Services

The Services tab displays virtual routing and forwarding functionality configured as part of a service application, the virtual local area networks defined for the service application, as well as all of the services included in a service application or all of the services included in a service definition, depending if you select a service application or a service definition in the left-panel, respectively.

The Services tab is included in the Sites tab.

The Services tab includes three tables:

VRF Definition — Create and configure VRF (Virtual Routing and Forwarding) definitions for the service application. VRFs allow for networking paths to be segmented without using multiple devices.
VLAN Definition — Create and configure VLAN (Virtual Local Area Network) definitions for the service application.
L2 VSN — Configure the L2 Virtual Services Networks (VSNs).
L3 VSN — Configure the L3 Virtual Services Networks (VSNs).

VRF Definition

The VRF Definition table allows you to configure virtual routing and forwarding definitions included as part of the service.

Name: The name of the VRF definition.

VRF ID: The ID number assigned to the VRF definition.

VLAN Definition

The VLAN Definition table allows you to configure virtual local area network definitions included as part of the service.

Name: The name of the VLAN definition.

VID: The ID number assigned to the VLAN.

VRF ID: The ID number assigned to the VRF definition.

Multicast: Indicates the service sends IP packets to a group of hosts on the network.

IGMP Version: Indicates which version of IGMP is utilized on the port (Version 1 or Version 2).

IGMP Querier: The address of the IGMP Querier. This feature is used when there is no multicast router in the VLAN to originate the queries.

Querier Enable: Indicates whether an IGMP Query is enabled.

Virtual Routing

Displays the version of VRRP the default gateway is using:

NONE — Virtual routing is not configured on the VLAN.
VRRPv2 — VRRP version 2 is configured on the VLAN. VRRP version 2 only supports IP addresses in IPv4 format.
VRRPv3 — VRRP version 3 is configured on the VLAN. VRRP version 3 supports IP addresses in both IPv4 and IPv6 formats.
DvR - DvR functionality is configured on the VLAN.

NOTE:

Virtual Routing is only supported on VOSS/Fabric Engine devices.

Virtual Routing Enable: Indicates whether virtual routing is enabled for the VLAN.

Virtual Routing Address: The IP address for the virtual routing interface. The Virtual Routing address must be in the same subnet as the VLAN subnet address.

VRRP ID: An identifier devices use to determine peer devices that participate in a virtual routing interface.

VRRP Priority: A value used by VRRP peers to determine the role of each of the devices in the VLAN. The default value is 100. The device with the largest value is assigned the role of Master. For example, in a VLAN with two routers, one with a VRRP Priority of 200 and one with a VRRP Priority of 100, the router with a VRRP Priority of 200 becomes the Master. In the event of identical priority numbers, the devices use the MAC address to determine priority.

VRRP Backup Master: This option determines if the backup router is able to forward traffic independently outside of the VLAN (enabled), or must forward the traffic to the Master router before it is forwarded outside of the VLAN (disabled).

VRRP Advertisement Interval: Indicates frequency (in seconds) that protocol packets are sent from the virtual router in the VLAN.

VRRP Hold Down Timer: Indicates the amount of time (in hundredths of a second) that the backup router waits for the primary router to respond before it becomes the primary router.

DHCP Snooping: Indicates whether DHCP snooping is enabled for the VLAN. DHCP Snooping is a Layer 2 security feature, that provides network security by filtering untrusted DHCP messages received from the external network causing traffic attacks within the network. DHCP Snooping is based on the concept of trusted versus untrusted switch ports. Switch ports configured as trusted can forward DHCP Replies, and the untrusted switch ports cannot. DHCP Snooping acts like a firewall between untrusted hosts and DHCP servers.

ARP Inspection

Indicates whether ARP inspection is enabled. Dynamic ARP Inspection (DAI) is a security feature that validates ARP packets in the network. Without DAI, a malicious user can attack hosts, switches, and routers connected to the Layer 2 network by poisoning the ARP caches of systems connected to the subnet, and intercepting traffic intended for other hosts on the subnet. DAI prevents these attacks by intercepting, logging, and discarding the ARP packets with invalid IP to MAC address bindings. The switch dynamically builds the address binding table from the information gathered from the DHCP requests and replies when DHCP Snooping is enabled. The switch pairs the MAC address from the DHCP request with the IP address from the DHCP reply to create an entry in the DHCP binding table. When you enable DAI, the switch filters ARP packets on untrusted ports based on the source MAC and IP addresses seen on the switch port. The switch forwards an ARP packet when the source MAC and IP address matches an entry in the address binding table. Otherwise, the switch drops the ARP packet.

NOTE:

DHCP Snooping must be enabled to use ARP Inspection.

Service Application Name

The Service Application Name table displays all of the services included in a service application or all of the services included in a service definition, depending if you select a service application or a service definition in the left-panel, respectively. The Services tab is included in the Sites tab.

Services are created within service applications. You can include multiple services within an application. Service applications are then included within service definitions. You can also include multiple service applications within a service definition. A service definition that includes a complete set of services is then assigned to a site, which configures the fabric-enabled devices within that site.

The Services tab is only configurable when you select a service application. The services displayed when selecting a service definition are read-only.

L2 VSN

Name

The name of the Layer 2 service.

Service ID

The I-SID, which is the system-defined ID number assigned to the fabric service.

UNI Type

The User-Network-Interface (UNI) of the fabric service. The following interface types are available:

Switched — A VLAN-ID and a port (VID, port) mapped to a Layer 2 VSN I-SID. With UNI type, VLAN-IDs can be reused on other ports and mapped to different ISIDs.
Transparent - A physical port maps to a Layer 2 VSN I-SID (all traffic through the port, 802.1Q tagged or untagged, ingress and egress maps to the I-SID).

NOTE:

All VLANs on a Transparent Port UNI interface now share the same single MAC learning table of the Transparent Port UNI I-SID.

CVLAN — a platform customer VLAN-ID.

VLAN

The customer VLAN-ID of the associated CVLAN UNI type.

CVID: Specifies the customer VLAN ID of the associated switched UNI port.

Management Service: Defines is the L2 VSN is used for switch management purposes.

AutoSense Service Type

Defines if the L2 VSN service is auto-assigned by the switch-level AutoSense detection. The following types are available:

AP Untagged — If the AutoSense feature detects Access Point, then this service is automatically assigned to the port.
Camera Untagged — If the AutoSense feature detects Camera then this service is automatically assigned to the port.
Voice Untagged — If the AutoSense feature detects a VoIP device then this service is automatically assigned to the port.
Voice Tagged — If the AutoSense feature detects a VoIP device then this service is automatically assigned to the port.
Proxy Switch Auth Tagged — If the AutoSense feature detects a Fabric Attach switch capable of authenticating (ERS devices) then this service is automatically assigned to the port.
Proxy Switch No Auth Untagged — If the AutoSense feature detects a Fabric Attach switch is not capable of authenticating (EXOS/Switch Engine devices) then this service is automatically assigned to the port.
Proxy Switch Auth & Proxy Switch No Auth — If the AutoSense feature detects any physical Fabric Attach switch (ERS/EXOS/Switch Engine device) then this service is automatically assigned to the port.
Data Untagged — If the AutoSense feature does not detect a device type then this service is automatically assigned to the port.
None — AutoSense is not related to this L2VSN service.

NOTE:

Each AutoSense Service Type can only be used once on a switch. The switch cannot use two different service IDs with the same AutoSense Service Type.

AutoSense Service CVID: The AutoSense Service CVID value defines the 802.1q VLAN tag sent from the switch to the device. If the AutoSense Service Type is Voice Tagged or Proxy Switch Auth Tagged or Proxy Switch Auth & Proxy Switch No Auth then AutoSense Service CVID must be defined. The value range is 1-4094.

Port Template: If the UNI Type is Switched or Transparent you can select from the Global Port templates to define the purpose of the port.

L3 VSN

Name: The name of the Layer 3 service.

Service ID: The I-SID, which is the system-defined ID number assigned to the service.

VRF: Select the virtual routing and forwarding definition included as part of the service.

Multi Cast: Select to indicate that the service sends IP packets to a group of hosts on the network.

Unicast: Select to indicate that the service sends IP packets to a single recipient on the network.

Direct Route: Select to indicate that the service sends IP packets directly to another device without going through a third device.

Related Information

For information on related help topics: