[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Vlan draft - relationhip of tunnel attributes and egress-xxx attributes



Title: Vlan draft - relationhip of tunnel attributes and egress-xxx attributes

Relationship of tunnel attributes and egress-xxx attributes
address: mauricio.sanchez@hp.com Date first submitted: 4/27/06
Reference: none
Document: draft-ietf-radext-vlan-04.txt
Comment type: T
Priority: S
Section: 2.1, 2.3
Rationale/Explanation of issue:
While the introduction acknowledges tunnel attributes from rfc2868 and rfc3580, there is no guidance on their use with the egress-vlanid and egress-vlan-name attributes.  I suggest formalizing the fact that they can be used concurrently and providing guidance on their interaction/relationship.

Requested change:

1) To section 2.1 add the following paragraph between the second and third paragraphs of the description section for egress-vlanid:

"Tunnel attributes, as described in [RFC2868] and [RFC3580], and Egress-VLANID both can be used to configure the egress  VLAN for untagged packets.  These attributes can be used concurrently and MAY appear in the same RADIUS message.  When they do appear concurrently, the list of allowed VLANs consists of the concatenation of all Egress-VLANID attributes and the Tunnel-Private-Group-ID(81) attribute.

Egress-VLANID does not alter the ingress VLAN untagged traffic on a port, also known as the PVID.  The tunnel attributes from [RFC2868] and [RFC3580] should be relied upon instead to set the PVID."


2) To section 2.3 add the following paragraph between the first and second paragraphs of the description section for egress-vlan-name:

"Tunnel attributes, as described in [RFC2868] and [RFC3580], and Egress-VLAN-Name both can be used to configure the egress VLAN for untagged packets.  These attributes can be used concurrently and MAY appear in the same RADIUS message.  When they do appear concurrently, the list of allowed VLANs consists of the concatenation of all Egress-VLAN-Name attributes and the Tunnel-Private-Group-ID(81) attribute.

Egress-VLAN-Name does not alter the ingress VLAN for untagged traffic on a port, also known as the PVID.  The tunnel attributes from [RFC2868] and [RFC3580] should be relied upon instead to set the PVID."


--------------------------------------------
Mauricio Sanchez, CISSP
Network Security Architect
ProCurve Networking Business
Hewlett Packard
8000 Foothills Boulevard, ms 5557
Roseville CA, 95747-5557

916.785.1910 Tel
916.785.1815 Fax
mauricio.sanchez@hp.com
--------------------------------------------