RE: Review of draft-ietf-radext-vlan-02.txt

["Bernard Aboba" <bernard_aboba@hotmail.com>]

> I don't think you can or should define this type of restriction.  It is
> completely valid behavior to allow multiple untagged VLANs on egress in
> a standard 802.1Q bridge.  There are certain features (e.g. private
> VLANs) that would like to have this type of configuration enabled.  When
> 'ingress filters' are enabled, this is prohibited, so there are ways to
> avoid the concern you have without forcing the use of Radius to be
> incompatible with the 802.1Q standard.

Here's what the Ingress-Filters attribute description says:

     The Ingress-Filters attribute corresponds to the Ingress Filter
     per-port variable defined in [IEEE-802.1Q] clause 8.4.5.  When the
     attribute has the value "Enabled", the set of VLANs that are
     allowed to ingress a port must match the set of VLANs that are
     allowed to egress a port.

From this text, I'd assume that it would be legal to have both 
Ingress-Filters "Enabled" and multiple untagged Egress-VLANIDs/Names 
attributes.  Or am I missing something?  If there is a usage restriction 
here, I think we need to describe what it is.



--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>