VLAN Advanced Features

AT - 8000S

Marvell Confidential

Agenda
Advanced VLAN classification
MAC based VLAN

Private VLAN Edge

Marvell Confidential

Advanced VLAN Classification

In Legacy VLAN implementation an untagged packet is classified according to the PVID configured on the port. The device implements an additional advance method of untagged packet classification
MAC based VLAN

Marvell Confidential

Packet Classification Flowchart

Yes

Is Packet Tagged?

Frame classified according to VLAN tag

No
Is MAC mapped to VLAN? Frame classified according to MAC Group to VLAN mapping

PVID based classification Marvell Confidential

MAC Based VLANs

A classification that enables to classify packets to different VLANs based on the packets source MAC address. This feature is usually used for
VLAN segregation based on device type Roaming

Classification can be based on specific MAC address or MAC address prefix

Marvell Confidential

MAC Based VLANs User Control

Map MAC addresses and prefixes of MAC addresses to a certain Group-of-MACs On a specific interface map a certain Group-of-MACs to a VID.
Can be applied only on general VLAN mode interfaces

If an untagged packet matches one of the Group-of-MACs defined on the interface, the VID is assigned according. Defined rules cant contain overlapping ranges on the same interface.

Marvell Confidential

MAC Based VLANs CLI

Use the following VLAN configuration command to map a MAC address or range of MAC addresses to a group of MAC addresses:

map mac mac-address {prefix-mask | host} macs-group group Use the no form of this command to delete the map:

no map mac mac-address {prefix-mask | host}

Marvell Confidential

MAC Based VLANs CLI

Use the following Interface configuration command to set a mac-based classification rule:

switchport general map macs-group group vlan vlan-id Use the no form of this command to delete the classification:

no switchport general map macs-group group

Marvell Confidential

MAC Based VLANs CLI

Use the following EXEC command to show macs-groups information :

show vlan macs-groups

Marvell Confidential

Private VLAN Edge

The device supports private VLAN edge feature A port can be defined as a protected port. Traffic received on this port will be forwarded only to the specific uplink port defined in the command. Only a Gigabit ports can be designated as an uplink port Protected port applies VLAN ingress filtering rules Uplink port does not apply VLAN egress filtering on traffic received from protected VLAN

Marvell Confidential

Private VLAN Edge

Traffic tagging by uplink port:
VID exists on uplink port regular VLAN egress tagging rules. VID does not exist on uplink port traffic is forwarded untagged

Protected port and uplink port can be in any VLAN mode IP address cannot be defined on this protected port

Marvell Confidential

PVE - CLI
Use the following Interface Mode command to define a protected port switchport protected ethernet port

Note: Uplink port must be a GE port Use the no form of command to disable protection: no switchport protected

console(config)# interface ethernet 1/e1 console(config-if)# switchport protected ethernet 1/g2 console(config-if)#
Marvell Confidential

Private VLAN Edge - Example

console# show interfaces switchport ethernet 1/e1 Port : 1/e1 Port Mode: Access Gvrp Status: disabled Ingress Filtering: true Acceptable Frame Type: admitAll Ingress UnTagged VLAN ( NATIVE ): 1 Protected: Enabled, Uplink is 1/g2 Port is member in: Vlan Name Egress rule Port Membership Type ---- -------------------------------- ----------- -------------------1 1 Untagged System
Marvell Confidential

Marvell Confidential