Вы находитесь на странице: 1из 38

AlcatelLucent A0S P6 - 7LAN Vanagement

Pef. 0ATA900JP01TEUS ssue 02


1 All Pights Peserved 2009, AlcatelLucent
7LAN Vanagement
AlcatelLucent A0S P6
155
AlcatelLucent A0S P6 - 7LAN Vanagement
Pef. 0ATA900JP01TEUS ssue 02
2 All Pights Peserved 2009, AlcatelLucent
Vodule 0bjectives
You will:
z Understand the 7LAN implementation
and features on A0S based switches
z Learn how:
to implement static or dynamic 7LAN in
order to segment a network
to configure 7LAN Tagging over Ethernet
links
To implement and monitor the C7PP
protocol
ADS ADS
156
AlcatelLucent A0S P6 - 7LAN Vanagement
Pef. 0ATA900JP01TEUS ssue 02
J All Pights Peserved 2009, AlcatelLucent
7LANs 0verview
7LAN 7irtual LAN
z A broadcast domain
z Ease of network management
z Provide a more secure network
Ports become members of 7LANs by
z Static Configuration
z Vobility/Authentication
z 802.1q
What is a 7LAN and what are its advantages:
t's a broadcast domain
t eases the management of the network
t provides security to the network because different users or applications can be in different domains
How to create a 7LAN:
Through P address subnetting
8y creating or defining 7LANs
157
AlcatelLucent A0S P6 - 7LAN Vanagement
Pef. 0ATA900JP01TEUS ssue 02
4 All Pights Peserved 2009, AlcatelLucent
7LANs Evolution to 7irtual LANs
Switchcentric model with 7LANs (Logical perspective)

I
u
e
V
L
A
N

Y
e
I
I
o
w
V
L
A
N
P
e
d
V
L
A
N
This is a view of the network on the previous page from a logical perspective.
Without regard to physical location, because of the switching algorithm being used here, the server and its clients are logically
attached to one another, and the multiple 7LANs are logically segregated from one another.
Note: The router (internal or external) can be configured to support selective communications between members of the various
7LANs based on Layer J protocols.
158
AlcatelLucent A0S P6 - 7LAN Vanagement
Pef. 0ATA900JP01TEUS ssue 02
5 All Pights Peserved 2009, AlcatelLucent
7LAN Vembership
Edge 0evices
How do ports and devices join 7LANs:
z Port based VLAN (Static)
z Croup hobiIity VLAN (0ynamic)
z Authenticated VLAN (0ynamic + Security)
z 802.1Q 7LAN (Tagged)
z 7LAN Vobile Tag
Ports can become members of 7LANs in multiple ways:
1) Portbased membership is the static assignment of a port (or ports) to a 7LAN.
2) For dynamic 7LAN membership, based upon rules or policies configured on individual 7LANs, ports are configured for
mobility. When a frame arrives on a mobile port, it is analyzed by the switch to see if it meets a 7LAN rule. f it does, the port
moves into the 7LAN. This process is referred as "source learning."
159
AlcatelLucent A0S P6 - 7LAN Vanagement
Pef. 0ATA900JP01TEUS ssue 02
6 All Pights Peserved 2009, AlcatelLucent
Static 7LAN Vembership
Static 7LAN
z 7LAN is assigned to the data port whatever the connected user (aka the
default 7LAN of the port)
z Segmentation of 7LANs is done according to topology, geography, etc.
DmniSwitch
V
i
r
t
u
a
I
P
o
u
t
e
r
VLAN 1
VLAN 2
VLAN
VLAN 4
VLAN 5
VLAN 6
-> VLAN 2 port defauIt 1l2
-> VLAN 6 port defauIt 1l4
-> VLAN 6 port defauIt 1l6
1l2
1l4
1l6
8y default all ports belong to 7LAN 1.
Using static port assignment, ports can be moved into different 7LANs.
160
AlcatelLucent A0S P6 - 7LAN Vanagement
Pef. 0ATA900JP01TEUS ssue 02
7 All Pights Peserved 2009, AlcatelLucent
DmniSwitch
V
i
r
t
u
a
I
P
o
u
t
e
r
VLAN 1
VLAN 2
VLAN
VLAN 4
VLAN 5
VLAN 6
0ynamic 7LAN Vembership
0ynamic 7LANs
z 7LAN is assigned depending on the device or the user
0evice oriented : 7LAN according to traffic criteria (VAC@, etc.).
User oriented: Authenticated 7LAN (EEE 802.1X for enhanced security)
What is dynamic 7LAN membership:
0ynamic 7LAN Vembership is defined using logical policies or rules (VAC address, P or PX network address, protocol, security
criteria, etc.).
Port/7LAN associations are defined using policies (VAC address, P or PX network address, protocol, authentication, etc) on the
switches, and devices become dynamically assigned when their traffic matches these policies.
7LANs may overlap (i.e. ports and devices can be members of multiple 7LANs for different protocols).
8roadcasts are contained within a 7LAN by limiting flooding to the protocol (i.e., APPs will only be forwarded to the P 7LAN).
When a 7LAN is administratively disabled, the user retains its 7LAN membership, but traffic is dropped.
t is recommended to set a mobile port to ignore 8P0Us.
161
AlcatelLucent A0S P6 - 7LAN Vanagement
Pef. 0ATA900JP01TEUS ssue 02
8 All Pights Peserved 2009, AlcatelLucent
0ynamic 7LAN Vembership
Port Policy
Assignment policy is defined
by port
The portbased policy provides the Network Vanager the ability to assign network connectivity to specific sets of ports within a
7LAN on the 0mniSwitches.
Cenerally, this is used for silent devices.
162
AlcatelLucent A0S P6 - 7LAN Vanagement
Pef. 0ATA900JP01TEUS ssue 02
9 All Pights Peserved 2009, AlcatelLucent
0ynamic 7LAN Vembership
Policy Types
hAC Address
z Single
z Pange
ProtocoI
z P
z PX
z 0ECNET
z APPLETALK
z Specified by Ethertype
z Specified by 0SAP and SSAP
z Specified by SNAP
Network Layer Address
z P Subnet
z PX network number
appletalk devices
PX network/protocol
0005dJ:12J456
192.168.10.0/24
0evices can be dynamically assigned to 7LANs based on their VAC address or a VAC address range.
0evices can be dynamically assigned to 7LANs based on the protocol they're using.
0evices can be dynamically assigned to 7LANs based on their P or PX network address.
163
AlcatelLucent A0S P6 - 7LAN Vanagement
Pef. 0ATA900JP01TEUS ssue 02
10 All Pights Peserved 2009, AlcatelLucent
0ynamic 7LAN Vembership
0HCP Policy
0HCP VLAN hembership
z 0HCP P0PT policy
0evices generating 0HCP requests on these
ports
z 0HCP VAC/VAC Pange policy
0evices with specified hAC addresses
generating 0HCP requests
z 0HCP Ceneric policy
Any 0HCP packet (one ruIe per switch)
0HCP request frames will not be forwarded until
a devices 7LAN membership is defined
z Without internal 8ootP Pelay entity 0HCP
frames are only forwarded to ports within
the 7LAN
z With an internal 8ootP Pelay entity 0HCP
frames are forwarded to the Pelay
1
&OLHQWQHHGLQJ,3DGGUHVVDSSHDUVLQGHIDXOW'+&39/$1 &OLHQWQHHGLQJ,3DGGUHVVDSSHDUVLQGHIDXOW'+&39/$1
3
$IWHUUHFHLYLQJ,3DGGUHVVQRZ
SDUWLFLSDWHVLQDXWKRUL]HG9/$1V
2
%RRW3 %RRW3 5HOD\GHOLYHUVUHTXHVWWR'+&3VHUYHU 5HOD\GHOLYHUVUHTXHVWWR'+&3VHUYHU
%RRW3 5HOD\
%RRW3 5HOD\
0
H
C
P

V
L
A
N
-VLAN

-
V
L
A
N
%RRW3 5HOD\
The unique characteristics of the 0HCP protocol require a good plan before setting up the 0mniSwitch in a 0HCP environment.
Since 0HCP clients initially have no P address, placement of these clients in a 7LAN is hard to determine. n simple networks
(i.e. one 7LAN) rules do not need to be deployed to support the 800TP/0HCP relay function. n multiple 7LAN configurations,
rules can be deployed to strategically support the relay function. Two types of policies are appropriate for the 0HCP
environments.
0HCP Port Policies: These policies are similar to standard port policies, but apply to switch ports to which 0HCP client
workstations are attached.
0HCP VAC Address Policies: These policies are similar to standard VAC address policies, but apply to the VAC addresses of 0HCP
client workstations only.
Using either policy, port or VAC, devices are assigned to a 7LAN based on meeting these policies and seeing a 0HCP request. n
addition, how the 0HCP frame is forwarded is also altered. f the internal 8ootP Pelay function is disabled, the frame is not
forwarded until the devices 7LAN membership has been learned (completes the Source Learning process). 0nce 7LAN
membership is learned, the next 0HCP frame received is forwarded out only those ports assigned to this 7LAN (where an external
router or 0HCP server should reside). f the internal 8ootP function is enabled, the frame once again is not forwarded until 7LAN
membership has been learned (completes the Source Learning process). 0nce membership is learned, the next 0HCP frame is
forwarded to and through the 8ootP Pelay entity for forwarding to a 0HCP server.
164
AlcatelLucent A0S P6 - 7LAN Vanagement
Pef. 0ATA900JP01TEUS ssue 02
11 All Pights Peserved 2009, AlcatelLucent
0ynamic 7LAN Vembership
8inding Policy
A device must match multiple criteria for assignment to a 7LAN
Failure to match all criteria is a "violation" and the device is not assigned to any 7LAN
z f user's P changes while connected
Users will be disconnected
Trap will be generated
Allowed port binding rules
z VAC + P + Port
z VAC + Port
z Port + Protocol
ExampIe: VLAN 1:2
PuIe 1: 3l1, 12.168.10.2, AAAAAA:AAAAAA
PuIe 1: 3l2, 12.168.10.3, :
PuIe 1: 3l3, 12.168.10.4, CCCCCC:CCCCCC
3l1 3l2
3l3 000000:000000
12.168.10.4
:
12.168.10.3
AAAAAA:AAAAAA
12.168.10.2
sw VLAN 2 binding :
P0PTPP0T0C0L VACP0PT VACPP0PT
8inding rules require mobile port traffic to match all rule criteria. The criteria consists of one of three combinations, each of
which is a specific binding rule type:
1 The device must attach to a specific switch port and use a specific VAC address and use a specific P network address (VAC
portP address binding rule).
2 The device must use a specific port and a specific source VAC address (VACport binding rule).
J The device must attach to a specific switch port and use a specific protocol (portprotocol binding rule).
165
AlcatelLucent A0S P6 - 7LAN Vanagement
Pef. 0ATA900JP01TEUS ssue 02
12 All Pights Peserved 2009, AlcatelLucent
0ynamic 7LAN Vembership
Authenticated 7LANs
Applies to users connected on authenticated ports
Users must authenticate through TELNET, HTTP, or 802.1x
Authentication is based on either PA0US, L0AP or TACACS+
Successful login
z The client VAC is associated with the correct 7LAN
0efauIt
VLAN
0efauIt
VLAN
Target
VLAN
Target
VLAN
Agent
Host
using HTTP,
TeInet, AV-cIient
or 802.1x
Switch running
Authentication Agent
PA0IUS, TACACS+, or L0AP
Server
User
Authenticated 7LANs are an important feature for those who want to secure a multiuser network with public or semipublic
links. Username and password is required before any traffic can flow from a device.
166
AlcatelLucent A0S P6 - 7LAN Vanagement
Pef. 0ATA900JP01TEUS ssue 02
1J All Pights Peserved 2009, AlcatelLucent
7LANs CL
0efining a 7LAN and its router interface
7LAN 2
ip interface training_lab address 192.168.10.1 7LAN 2
Assigning Ports to a 7LAN
7LAN 2 port default slot/port
Enabling a mobile port
7LAN port mobile slot/port
Assigning a rule to a 7LAN
7LAN 2 rule
167
AlcatelLucent A0S P6 - 7LAN Vanagement
Pef. 0ATA900JP01TEUS ssue 02
14 All Pights Peserved 2009, AlcatelLucent
7LAN rules CL
Assigning a rule to a 7LAN
7LAN 2 rule
z 0efining an P or PX protocol rule for 7LAN 2
->VLAN 2 protocoI !
{ snap ipxsnap ipxnovell ipxllc ipxe2 ipsnap ipe2 ethertype dsapssap decnet appletalk
z 0efining an P network address rule for 7LAN 25
->VLAN 25 ip 21.0.0.0
z 0efining a VACPport binding rule
->VLAN 2 binding !
{ portprotocol macportprotocol macport macipport macip
7LAN 2 binding macportprotocol 00:00:20:11:4a:29 4/1 dsapssap 04/04
168
AlcatelLucent A0S P6 - 7LAN Vanagement
Pef. 0ATA900JP01TEUS ssue 02
15 All Pights Peserved 2009, AlcatelLucent
7LANs CL
7LAN 4 enable
7LAN 4 stp disable
ip interface int_1 address 192.168.10.1 7LAN 4
7LAN 4 ip 192.168.10.0 mask 255.255.255.0
7LAN 4 name Engineering
0se quotes cround strny ] the \LAN ncme contcns multple words wth spcces
between them
7LAN 1015 100105 200 name "Training Network"
show
7LAN 4
7LAN rules
7LAN 4 rules
7LAN port mobile
169
AlcatelLucent A0S P6 - 7LAN Vanagement
Pef. 0ATA900JP01TEUS ssue 02
16 All Pights Peserved 2009, AlcatelLucent
Precedence/Pule Type
Upon receiving a frame, Source Learning compares the frame with 7LAN
Policies in 0rder
z 1. Frame Type
z 2. 0HCP VAC
z J. 0HCP VAC Pange
z 4. 0HCP Port
z 5. 0HCP Ceneric
z 6. VACPortP
z 7. VACPort 8inding
z 8. PortProtocol 8inding
z 9. VAC Address
z 10. VAC Pange
z 11. Network Address
z 12. Protocol
z 1J. 0efault (No Vatch port default 7LAN)
170
AlcatelLucent A0S P6 - 7LAN Vanagement
Pef. 0ATA900JP01TEUS ssue 02
17 All Pights Peserved 2009, AlcatelLucent
7LAN Vobility
0efault 7LAN handling (renaming)
z 0efault 7LAN
VLAN port slot/port defauIt VLAN {enabIe | disabIe|
Enabled user will join default 7LAN when no rule matches
0isabled user's traffic will be dropped, when no rule matches
z 0efault 7LAN restore
VLAN port slot/port defauIt VLAN restore {enabIe | disabIe|
Enabled user will join default 7LAN when traffic ages out
0isabled user will remain in the 7LAN membership even after traffic ages out.
- f a 7LAN port rule exists for a mobile port, it will remain a member of the port rule 7LAN even if default 7LAN restore is
enabled for that port.
- When a mobile port link is disabled and then enabled, the port is always returned to its configured default 7LAN. Switch ports
are disabled when a device is disconnected from the port, a configuration change is made to disable the port, or switch power is
turned off.
- f the default 7LAN is enabled for a mobile port, traffic that does not match any 7LAN rules is forwarded on the default 7LAN.
- f the default 7LAN is disabled for the mobile port, traffic that does not match any 7LAN rules is dropped.
171
AlcatelLucent A0S P6 - 7LAN Vanagement
Pef. 0ATA900JP01TEUS ssue 02
18 All Pights Peserved 2009, AlcatelLucent
802.1q
7LAN Vembership
How do ports join 7LANs:
z Port based 7LAN (Static)
z Croup Vobility 7LAN (0ynamic)
z Authenticated 7LAN (0ynamic + Security)
z 802.1 VLAN (Tagged)
z VLAN hobiIe Tag
Ports can become members of 7LANs in multiple ways:
After a port is configured for 802.1Q tagging, the port becomes a member of the tagged 7LAN.
172
AlcatelLucent A0S P6 - 7LAN Vanagement
Pef. 0ATA900JP01TEUS ssue 02
19 All Pights Peserved 2009, AlcatelLucent
802.1Q
7LAN Tag
z 802.J VAC header change
z 4096 unique 7LAN Tags (addresses)
z 7LAN 0 == C0 == 7LAN Tag
802.1P
z Three bit field within 802.1Q header
z Allows up to 8 different priorities
z Feature must be implemented in
hardware
802.1p (3 bits)
0A SA
VLAN I0 (12 its)
4 8ytes
"New 802.J VAC"
Ethertype, Priority, Tag
802.1Q adds a new 802.J VAC header to each frame, and an additional 4byte field that holds:
1) Ethertype,
2) 802.1p priority (07, 7=highest), and
J) a 7LAN 0 (tag) field.
4096 7LAN tags. Croup 0 = 7LAN tag. The tag can be configured at the end station or switch.
The 0mniSwitch supports all 8 levels of priority (07, 7 is highest) as one of its QoS features.
173
AlcatelLucent A0S P6 - 7LAN Vanagement
Pef. 0ATA900JP01TEUS ssue 02
20 All Pights Peserved 2009, AlcatelLucent
7LANs EEE 802.1Q
Aggregates muItipIe VLANs across Ethernet Iinks
z Combines traffic from multiple 7LANs over a single link
z Encapsulates bridged frames within standard EEE 802.1Q frame
z Enabled on fixed ports
z Tags port traffic for destination VLAN
VLAN 3
VLAN 2
VLAN 1
VLAN 3
VLAN 2
VLAN 1
J/4 J/4
-> VLAN 2 enabIe
-> VLAN 3 enabIe
-> VLAN 2 802.1q 3l4
-> VLAN 3 802.1q 3l4
> show \LAN J port
> show 802.1q J/4
Allows multiple 7LANs to share a common Ethernet trunk, yet 7LAN traffic remains segregated.
EEE 802.1Q has many individual components. the 0mniSwitch family implementation supports the Port8ased Policy and 7LAN
Tagging over Ethernet, as well as over aggregate ports.
Supported on all Ethernet modules, Cigabit modules, the 0mniStack (ports and uplinks) and 0mniAccess.
174
AlcatelLucent A0S P6 - 7LAN Vanagement
Pef. 0ATA900JP01TEUS ssue 02
21 All Pights Peserved 2009, AlcatelLucent
Tagged and Untagged traffic
Configuring the Frame Type
7LAN 802.1q J/4 frame type tagged
z To configure a port to only accept tagged frames
7LAN 802.1q J/4 frame type all
z To configure a port back to accepting both tagged and untagged traffic
The untcyyed trc]]c \LAN wll clwcys be the port's de]cult \LAN
175
AlcatelLucent A0S P6 - 7LAN Vanagement
Pef. 0ATA900JP01TEUS ssue 02
22 All Pights Peserved 2009, AlcatelLucent
7LAN Vobile Tag
Allows the dynamic assignment of mobile ports to more than one 7LAN at the
same time
Enabled on mobiIe ports
-> VLAN 3 mobiIe-tag enabIe
Allows mobile ports to receive 802.1Q tagged packets with
Enable the classification of mobile port packets based on 802.1Q 7LAN 0 tag J
Takes precedence over all 7LAN Pules
Voice VLAN
0efauIt VLAN
0ata VLAN
Communication
Server
Tagged packets
With tag=3
A mobile port will join a tagged 7LAN if tagged traffic for that 7LAN comes in on the mobile port and the 7LAN mobiletag
command is enabled for that 7LAN.
n this example, if a mobile port that is statically assigned to 7LAN 1 receives an 802.1Q tagged packet with a 7LAN 0 of J, the
port and packet are dynamically assigned to 7LAN J.
n this case, the mobile port now has a 7LANport association defined for 7LAN 1 and for 7LAN J
f a mobile port, however, receives a tagged packet containing a 7LAN 0 tag of 7, the packet is discarded because the 7LAN
mobile tagclassification attribute is disabled on 7LAN 7.
176
AlcatelLucent A0S P6 - 7LAN Vanagement
Pef. 0ATA900JP01TEUS ssue 02
2J All Pights Peserved 2009, AlcatelLucent
7LAN mobile tagging vs 802.1Q tagging
VLAN hobiIe Tag
z Allows mobile ports to receive 802.1Q
tagged packets
z Enabled on the 7LAN that will receive
tagged mobile port traffic
z Triggers dynamic assignment of tagged
mobile port traffic to one or more
7LANs
802.1 Tag
z Not supported on mobile ports
z Enabled on fixed ports; tags port
traffic for destination 7LAN
z Statically assigns (tags) fixed ports to
one or more 7LANs
177
AlcatelLucent A0S P6 - 7LAN Vanagement
Pef. 0ATA900JP01TEUS ssue 02
24 All Pights Peserved 2009, AlcatelLucent
Automatic 7LAN Assignment (A7A)
Feature is used to provide (without any manual intervention) the "7LAN id" to
the 7oP terminals
0ata terminal behind their 7oP terminals
8enefits
z An automatic process that makes PPhone deployment easier
No Tag configuration to enter on each phone set
z Allows 7oice/0ata traffic split (PC cascaded behind an PPhone)
8roadcast domain separation
z Q0S (7oice prioritization over 0ata)
178
AlcatelLucent A0S P6 - 7LAN Vanagement
Pef. 0ATA900JP01TEUS ssue 02
25 All Pights Peserved 2009, AlcatelLucent
Automatic 7LAN Assignment
Example with internal 0HCP server
At its startup, the 7oP equipment belongs to the default 7LAN of the connected
switch (7LAN id= "1")
Voice VLAN: 11
AVA Server
+ 0HCP
'+&3
0efauIt VLAN : 1
1) 0HCP Pequest
(IP Phone hAC @ vendor I0,
Sent from the VLAN "1")
2) 0HCP answer
(VLAN id: "11")
4 ) 2nd 0HCP request
(without VLAN request,
IP Phone hAC @ vendor I0,
Sent from the VLAN "11")
6) TFTP Pequest
5) 0HCP Dffer
(IP @,., TFTP server)
3) The IP phone takes into account
the VLAN id (it starts to tag its
frames with the received 802.1q
tag)
802.1q
LAN
Customer network configuration:
0efault 7LAN: id = "1"
7oice 7LAN: id = "11"
Each 7LAN has its own virtual router, to all a traffic between this 7LAN and an other 7LAN
8oth 7LANs have a 0HCP relay function so as to forward all the 0HCP exchanges from the local 7LAN ("1" or
"11") to an other one (in fact toward the CS). When a request has to be forwarded to an other 7LAN, the 0HCP
Pelay function adds the virtual router P address in the 0HCP request
Terminal configuration:
The P terminal has to use the "0ynamic Vode"
First phase: "7LAN id" request
A first "0HCP 0iscover" request is sent (untagged frames). t includes a "7LAN id" quest. This first request follows the
"routing" rules of the default 7LAN ("1")
The CS 0HCP function receives this request, and detects the "7LAN id" quest. The CS 0HCP function checks if a sub
network corresponds to default 7LAN, then checks if a "7LAN id" configuration exists for this subnetwork ("11" in this case)
A "0HCP 0ffer" is sent toward the "P configuration"seeker. This offer contains the 7LAN id: "11" (7endor Specific 0ptions
) + an P configuration (dummy P configuration which will not be used by the equipment, but necessary so as to follow the
0HCP frame format in the standard)
The 0HCP client takes into account the 7LAN id. The consequence of this, is that all the following frames will be tagged
with the 7LAN id : "11". The network equipment switches the 0HCP client from the 7LAN "1" to the 7LAN "11". All the
following P exchanges will follow the 7LAN "11" routing rules
Second phase: "P configuration" request
A second 0HCP discover request is sent (default one: without 7LAN id quest). As all the frames are from now tagged "7LAN
11", the switch forwards the frames according to the "7LAN 11" configuration.
The 0HCP server checks if a range (or at least one P address) is configured for the subnetwork corresponding to the 7LAN
"11". t sends an P configuration (P address, subnet mask, router, TFTP server address) to the 7oP equipment.
From this moment, all the following steps are identical to a normal 7oP equipment startup (request of the lanpbx.cfg file,
binaries request .)
179
AlcatelLucent A0S P6 - 7LAN Vanagement
Pef. 0ATA900JP01TEUS ssue 02
26 All Pights Peserved 2009, AlcatelLucent
0HCP Server
Automatic 7LAN Assignment
Example with a customer 0HCP server
Communication Server configured as an A7A Server
0HCP server could be the customer network one
Voice VLAN: 11
AVA Server
0efauIt VLAN : 1
1) 0HCP Pequest
(IP Phone hAC @ vendor I0,
Sent from the VLAN "1")
2) 0HCP answer
(VLAN id: "11")
4 ) 2nd 0HCP request
(without VLAN request,
IP Phone hAC @ vendor I0,
Sent from the VLAN "11")
6) TFTP Pequest
5) 0HCP Dffer
(IP @,., TFTP server)
3) The IP phone takes into account
the VLAN id (thanks using the
802.1q the received tag
LAN
The 7oP equipment works in the same way
First phase: "7LAN id" request
Second phase: "P configuration" request
The topology is the same than in the previous example
The difference concerns the behavior of the "0HCP relay" function
0efault 7LAN: the 0HCP relay function forwards the corresponding exchanges to the CS (where only the A7A
Server function is activated)
7oice 7LAN: the 0HCP relay function forwards the corresponding exchanges toward the customer 0HCP server
7oP equipment startup
First phase: "7LAN id" request
A "0HCP 0iscover" request is sent. t includes a "7LAN id" quest. This first request follows the "routing" rules of the default
7LAN ("1").
The A7A Server (CS) receives this request and checks its configuration so as to find an entry compatible to the default 7LAN
(thanks to the "virtual router" information added by the 0HCP relay function)
The 7oP equipment receives (via a 0HCP 0ffer) the 7LAN id: 11. From this moment, it tags all the frames
Network equipment behavior : the 7oP equipment switches from the 7LAN "1" to the 7LAN "11". All the following P exchanges
will follow the 7LAN "11" routing rules
Second phase: "P configuration"
The 7oP equipment sends a second "0HCP 0iscover" request (without any 7LAN quest). 8elonging to the 7LAN 11, the request
of the 7oP equipment is forwarded the Customer 0HCP server.
This 0HCP server has charge of providing an P configuration to the seeker equipment (P address, subnet mask, router, TFTP
server address). A "0HCP 0ffer" is sent to this equipment
As soon as this P configuration is confirmed, some TFTP requests are sent toward the CS (lanpbx.cfg file, binaries .)
180
AlcatelLucent A0S P6 - 7LAN Vanagement
Pef. 0ATA900JP01TEUS ssue 02
27 All Pights Peserved 2009, AlcatelLucent
0HCP Pelay
Ability to forward 0HCP/8ootP packets between
VLANs
Support for global or pervlan configuration
Vultiple 0HCP server
z Clobal 0HCP
z Per7LAN 0HCP
z Vultiple 0HCP Per7LAN
120.1.1.1
7LAN 2
1J0.1.1.1
7LAN J
0HCP
Client
0HCP
Client
0HCP
Client
0HCP
Server
LAN
0HCP PeIay
0HCP PeIay
-> ip heIper address 0HCP Server Addr>
-> ip heIper address 0HCP Server Addr> vIan id>
-> ip heIper address address1> address2> vIan id>
181
AlcatelLucent A0S P6 - 7LAN Vanagement
Pef. 0ATA900JP01TEUS ssue 02
28 All Pights Peserved 2009, AlcatelLucent
7lan Vobility with multiple criteria
Example
Voice VLAN
VLAN 3
0ata VLAN
VLAN 2
Communication
Server
->vIan port mobiIe 2/12
->vIan 2 dhcp port 2/12
->vIan 2 ip 120.12.2.0 255.255.255.0
->vIan port mobiIe 2/12
->vIan 1 dhcp mac range 00:80:]:00:00:00 00:80:F:FF:FF:FF
->vIan J mobiIe-tag enabIe
->ip heIper address 1Z2.J0.12.20
->ip heIper forward deIay 0
DYDBGKFSBVHUYHU
172.30.12.20
dynamic @P dynamic @P
dynamic @P dynamic @P
Automatic 7LAN Assignment (A7A)
P Phone Automatic 7LAN Assignment
PC 0ynamic P address
182
AlcatelLucent A0S P6 - 7LAN Vanagement
Pef. 0ATA900JP01TEUS ssue 02
29 All Pights Peserved 2009, AlcatelLucent
Permit to obtain a temporary P
address in vlan 1
(hyher precedence thcn
>vlcn 2 dhcp port 2/12)
A secund 0HCP request without
7LAN request, sent from the
7LAN J
P Phone Automatic 7LAN Assignment
PC 0ynamic P address
Voice VLAN
VLAN 3
0ata VLAN
VLAN 2
Communication
Server
->vIan port mobiIe 2/12
->vIan 2 dhcp port 2/12
->vIan 2 ip 120.12.2.0 255.255.255.0
->vIan port mobiIe 2/12
->vIan 2 dhcp port 2/12
->vIan 2 ip 120.12.2.0 255.255.255.0
->vIan port mobiIe 2/12
->vIan 1 dhcp mac range 00:80:]:00:00:00 00:80:F:FF:FF:FF
->vIan J mobiIe-tag enabIe
->ip heIper address 1Z2.J0.12.20
->vIan port mobiIe 2/12
->vIan 1 dhcp mac range 00:80:]:00:00:00 00:80:F:FF:FF:FF
->vIan J mobiIe-tag enabIe
->ip heIper address 1Z2.J0.12.20
DYDBGKFSBVHUYHU
172.30.12.20
dynamic @P dynamic @P
dynamic @P dynamic @P
Automatic 7LAN Assignment (A7A): Voice Traffic
1
Enables classification of mobile
port packets based on 7LAN 0
tag J
2
183
AlcatelLucent A0S P6 - 7LAN Vanagement
Pef. 0ATA900JP01TEUS ssue 02
J0 All Pights Peserved 2009, AlcatelLucent
P Phone Automatic 7LAN Assignment
PC 0ynamic P address
Voice VLAN
VLAN 3
0ata VLAN
VLAN 2
Communication
Server
->vIan port mobiIe 2/12
->vIan 2 dhcp port 2/12
->vIan 2 ip 120.12.2.0 255.255.255.0
->vIan port mobiIe 2/12
->vIan 2 dhcp port 2/12
->vIan 2 ip 120.12.2.0 255.255.255.0
->vIan port mobiIe 2/12
->vIan 1 dhcp mac range 00:80:]:00:00:00 00:80:F:FF:FF:FF
->vIan J mobiIe-tag enabIe
->ip heIper address 1Z2.J0.12.20
->vIan port mobiIe 2/12
->vIan 1 dhcp mac range 00:80:]:00:00:00 00:80:F:FF:FF:FF
->vIan J mobiIe-tag enabIe
->ip heIper address 1Z2.J0.12.20
DYDBGKFSBVHUYHU
172.30.12.20
dynamic @P dynamic @P
dynamic @P dynamic @P
Automatic 7LAN Assignment (A7A): 0ata Traffic
Allows the PC to automatically
obtain an P address on vlan2
2
Frames received on any mobile
port containing a 120.12.2.0
source P address will be
qualified for dynamic
assignment to 7LAN 2
J
184
AlcatelLucent A0S P6 - 7LAN Vanagement
Pef. 0ATA900JP01TEUS ssue 02
J1 All Pights Peserved 2009, AlcatelLucent
CAPP 7LAN Pegistration Protocol
C7PP Functional specifications
z Section 11 of EEE 801.1Q2005
C7PP creates dynamic 7LANs
z No manual configuration needed
z C7PP is maintained by the devices themselves
Allows the creation of 7LANs with a specific 70 and a specific port, based on
updates from C7PPenabled devices
Advertises manually configured 7LANs to other C7PPenabled device
No manual configuration in order to interoperate
CAPP: Ceneric Attribute Pegistration Protocol
C7PP, an application of CAPP, is designed to propagate 7LAN information from device to device. With C7PP, a single switch is
manually configured with all the desired 7LANs for the network, and all the other switches on the network learn those 7LANs
dynamically. An end station can be plugged into a switch and be connected to its desired 7LAN. However, end stations need
C7PPaware Network nterface Cards (NC) to make use of C7PP.
185
AlcatelLucent A0S P6 - 7LAN Vanagement
Pef. 0ATA900JP01TEUS ssue 02
J2 All Pights Peserved 2009, AlcatelLucent
CAPP 7LAN Pegistration Protocol
Vethod
z Sending Protocol 0ata Units (P0Us)
z C7PPenabled devices listen to for updates
Known Vcast address (0180C2000021)
z C7PP advertisement follows the definition of CAPP
Pequirements for C7PP to advertise 7LANs
zThe 7LAN should be operationally up
z8ridge mode should be "Flat" and C7PP should be globally enabled on the switch
zC7PP should be enabled on the port, through which the propagation is required
zThe 7LAN to be propagated through a port should not be the default 7LAN for that port
C7PP sends information encapsulated in an Ethernet frame on a specific VAC address (01:80:C2:00:00:21). 8ased on the received
registration information (Join message of CAPP), 7LAN information is learned on a system. C7PP enables new dynamic 7LANs on
a device or dynamically registers a port to an existing 7LAN. n effect, based on the received registration information of a 7LAN
(Join message of CAPP), the port becomes associated with that 7LAN. Similarly, whenever deregistration information is received
for a 7LAN (Leave message of CAPP) on a particular port, the association of that 7LAN with the port may get deleted.
A C7PPenabled port sends C7PP P0Us advertising the 7LAN. 0ther C7PPaware port receiving advertisements over a link can
dynamically join the advertised 7LAN. All ports of a dynamic 7LAN operate as tagged ports for that 7LAN. Also, a C7PPenabled
port can forward an advertisement for a 7LAN it learned about from other ports on the same switch. However, that forwarding
port does not join that 7LAN until an advertisement for that 7LAN is received on that port.
186
AlcatelLucent A0S P6 - 7LAN Vanagement
Pef. 0ATA900JP01TEUS ssue 02
JJ All Pights Peserved 2009, AlcatelLucent
C7PP
C7PP is 802.1Q 7LANs E 7irtual ports
z Creation (up to 4094)
z Pruning
C7PP supported on
z tagged and untagged ports
z aggregate and non aggregate ports
C7PP can not be enabled on mobile ports and 7LAN stacking user ports
Static 7LAN: 10, 20, J0
0ynamic 7LAN: 50
Static 7LAN: None
0ynamic 7LAN: 10, 20, J0, 50
Static 7LAN: None
0ynamic 7LAN: 10, 20, J0, 50
Static 7LAN: 50
VLAN 10
VLAN 20 VLAN 30
VLAN 50 VLAN 10
VLAN 20 VLAN 30
VLAN 50 VLAN 10
VLAN 20 VLAN 30
VLAN 50
187
AlcatelLucent A0S P6 - 7LAN Vanagement
Pef. 0ATA900JP01TEUS ssue 02
J4 All Pights Peserved 2009, AlcatelLucent
C7PP Vodes
Configured per port
z Normal Pegistration mode (0efault)
Allows dynamic creation, registration, and deregistration of 7LANs on a device
z Fixed Pegistration mode
0nly manual registration of the 7LANs and prevents dynamic or static deregistration
of 7LANs on the port
z Forbidden registration mode
Prevents any 7LAN registration or deregistration
Static 7LAN: 10, 20, J0
0ynamic 7LAN: 50
VLAN 10
VLAN 20
VLAN 30
VLAN 50
Pegistration Vode
Configuring C7PP Pegistration Vode
gvrp registration normal port J/2
gvrp gvrp registration fixed port J/2
gvrp registration forbidden port J/2
Pegistration Vode
The normal registration mode allows dynamic creation, registration, and deregistration of 7LANs on a device. The normal mode
is the default registration mode.
The fixed registration mode allows only manual registration of the 7LANs and prevents dynamic or static deregistration of 7LANs
on the port.
The forbidden registration mode prevents any 7LAN registration or deregistration. f dynamic 7LANs previously created are
present, they must be deregistered.
188
AlcatelLucent A0S P6 - 7LAN Vanagement
Pef. 0ATA900JP01TEUS ssue 02
J5 All Pights Peserved 2009, AlcatelLucent
C7PP Vodes
Controls the C7PP P0U exchanges for spanning tree
z Participant Vode (0efault)
C7PP protocol exchanges are allowed only if the port is set to the STP forwarding
state
z NonParticipant Vode
C7PP P0Us are not sent through the STP forwarding and blocking ports
z Active Vode
To prevent undesirable Spanning Tree Protocol topology reconfiguration on a port
To send C7PP 7LAN declarations even when they are in the STP blocking state
Static 7LAN: 10, 20, J0
0ynamic 7LAN: 50
VLAN 10
VLAN 20
VLAN 30
VLAN 50
Applicant Vode
Configuring C7PP Applicant Vode
gvrp applicant active port J/2
gvrp applicant participant port J/2
gvrp applicant nonparticipant port J/2
Applicant Vode
The C7PP applicant mode determines whether or not C7PP P0U exchanges are allowed on a port, depending on the Spanning
Tree state of the port. This mode can be configured to be participant, nonparticipant or active. 8y default, the port is in the
participant mode.
To prevent undesirable Spanning Tree Protocol topology reconfiguration on a port, configure the C7PP applicant mode as active.
Ports in the C7PP active applicant state send C7PP 7LAN declarations even when they are in the STP blocking state. This
prevents the STP bridge protocol data units (8P0Us) from being pruned from the other ports.
Transparent Switching Vode
A switch is said to be a C7PP transparent switch when it propagates C7PP information to other switches, but does not register
itself in the C7PP process. This is done by enabling C7PP transparent switching. t also defines the behavior of the switch when
C7PP is globally disabled on it. When C7PP and C7PP transparent switching are globally disabled, the switch will discard the
C7PP frames.
0ata frames are propagated only to registered devices. This prevents attempts to send data to devices that are not reachable.
189
AlcatelLucent A0S P6 - 7LAN Vanagement
Pef. 0ATA900JP01TEUS ssue 02
J6 All Pights Peserved 2009, AlcatelLucent
C7PP Static vs. 0ynamic Conversion
Static 7LAN's E virtual port cannot be converted to dynamic 7LAN's.
Learned 7LAN's E virtual ports can be converted to static 7LAN's
Static port association can not be made on a port that has a dynamic 7LAN associated
with it
To add a static 7PA on a dynamic 7LAN the 7LAN must be converted to static 7LAN
Static to 0ynamic
0ynamic to Static
YES
NO
VLAN 10
VLAN 10 VLAN 10 VLAN 10
C7PP allows a port to register and deregister both static and dynamic 7LANs. Every device has a list of all the switches and end
stations that can be reached at any given time. When an attribute for a device is registered or deregistered, the set of
reachable switches and end stations, also called participants, is modified.
VSTP
n case of VSTP, there will be multiple 7LANs handled by the same VSTP instance and there can be multiple VSTP instances in
the system.
When a join P0U is received and if the 7LAN does not exist in the system then 7LAN will be created. f the 7LAN is not already
mapped to any VSTP instance via configuration, then the 7LAN will be mapped to CST. C7PP will propagate the join information
through the C7PP enabled forwarding ports of the VSTP instance corresponding to the 7LAN.
190
AlcatelLucent A0S P6 - 7LAN Vanagement
Pef. 0ATA900JP01TEUS ssue 02
J7 All Pights Peserved 2009, AlcatelLucent
C7PP Configuration
Enable C7PP
z gvrp
Enable the C7PP by the port
z gvrp port J/2
Pestrict a port from becoming a member of the
statically created
z gvrp static7LAN restrict J/5 10
Enabling Transparent Switching
z gvrp transparent switching
Propagates C7PP information to other switches
0oes not register itself in the C7PP process
No effect on the switch if C7PP is globally
enabled on a switch
0isplays the global configuration for C7PP
z show gvrp configuration
0isplays the C7PP configuration status for
all the ports
z show gvrp configuration port
0isplays the timer values configured for
all the ports or a specific port
z show gvrp timer
Clears C7PP statistics for all the ports, an
aggregate of ports, or a specificport
z clear gvrp statistics
0isplays the source VAC address of the
last C7PP message received on a
specified port or an aggregate of ports
z show gvrp lastpduorigin
191
AlcatelLucent A0S P6 - 7LAN Vanagement
Pef. 0ATA900JP01TEUS ssue 02
J8 All Pights Peserved 2009, AlcatelLucent
C7PP Vonitoring
-> show VLAN
stree mble
VLAN type admin oper 1x1 flat auth ip ipx tag name
-----+------+------+------+------+------+----+-----+-----+-----+---------
1 std on off on on off off NA off VLAN 1
50 std on on on on off off NA off VLAN 50
222 std on on on on off off NA off VLAN 222
223 gvrp on on off on off off NA off VLAN 223
225 gvrp on on off on off off NA off VLAN 225
226 gvrp on on off on off off NA off VLAN 226
-> show gvrp statistics port 1/9
Port 1/9:
Join Empty Received : 20,
Join In Received : 0,
Empty Received : 0,
Leave Empty Received : 1,
Leave In Received : 0,
Leave All Received : 288,
Join Empty Transmitted : 1154,
Join In Transmitted : 0,
Empty Transmitted : 0,
Leave Empty Transmitted : 0,
Leave In Transmitted : 0,
Leave All Transmitted : 341,
Failed Registrations : 0,
Garp PDU Received : 309,
Garp PDU Transmitted : 1475,
Garp Msgs Received : 309,
Garp Msgs Transmitted : 1495,
Invalid Msgs Received : 0
-> show gvrp configuration port 1/9
Port 1/9:
GVRP Enabled : yes,
Registrar Mode : normal,
Applicant Mode : participant,
Join Timer (msec) : 600,
Leave Timer (msec) : 1800,
LeaveAll Timer (msec) : 30000,
Legacy Bpdu : disabled
1 LEARN FALSE FALSE
50 LEARN FALSE FALSE
222 LEARN FALSE FALSE
223 LEARN FALSE FALSE
225 LEARN FALSE FALSE
226 LEARN FALSE FALSE
-> show 802.1q 1/9
Acceptable Frame Type : Any Frame Type
Force Tag Internal : NA
Tagged VLANS Internal Description
-------------+-------------------------
223 Dyn VPA
225 Dyn VPA
226 Dyn VPA
192

Вам также может понравиться