BLADEOS 6.3 Application Guide
16
BMD00178, April 2010
VLAN Maps
A VLAN map (VMAP) is an Access Control List (ACL) that can be assigned to a VLAN rather
than to a switch port as with regular ACLs. In a virtualized environment, VMAPs allow you to
create traffic filtering and metering policies that are associated with a VM group VLAN, allowing
ACLs to follow VMs as they migrate between hypervisors.
VMAPs are configured from the ACL menu, available with the following CLI command:
BLADEOS 6.3 supports up to 128 VMAPs. Individual VMAP filters are configured in the same
fashion as regular ACLs, except that VLANs cannot be specified as a filtering criteria since the
filter is explicitly assigned to a VLAN by nature.
Once a VMAP filter is created, it can be assigned or removed using the following commands:
For a regular VLAN:
For a VM group:
When the optional
intports
or
extports
parameter is specified, the action to add or remove
the VMAP is applied for only the switch server ports (
intports
) or uplink ports (
extports
). If
omitted, the operation will be applied to all ports in the associated VLAN or VM group.
Note –
VMAPs have a lower priority than port-based ACLs. If both an ACL and a VMAP match a
particular packet, both filter actions will be applied as long as there is no conflict. In the event of a
conflict, the port ACL will take priority.
# /cfg/acl/vmap
<1-128>
/cfg/l2/vlan
<VLAN ID>
/vmap {add|rem}
<VMAP ID>
[intports|extports]
/cfg/virt/vmgroup
<ID>
/vmap {add|rem}
<VMAP ID>
[intports|extports]
