[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Review of draft-ietf-radext-vlan-02.txt
I don't think you can or should define this type of restriction. It is
completely valid behavior to allow multiple untagged VLANs on egress in
a standard 802.1Q bridge. There are certain features (e.g. private
VLANs) that would like to have this type of configuration enabled. When
'ingress filters' are enabled, this is prohibited, so there are ways to
avoid the concern you have without forcing the use of Radius to be
incompatible with the 802.1Q standard.
Here's what the Ingress-Filters attribute description says:
The Ingress-Filters attribute corresponds to the Ingress Filter
per-port variable defined in [IEEE-802.1Q] clause 8.4.5. When the
attribute has the value "Enabled", the set of VLANs that are
allowed to ingress a port must match the set of VLANs that are
allowed to egress a port.
From this text, I'd assume that it would be legal to have both
Ingress-Filters "Enabled" and multiple untagged Egress-VLANIDs/Names
attributes. Or am I missing something? If there is a usage restriction
here, I think we need to describe what it is.
to unsubscribe send a message to firstname.lastname@example.org with
the word 'unsubscribe' in a single line as the message text body.