Table of Contents
Advertisement
Configuring Access Guardian
Edge Switch Configuration Guidelines
Consider the following information and guidelines provided in this section when configuring a Guest
Tunneling endpoint on an edge switch.
UNP Profile Mapping
•
A Guest Tunneling endpoint is defined on an edge switch through the configuration of a UNP profile
that is mapped to L2 GRE tunnel service parameter values.
•
The L2 GRE service parameter values defined in the profile mapping are used to dynamically create a
tunnel service, a SAP, and SDP for the L2 GRE tunnel. It is not necessary to manually configure the
service, SAP, or SDP to define a tunnel endpoint on the switch.
•
Only one guest tunnel endpoint is allowed on each switch; therefore, only one UNP profile mapped to
an L2 GRE tunnel service is allowed.
•
A GRE tunnel Virtual Private Network ID (VPNID), VLAN tag, and a far-end IP address or far-end
list name are all required values when configuring the L2 GRE tunnel service mapping for a UNP
profile.
•
A VPNID serves as a guest tunnel ID and is associated with an L2 GRE service ID.
– Make sure the VPNID value configured on the edge switch matches the corresponding VPNID
value configured on the GTTS.
– The use of a VPNID is similar to how a VXLAN Network Identifier (VNID) is used to identify a
segment of a VXLAN service; the VPNID identifies a segment of a guest tunnel service and is used
in the GRE encapsulation header.
•
Specify zero for the VLAN tag value. Guest traffic entering the tunnel must be untagged; a zero tag
value will ensure that only untagged traffic enters the tunnel.
•
The far-end IP address should be the IP address of the Loopback0 interface on the GTTS. It is also
possible to create an IP address list and specify the name of the list for this parameter value. However,
only one IP address is supported at this time.
Dynamically Created L2 GRE Service Objects
Based on the L2 GRE tunnel service parameters mapped to the UNP guest profile, a guest tunnel service,
SAP, and SDP is dynamically created to tunnel the device traffic through the network to the GTTS.
•
The dynamic L2 GRE SAP is not based on a VLAN tag; traffic is not mapped to the SAP based on the
VLAN tag of the traffic. Instead, all source MAC addresses of the guest devices are mapped to the
SAP associated with the L2 GRE profile. The SAP serves as a Source Virtual Port (SVP) for all MAC
addresses identified as guest devices.
•
Guest Tunneling service IDs are dynamically allocated for the L2 GRE profile SAP, similar to how
SPB and VXLAN services are dynamically allocated for UNP SPB and VXLAN SAPs.
•
Guest Tunneling services do not support multicast modes. By default, all Broadcast, Unknown Unicast,
and Multicast (BUM) traffic is replicated by sending a copy to each far-end node over unicast SDPs.
This is similar to how the head-end multicast mode works.
•
Unicast SDPs to the GTTS are automatically created using the far-end IP address specified in the UNP
profile mapping and the reachability of that address in the Layer 3 network. The SDP serves as a
Destination Virtual Port (DVP) for all of the MAC addresses identified as guest devices.
•
Guest Tunneling supports only unicast SDPs; multicast SDPs are not supported. The SDP ID number
for unicast SDPs is dynamically allocated.
OmniSwitch AOS Release 8 Network Configuration Guide
December 2017
Using Guest Tunneling
page 28-85
- Quick Links:
- Ethernet Port Defaults
Hide quick links:
Advertisement
Table of Contents
