MAC Learning and Provisioning of VLAN

The first step in determining VLAN configuration for an identity is to learn the identity‘s MAC. For untagged traffic the port is added as untagged to a “catcher/learning” VLAN that is used to learn MACs. Identity Management (IDM) role based VLAN is not supported for tagged traffic.

Upon receiving the first packet from the identity, the following actions are completed:
  1. FDB Manager learns the identity‘s MAC and informs IDM.
  2. IDM creates an identity for the newly learned MAC and determines the role for the identity.
  3. IDM checks the role‘s configuration to see if the identities in this role need to be associated with a VLAN.
  4. If the identity in this role is associated with a VLAN tag, IDM checks to see if a VLAN with the configured tag is already present.
  5. If not, IDM creates VLAN “SYS_VLAN_<Configured-Role-VLAN-Tag>” and adds the port (on which the identity is detected) to VLAN “SYS_VLAN_<Configured-Role-VLAN-Tag>” as untagged. If a VLAN with configured tag already exists, IDM simply adds the port to the VLAN as untagged.
  6. In addition, IDM adds a MAC entry for identity‘s MAC in the hardware to classify all untagged traffic from this identity to be associated with VLAN “SYS_VLAN_<Configured-Role-VLAN-Tag>”.
  7. IDM does not explicitly add uplink ports to VLAN “SYS_VLAN_<Configured-Role-VLAN-Tag>”. It is assumed that user would have enabled MVRP on the uplink ports or the uplink ports are configured statically. Creation of the VLAN is sufficient for MVRP to advertise membership for VLAN “SYS_VLAN_<Configured-Role-VLAN-Tag>” over those ports.
  8. If no VLAN configuration exists for Role, IDM adds a MAC entry to associate identity‘s MAC with the default/base VLAN configured for the port.
Note

Note

All of the IDM enabled ports should be part of a default/base VLAN to enable IDM role based VLAN on the port.

Tagged Traffic from Identity

Note

Note

This section assumes that the IDM enabled port and the uplink ports are already added to the VLAN as tagged.
  1. FDB Manager learns the identity‘s MAC and informs IDM.
  2. IDM creates an identity for the newly learned MAC and determines the role for the identity.
  3. IDM checks the role‘s configuration to see if the identities in this role need to be associated with a VLAN.
  4. If the identity in this role is associated with a VLAN tag, IDM checks to see if a VLAN with configured tag is already present.
  5. IDM also checks if the role configured tag matches the incoming VLAN tag of the identity. If not, an EMS error is generated.

Untagged Traffic from Identity

Untagged Traffic Topology shows a topology of untagged traffic from an identity:

Click to expand in new window
Untagged Traffic Topology