Ingress Port VLAN Tag Limitations
The following sections describe limitations of ingress port VLAN tagging:
Second Level Maps |
Double-Tagged Packets |
IP Interfaces |
Second Level Maps
VLAN tagging is not supported for second level maps, which are maps from a virtual port (vport).
For tagged network ports, if the ingress traffic is going to a second level map, the packets will not be tagged at the egress ports of the second level map. This is a limitation of GigaSMART operations using maps with vports.
Double-Tagged Packets
If incoming packets already have two VLAN tags, such as with Q-in-Q, the addition of a third VLAN tag can cause problems with the following:
Layer 3/Layer 4 filtering |
GigaStream hashing (all packets may be sent to only one tool port) |
IP Interfaces
For IP interfaces, a VLAN tag added at the network port of the encapsulation path (n1 in Figure 1) will become part of the payload going to the decapsulation path. But a VLAN tag added at the network port of the decapsulation path (n2 in Figure 1) will be available at the end tool port for filtering (t2 in Figure 1).
Refer to Figure 1 IP Interfaces. VLAN tag (vlan1) added at the encap network port (n1) is encapsulated in the tunnel payload and cannot be used for filtering at the decap side. VLAN tag (vlan2) added at the decap network port (n2) can be used in a filter rule to send packets to tool port (t2).
Figure 14 | IP Interfaces |