 2 spoofing type attacks.
- true | false (defaultl)
- Stp-id – By default is set to be associated with the common spanning tree (0). Assigning a vlan to STP IDs 1..8 associate it with one of the eight possible MSTI (Multiple Spanning Tree Instances).
- 0..8 (default 0
- *Vlan-id – VLAN ID to be added/modified
VLAN Create Example
A VLAN must be created prior to it being u)tilized in a service profile or being assigned to an uplink. A VLAN can be created as follows:
- Command Path – tolt>system>vlan>properties>
- Module – tolt
- Container – system
- Container – vlan
- Container – properties
- Type – Example Parameter
- Vlan-id – 3000
- From the MDS1-ESUA(Config)# command line, input tolt system vlan properties 3000, and press Enter.
- Input commit, and press Enter. Outputs similar to the following are displayed:
MDS1-ESUA(Config)# tolt system vlan properties 3000 <enter> |
Create Private VLAN
Private VLAN allows north/south traffic between servers above the OLT and clients on UNI ports. Private VLAN denies east/west traffic between any two UNI ports.
- Command Path – tolt>system>vlan>properties>
- Module – tolt
- Container – system
- Container – vlan
- Container – properties
- Types – Example Parameters
- Vlan-id – 3000
- bridge-type private-vlan
- From the MDS1-ESUA(Config)# command line, input tolt system vlan properties 3000, and press Enter.
- Input bridge-type private-vlan, and press Enter.
- Input commit and press Enter. Outputs similar to the following are displayed:
MDS1-ESUA(Config)# tolt system vlan properties 3000 <enter> MDS1-ESUA(config-properties-3000)# bridge-type private-vlan <enter> |
VLAN Delete Example
A VLAN cannot be assigned to any UNI port or uplink or an attempt to delete the VLAN will be denied.
- Command Path – no>olt>system>vlan>properties>
- Module – tolt
- Container – system
- Container – vlan
- Container – properties
- Type – Example Parameter
- Vlan-id – 3000
- From the MDS1-ESUA(Config)# command line, input no tolt system vlan properties 3000, and press Enter.
- Input commit, and press Enter.
- Input commit and press Enter. Outputs similar to the following are displayed:
MDS1-ESUA(Config)# no tolt system vlan properties 3000 <enter> |
Enable DAI Example
- Command Path – tolt>system>vlan>properties>
- Module – tolt
- Container – system
- Container – vlan
- Container – properties
- Types – Example Parameters
- Vlan-id – 3000
- enable-dai true
- From the MDS1-ESUA(Config)# command line, input tolt system vlan properties 3000, and press Enter.
- Input enable-dai true, and press Enter.
- Input commit and press Enter. Outputs similar to the following are displayed:
MDS1-ESUA(Config)# tolt system vlan properties 3000 <enter> MDS1-ESUA(config-properties-3000)# enable-dai true <enter> MDS1-ESUA(config-properties-3000)# commit <enter> |