[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Vlan draft - relationhip of tunnel attributes and egress-xxx attributes

To: "Congdon, Paul T (ProCurve)" <paul.congdon@hp.com>
Subject: RE: Vlan draft - relationhip of tunnel attributes and egress-xxx attributes
From: "Sanchez, Mauricio (ProCurve)" <mauricio.sanchez@hp.com>
Date: Fri, 28 Apr 2006 09:51:23 -0700
Cc: <radiusext@ops.ietf.org>

Paul

How about the following?  Your text has some missing 'ingress' denotes. 
 
"The tunnel attributes used for VLAN assignment, as described in
[RFC3580], concurrently configure both the untagged ingress VLAN, also
known as the PVID, and the untagged egress VLAN, whereas Egress-VLANID
can only configure the egress VLAN ID for untagged or tagged frames.
Tunnel attributes and Egress-VLANID can be used at the same time and MAY
appear in the same RADIUS message. When using both concurrently, an
Egress-VLANID attribute is unnecessary to set the same untagged egress
VLAN set by the tunnel attributes. However, to configure an untagged
VLAN for both ingress and egress frames, the tunnel attributes of
[RFC3580] MUST be used."

MS
________________________________

	From: Congdon, Paul T (ProCurve) 
	Sent: Thursday, April 27, 2006 8:05 PM
	To: Sanchez, Mauricio (ProCurve)
	Subject: RE: Vlan draft - relationhip of tunnel attributes and
egress-xxx attributes
	
	
	Ooops... Here are the suggested changes I was going to make.
Word smithing expected... Replace the two paragraphs suggested with the
following.
	 
	"The tunnel attributes used for VLAN assignment described in
[RFC3580] configure both the ingress VLAN ID for untagged packets, also
know as the PVID, and the egress VLAN ID for untagged packets on that
same VLAN.   The Egress-VLANID configures only the egress VLAN ID for
either tagged or untagged packets.  It is not necessary to use the
Egress-VLANID attribute to configure the same untagged VLANID that the
tunnel attributes of [RFC3580] confiures.  These attributes can be used
concurrently and MAY appear in the same RADIUS message.  To configure an
untagged VLAN for both ingress and egress the tunnel attrubutes of
[RFC3580] MUST be used."
	 
	Paul


________________________________

		From: owner-radiusext@ops.ietf.org
[mailto:owner-radiusext@ops.ietf.org] On Behalf Of Sanchez, Mauricio
(ProCurve)
		Sent: Thursday, April 27, 2006 5:44 PM
		To: radiusext@ops.ietf.org
		Subject: Vlan draft - relationhip of tunnel attributes
and egress-xxx attributes
		
		

		Relationship of tunnel attributes and egress-xxx
attributes 
		address: mauricio.sanchez@hp.com Date first submitted:
4/27/06 
		Reference: none 
		Document: draft-ietf-radext-vlan-04.txt 
		Comment type: T 
		Priority: S 
		Section: 2.1, 2.3 
		Rationale/Explanation of issue: 
		While the introduction acknowledges tunnel attributes
from rfc2868 and rfc3580, there is no guidance on their use with the
egress-vlanid and egress-vlan-name attributes.  I suggest formalizing
the fact that they can be used concurrently and providing guidance on
their interaction/relationship.

		Requested change: 

		1) To section 2.1 add the following paragraph between
the second and third paragraphs of the description section for
egress-vlanid:

		"Tunnel attributes, as described in [RFC2868] and
[RFC3580], and Egress-VLANID both can be used to configure the egress
VLAN for untagged packets.  These attributes can be used concurrently
and MAY appear in the same RADIUS message.  When they do appear
concurrently, the list of allowed VLANs consists of the concatenation of
all Egress-VLANID attributes and the Tunnel-Private-Group-ID(81)
attribute. 

		Egress-VLANID does not alter the ingress VLAN untagged
traffic on a port, also known as the PVID.  The tunnel attributes from
[RFC2868] and [RFC3580] should be relied upon instead to set the PVID."


		2) To section 2.3 add the following paragraph between
the first and second paragraphs of the description section for
egress-vlan-name:

		"Tunnel attributes, as described in [RFC2868] and
[RFC3580], and Egress-VLAN-Name both can be used to configure the egress
VLAN for untagged packets.  These attributes can be used concurrently
and MAY appear in the same RADIUS message.  When they do appear
concurrently, the list of allowed VLANs consists of the concatenation of
all Egress-VLAN-Name attributes and the Tunnel-Private-Group-ID(81)
attribute. 

		Egress-VLAN-Name does not alter the ingress VLAN for
untagged traffic on a port, also known as the PVID.  The tunnel
attributes from [RFC2868] and [RFC3580] should be relied upon instead to
set the PVID."


		-------------------------------------------- 
		Mauricio Sanchez, CISSP 
		Network Security Architect 
		ProCurve Networking Business 
		Hewlett Packard 
		8000 Foothills Boulevard, ms 5557 
		Roseville CA, 95747-5557 

		916.785.1910 Tel 
		916.785.1815 Fax 
		mauricio.sanchez@hp.com 
		--------------------------------------------   


--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

Prev by Date: FW: Vlan draft - relationhip of tunnel attributes and egress-xxx attributes
Next by Date: RE: Vlan draft - relationhip of tunnel attributes and egress-xxx attributes
Previous by thread: RE: FW: Vlan draft - relationhip of tunnel attributes and egress-xxx attributes
Next by thread: RE: Vlan draft - relationhip of tunnel attributes and egress-xxx attributes
Index(es):
- Date
- Thread