Table of Contents
Advertisement
Configuring Access Guardian
Dynamic profiles are saved in the switch configuration, and profile attributes are configurable in the same
manner as manually created profiles.
Dynamic SAP Configuration
When device traffic is assigned to a service profile, UNP first checks the switch configuration to see if a
Service Access Point (SAP) already exists for the VLAN tag and other service profile attribute values that
are specific to the type of service profile (SPB or VXLAN). If a SAP already exists with these values, the
device traffic is classified into that SAP. If a SAP does not exist, the switch dynamically creates one based
on the following SPB or VXLAN service profile attributes:
•
A VLAN tag—This value determines the encapsulation value for the SAP (when set to zero, the
VLAN ID tag of the traffic is used).
•
An SPB Service Instance ID (I-SID)—This value is specified when configuring an SPB service
mapping for a UNP profile. An I-SID is associated with an SPB service ID that is assigned to a UNP
access port to form a SAP. If the I-SID value specified does not exist, the switch will dynamically
create the I-SID and associated SPB service ID. After that, the SAP is dynamically configured using
the dynamically created service ID.
•
An SPB Backbone VLAN (BVLAN) ID—This value is specified when configuring an SPB service
mapping for a UNP profile. A BVLAN serves as a transport VLAN for an SPB service instance
associated with the SAP. If the BVLAN ID specified does not exist, the dynamic SAP is not created.
•
A VXLAN Network ID (VNID)—This value is specified when configuring a VXLAN service
mapping for a UNP profile. A VNID is associated with a VXLAN service ID that is assigned to a UNP
access port to form a SAP. If the VNID value specified does not exist, the switch will dynamically
create the VNID and associated VXLAN service ID. After that, the SAP is dynamically configured
using the dynamically created service ID.
•
A multicast group address and/or a far-end IP address list—These values are specified when
configuring a VXLAN service mapping for a UNP profile. It is possible to configure one or both of
these values for the same service mapping.
– A multicast group address identifies the IP address of the multicast group in which the VXLAN
service will participate.
– A far-end IP address list contains a list of IP addresses that are used to dynamically create service
distribution points (SDPs) for the VXLAN service. Each address represents a VXLAN tunnel
endpoint (VTEP).
Allowing incoming traffic to trigger the switch to dynamically create a SAP reduces the amount of manual
configuration required. This capability is similar to configuring UNP to dynamically create a VLAN based
on the 802.1Q-tag of the device traffic.
Notes.
•
Dynamically creating services and related SAPs is subject to available switch resources. If an attempt
to dynamically create a service or SAP fails for any reason, the MAC addresses classified for the
service profile are learned as filtering.
•
Dynamically created SAPs are not saved to the switch configuration file.
System Default Profiles
To further automate SAP configuration, UNP also supports dynamically creating a "System Default"
service profile for traffic received on UNP access ports that is not classified into a user-defined UNP
service profile. A System Default profile specifies the attributes used to dynamically create an SPB SAP
or a VXLAN SAP for the traffic.
OmniSwitch AOS Release 8 Network Configuration Guide
December 2017
Access Guardian Overview
page 28-19
- Quick Links:
- Ethernet Port Defaults
Hide quick links:
Advertisement
Table of Contents
