Vlan maps – Blade ICE BLADEOS BMD00178 User Manual

BLADEOS 6.3 Application Guide

16

BMD00178, April 2010

VLAN Maps

A VLAN map (VMAP) is an Access Control List (ACL) that can be assigned to a VLAN rather
than to a switch port as with regular ACLs. In a virtualized environment, VMAPs allow you to
create traffic filtering and metering policies that are associated with a VM group VLAN, allowing
ACLs to follow VMs as they migrate between hypervisors.

VMAPs are configured from the ACL menu, available with the following CLI command:

BLADEOS 6.3 supports up to 128 VMAPs. Individual VMAP filters are configured in the same
fashion as regular ACLs, except that VLANs cannot be specified as a filtering criteria since the
filter is explicitly assigned to a VLAN by nature.

Once a VMAP filter is created, it can be assigned or removed using the following commands:

For a regular VLAN:

For a VM group:

When the optional

intports

or

extports

parameter is specified, the action to add or remove

the VMAP is applied for only the switch server ports (

intports

) or uplink ports (

extports

). If

omitted, the operation will be applied to all ports in the associated VLAN or VM group.

Note –

VMAPs have a lower priority than port-based ACLs. If both an ACL and a VMAP match a

particular packet, both filter actions will be applied as long as there is no conflict. In the event of a
conflict, the port ACL will take priority.

# /cfg/acl/vmap

<1-128>

/cfg/l2/vlan

<VLAN ID>

/vmap {add|rem}

<VMAP ID>

[intports|extports]

/cfg/virt/vmgroup

<ID>

/vmap {add|rem}

<VMAP ID>

[intports|extports]