VLAN Manipulation
Required License:
|
■
|
GigaVUE HC Series - Base License |
|
■
|
GigaVUE TA Series - Advanced Feature License |
Overview
The VLAN manipulation adds a new VLAN tag to the outgoing traffic using the user-configured VLAN value. The modified packets are then delivered according to the Flow Mapping® configurations. This process ensures that the confidentiality of outgoing traffic is maintained while allowing efficient traffic segmentation.
VLAN manipulation can be configured based on map rules and maps:
|
■
|
Rule-Based- In this method, the VLAN manipulation is configured for traffic that matches a specific rule on a map. This can be configured only for pass rules. Rule-based VLAN manipulation adds a new VLAN tag to the incoming traffic that matches the rule. The figure below illustrates how the Outer VLAN (O-VLAN) can be added to incoming traffic using the VLAN Add operation. |
|
■
|
Map-Based- In this method, VLAN manipulation is configured for traffic that qualifies under rules defined in regular by-rule maps and shared collectors. This configuration applies to all rules within the map except for drop rules. Map-based VLAN manipulation adds a new VLAN tag to the incoming traffic that matches the rule and can be applied to a deployed map. For more information, refer to the Map VLAN manipulation Source and Destination Compatibility Matrix . The figure below illustrates how the Outer VLAN (O-VLAN) can be added to the rules of the incoming traffic using the VLAN Add operation within the map-based configuration. |
Table 1: Map VLAN manipulation Source and Destination Compatibility Matrix
|
Source
|
Destination
|
Supported
|
|
Network
|
Tool/Hybrid, Tool GigaStream/Hybrid GigaStream, Tool with egress VLAN strip/Tool with egress Port filters.
|
Yes
|
|
Hybrid
|
Tool/Hybrid, Tool GigaStream/Hybrid GigaStream, Tool with egress VLAN strip/Tool with egress Port filters.
|
Yes
|
|
Network/Hybrid Port with ingress VLAN tag
|
Tool/Hybrid
|
Yes
|
|
Port-Group
|
Tool/Hybrid/GigaStream
|
Yes
|
|
Network /Hybrid
|
Port-group (without smart-lb enabled).
|
Yes
|
Note: If you have configured both map level and rule level VLAN manipulation functionality in the same map, then rule-based configuration takes priority.
Limitations
The following are the limitations of VLAN manipulation.
|
■
|
Pass-all maps are not supported. |
|
■
|
GSOP-enabled maps are not supported. |
|
■
|
VXLAN/L2GRE Encapsulation and Decapsulation Tunnels are not supported. |
|
■
|
Inline, Flex Inline maps, and OOB copy maps are not supported. |
|
■
|
First-level, second-level, and transit maps are not supported. |
|
■
|
Fabric Maps, L2 Circuit Encapsulation and Decapsulation Tunnels are not supported. |
|
■
|
MPLS, and VXLAN Header Stripping enabled-port configurations do not support this feature. |
|
■
|
VLAN manipulation is not supported in GigaVUE‑HC3 ccv1 device. |
|
■
|
VLAN manipulation with IP rewrite is not supported. |
|
■
|
Port filter with VLAN Qualifier is not supported. |
|
■
|
When VLAN manipulation with ingress VLAN Tag is configured, VLAN Manipulation will take higher precedence. |
|
■
|
When VLAN manipulation with egress VLAN Strip is configured, VLAN Manipulation will take higher precedence. |
|
■
|
If advanced VLAN manipulation is configured on either regular by-rule maps or shared collector maps, then both Passall maps or Port Pair should not use the same network ports as those deployed in regular and collector maps. Similarly, if a collector map or regular map is configured on the same network ports as a Passall map or Port Pair, VLAN manipulation should not be configured. Configuring VLAN manipulation in the above two scenarios may result in traffic discards on the destination ports of the Passall map. |
Configure VLAN Manipulation Based on Maps
To configure VLAN manipulation based on maps,
|
1.
|
On the left navigation pane, go to  > Physical > Nodes. |
|
2.
|
Select the required cluster or device. |
|
3.
|
Go to Maps and click New Map to create a new map. |
|
4.
|
Scroll down to the Map Configuration & Rules section. |
|
5.
|
From the VLAN Action drop-down list, select Add. |
|
6.
|
From the Tag Protocol Id drop-down list, select the TPID value for the VLAN Tag. The default value is 0x8100, but you can also select the other supported values 0x9100 and 0x88a8. |
|
7.
|
Click OK to complete the configuration. |
Configure VLAN Manipulation Based on Map Rules
To configure VLAN manipulation based on map rules,
|
1.
|
On the left navigation pane, go to > Physical > Nodes. |
|
2.
|
Select the required cluster or device. |
|
3.
|
Go to Maps and click New Map to create the new map. |
|
4.
|
Scroll down to Map Configuration & Rules section. |
|
5.
|
Under Map Rules, click Add a Rule. |
|
6.
|
In the Rule Description field, enter a rule description. |
|
7.
|
From the VLAN Action field, select Add. |
|
8.
|
In the VLAN ID field, enter a VLAN ID value between 1 and 4095. |
|
9.
|
From the Tag Protocol Id drop-down list, select the TPID value for the VLAN Tag. The default value is 0x8100, but you can also select the other supported values 0x9100 and 0x88a8 from the drop-down list. |
|
10.
|
Click OK to complete the configuration. |
To configure VLAN manipulation using GigaVUE-OS CLI, refer to the “Configure VLAN Manipulation” section in the GigaVUE-OS CLI Reference Guide.
