VLAN Manipulation
The VLAN manipulation adds a new VLAN tag to the outgoing traffic with the user-configured VLAN value. The modified packets are then delivered as per Flow Mapping® configurations. This allows the user to maintain the confidentiality of the outgoing traffic.
VLAN manipulation can be enabled in two ways:
| Rule based- The VLAN manipulation functionality is enabled for traffic that qualifies as a specific rule on a map. This can be enabled only for pass rules. Rule based VLAN manipulation adds a new VLAN tag to the incoming traffic that matches the rule. |
| Map Based- The VLAN manipulation functionality is enabled for traffic that qualifies any of the rules configured in regular by-rule maps and shared collectors. The configuration applies to all the rules that are part of the map except for drop rules. Map-based VLAN manipulation adds a new VLAN tag to the incoming traffic that matches the rule and can also be applied to a deployed map. Refer to Map VLAN manipulation Source and Destination Compatibility Matrix for more information. |
Table 1: Map VLAN manipulation Source and Destination Compatibility Matrix
|
Source |
Destination |
Supported |
|---|---|---|
|
Network |
Tool/Hybrid, Tool GigaStream/Hybrid GigaStream, Tool with egress VLAN strip/Tool with egress Port filters. |
Yes |
|
Hybrid |
Tool/Hybrid, Tool GigaStream/Hybrid GigaStream, Tool with Egress VLAN strip/Tool with egress Port filters. |
Yes |
|
Network with L2GRE/VXLAN enabled |
L2GRE/VXLAN Encapsulation Tunnel |
No |
|
Network with VXLAN Header Strip enabled Port/MPLS Header Strip |
Tool/Hybrid |
No |
|
Network Port with ingress VLAN tag |
Tool/Hybrid |
Yes |
|
Network |
L2 Circuit Encapsulation Tunneling |
No |
|
L2-Circuit Tunnel |
Tool/Hybrid/GigaStream |
No |
|
VXLAN/L2GRE Tunnel decapsulation with IP interface |
Tool/Hybrid/GigaStream |
No |
|
Port-Group |
Tool/Hybrid/GigaStream |
Yes |
|
Network /Hybrid |
Port-group (without smart-lb enabled). |
Yes |
Note: If you have configured both map level and rule level VLAN manipulation functionality in the same map, then rule-based configuration takes priority.
Configuring VLAN manipulation
| 1. | To enable VLAN manipulation functionality through GigaVUE-FM: |
| a. | Map-based Configuration- To configure VLAN manipulation based on maps, follow the below steps: |
| • | Navigate to  > Physical > Nodes. |
| • | Select the required cluster or device. Navigate to Maps and click create New Map. Scroll down to Map Configuration & Rules. |
| • | Under Configuration, enable the ‘Address Rewrite’ checkbox If you want to configure the MAC address. |
| • | Select the Add option from the VLAN Action field. |
| • | Enter a VLAN ID value between 1 and 4095 in the VLAN ID field. |
| • | Select the TPID for the VLAN Tag. The default value of TPID is 0x8100. Select the other supported values 0x9100 and 0x88a8 from the drop-down list. |
| • | Click on OK to complete the configuration. |
| b. | Rule based Configuration- To configure VLAN manipulation based on map rules, follow the below steps: |
| • | Navigate to > Physical > Nodes. |
| • | Select the required cluster or device. Navigate to Maps and click create New Map. Scroll down to Map Configuration & Rules. |
| • | Under Map Rules, click Add a Rule. |
| • | Enter the description of the rule in the Rule Description field. |
| • | Select the Add option from the VLAN Action field. |
| • | Enter a VLAN ID value between 1 and 4095 in the VLAN ID field. |
| • | Select the TPID for the VLAN Tag. The default value of TPID is 0x8100. Select the other supported values 0x9100 and 0x88a8 from the drop-down list. |
| • | Click on OK to complete the configuration. |
| 2. | To enable VLAN manipulation through GigaVUE-OS -CLI enter the map prefix mode with the command config map alias<map> and then enter any one of the following commands such as: |
vlan-op add <vlan id> tpid <value>
no vlan-op
Refer to the GigaVUE-OS CLI Reference Guide for more information.
License
You do not need a license to enable this feature for the GigaVUE HC Series. To enable this feature for the GigaVUE TA Series ensure you have an Advanced Features License.
Limitations
The following are the limitations of VLAN manipulation.
| Pass-all maps are not supported. |
| GSOP-enabled maps are not supported. |
| VXLAN/L2GRE Encapsulation and decapsulation tunnels are not supported |
| Inline, Flex Inline maps, and OOB copy maps are not supported. |
| First-level, second-level, and transit maps are not supported. |
| Fabric Maps, L2 Circuit Tunnel Encapsulation, MPLS, and VXLAN header stripping enabled-port configurations do not support this feature. |
| VLAN manipulation is not supported in GigaVUE‑HC3 ccv1 device. |
| VLAN manipulation with IP rewrite is not supported. |
| The cluster is not supported. |
| Port filter with VLAN Qualifier is not supported. |
| When VLAN manipulation with ingress VLAN Tag is configured, VLAN Manipulation will take higher precedence. |
| When VLAN manipulation with egress VLAN Strip is configured, VLAN Manipulation will take higher precedence. |
