Network Service Identifier Mappings

A Network Service Identifier (NSI) or Individual Service Identifier (ISID) to VLAN mapping entered into the database remains until one of the following events occurs:
There are three ways to configure an NSI/ISID mapping: CLI, LLDP, or RADIUS/Policy/NetLogin. The Fabric Attach feature only allows a one-to-one mapping of NSI/ISID to VLAN. However, it is possible for a mapping made through the CLI to conflict with mappings requested by a Fabric Attach client or by RADIUS. Conflicting mappings from multiple sources are resolved in the following precedence order (highest to lowest):
  1. CLI (see Configuring Fabric Attach).
  2. LLDP client request. (see LLDP).
  3. RADIUS/Policy/NetLogin (see RADIUS/Policy/NetLogin).
Note

Note

When operating as a Fabric Attach server, this precedence order is not observed, only the last request is accepted.

This precedence is implemented by sending only the highest precedence mapping for each VLAN to the Fabric Attach server in the Fabric Attach Assignment TLV. If the highest precedence mapping changes, the prior highest precedence mapping is no longer be sent to the Fabric Attach server and it is replaced with the "new" highest priority mapping. The Fabric Attach server rejects the new mapping until the prior mapping times out of the Fabric Attach server's database.

When a VLAN to NSI/ISID mapping is requested by a Fabric Attach client, LLDP determines if the requested mapping conflicts with an existing client or CLI manual mapping. If this is the first client-requested mapping for a VLAN, it is added to the LLDP database with a “pending” status and is added to the list of mappings that are sent to the Fabric Attach server.

Conflicts between mapping requests from the same source are handled as follows: A conflict arises when different NSI values are requested for a VLAN. When a conflict arises between Fabric Attach client requests, the NSI with the lowest numerical value is retained, overwriting the previous client requested value for the VLAN. This reduces flip-flopping between competing values, since these mappings are continuously requested by Fabric Attach clients through LLDP. The conflict is resolved when all Fabric Attach clients have been configured to request the same mapping. After the incorrect mapping is no longer requested by any Fabric Attach client, it times out of the database and is replaced by the correct value from the next Fabric Attach client request. The timeout value for the database on the FA proxy is 240 seconds and is not configurable. When a conflict arises because of RADIUS requests, the last NSI value received is used, overwriting any previous NSI from RADIUS for this VLAN. After the RADIUS configuration has been corrected so that authentications return the correct NSI value, the correct mapping is then provided by the next user authentication. RADIUS can be configured to re-authenticate users periodically, but this is not required and if there is no change to the data for a user, RADIUS provides no notification. Since RADIUS does not provide periodic confirmation of the mappings it has requested, these mappings do not time out.