The VLAN tab displays information about the VLAN selected in the left panel and lets you configure certain VLAN parameters. If you are using VLAN to Role mapping in your network, you can also use this tab to map the VLAN to a specific role. If you make a change on this tab, you need to enforce it.
To view this tab, select Control > Policy > VLANs and select a VLAN from the drop down.
General
This area provides general information about the VLAN and enables you to configure the VLAN.
- VID
- Unique number assigned to the VLAN, also called VID (for VLAN ID). This ID was either assigned by an administrator or assigned automatically by the system when the VLAN was created. The value can be anywhere between 1 and 4094, with VID 1 being reserved for the DEFAULT VLAN (a name for a particular VLAN, not to be confused with a role's assigned default VLAN).
- Dynamic Egress
- Dynamically add all ports which use this VLAN to this VLAN's egress list. Dynamic Egress is enabled by default in Policy Manager. Leave disabled for discard VLANs. See Dynamic Egress for more information.
- Always write VLAN to device(s)
- If the box is checked, the VLAN is written to the device whether the VLAN is being used in a rule or role, or not. If it is not checked, the VLAN is not written to the device even though it is being used in a rule or role. Enabling this option is a way of ensuring that the device is aware of a VLAN that is being used for something other than policy configuration, and it enables you to configure that VLAN for Dynamic Egress. If the Default VLAN (VID=1) is selected in the left panel, this option is checked and cannot be edited, as the default VLAN is always on the device.
NOTE: On wireless devices (for example, ExtremeWireless and ExtremeCloud Appliance), the VLAN is always written to the device if it is being used in a rule or role, regardless whether this checkbox is checked or not.
Authentication-Based VLAN to Role Mapping
Authentication-Based VLAN to Role Mapping provides a way to assign a role to a user during the authentication process, based on a VLAN Attribute. (For more information, see VLAN to Role Mapping in the Concepts help topic.) This area displays what role (if any) the VLAN is mapped to (at the device-level) and lets you configure a mapping, if desired.
- Mapped to Role
- The role to which the VLAN is mapped. To select a role, select Select, select the Assign RFC3580 VLAN -> Role Mapping radio button, choose a role in the drop-down list, and select OK.
- Select
- Opens the role Selection View, where you can choose a role to associate with the VLAN.
Tagged Packet VLAN to Role Mapping
Tagged Packet VLAN to Role Mapping provides a way to let policy-enabled devices assign a role to network traffic, based on a VLAN ID. (For more information, see VLAN to Role Mapping in the Concepts help topic.) This area displays what role (if any) the VLAN is mapped to at both the device-level and port-level, and lets you configure mappings, if desired.
| NOTE: | TCI Overwrite Requirement
Tagged Packet VLAN to Role Mapping will apply the Role definition to incoming packets using a mapped VLAN. This definition will apply a CoS and determine if the packet is discarded or permitted, and if TCI Overwrite is enabled will re-specify the VLAN ID defined by the Rule / Role Default. If TCI Overwrite is disabled, the packet will egress (if permitted by the Rule Hit) with the original VLAN ID it ingressed with. If supported by the device, you can enable TCI Overwrite for an individual role in the role's General tab. The stackable devices support rewriting the CoS values but not the VLAN ID. |
|---|
- Device Level Mapping
- The role the VLAN is mapped to at the device level (all devices). To select a role, select Select, choose a role, and select OK.
- Select
- Opens the role Selection View, where you can choose a role to associate with the VLAN at the device level.
- Primary C2/B2/D2/C3/B3/G3/C5/B5/A4 mapping
- Use this checkbox to specify that this VLAN to role mapping will be the primary mapping for C2/C3/C5 and B2/B3/B5 devices (C2 firmware version 03.02.xx and higher/B2 firmware version 02.00.16 and higher), and D2, A4, and G3 devices (G3 firmware version 6.03.xx and higher). These devices only support one device-level VLAN to role mapping. If you do not make this selection, there will be no device-level mapping for these devices.
- Port Level Mappings
- This table lists any port-level
Tagged Packet VLAN to Role Mappings configured for this VLAN. Port-level mappings override any device-level mapping.
NOTE: This functionality is not yet enabled.
For information on related help topics:
