This feature adds support for the EXOS ACL match criteria "cvid." It provides the ability to specify access-lists that filter on the inner-VLAN-id field of a double tagged packet, the customer VLAN id field of a single tagged packet entering a VMAN UNI/CEP port, or the port-cvid inserted into an untagged packet entering a VMAN UNI port. You can use this feature to perform service-level, or customer-level (cvid) rate-limiting and accounting.
You can utilize this match criteria in the following scenarios:
create vman vm1 tag 100 config vman vm1 add port 1 cep cvid 7 translate 8 config vman vm1 add port 2 tagNow consider the following ACL policy applied to "access" port 1:
test.pol: entry one { if { cvid 7; } then { count count7; } } entry two { if { cvid 8; } then { count count8; } } config access-list test port 1 config access-list test port 1 egressThis results in "count8" incrementing for ingress, and "count7" incrementing on egress.
Here is another example policy:
entry one { if{ cvid 7; vlan-id 100; #SVID } then { count foo; } }
And here's an example that allow you to perform service-level, or customer-level (cvid) rate-limiting and accounting:
doubletag.pol: entry customer1 { if{ cvid 8; } then{ count cust1; } } create vman vm1 tag 100 config vman vm1 add port 21 config vman vm1 add port 22 tag config access-list doubletag port 21 config access-list doubletag port 21 egress
The CVID ACL match criteria support has the following limitations:
CVID ACl match criteria is supported on all platforms.