[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Vlan draft - relationhip of tunnel attributes and egress-xxx attributes
Paul
How about the following? Your text has some missing 'ingress' denotes.
"The tunnel attributes used for VLAN assignment, as described in
[RFC3580], concurrently configure both the untagged ingress VLAN, also
known as the PVID, and the untagged egress VLAN, whereas Egress-VLANID
can only configure the egress VLAN ID for untagged or tagged frames.
Tunnel attributes and Egress-VLANID can be used at the same time and MAY
appear in the same RADIUS message. When using both concurrently, an
Egress-VLANID attribute is unnecessary to set the same untagged egress
VLAN set by the tunnel attributes. However, to configure an untagged
VLAN for both ingress and egress frames, the tunnel attributes of
[RFC3580] MUST be used."
MS
________________________________
From: Congdon, Paul T (ProCurve)
Sent: Thursday, April 27, 2006 8:05 PM
To: Sanchez, Mauricio (ProCurve)
Subject: RE: Vlan draft - relationhip of tunnel attributes and
egress-xxx attributes
Ooops... Here are the suggested changes I was going to make.
Word smithing expected... Replace the two paragraphs suggested with the
following.
"The tunnel attributes used for VLAN assignment described in
[RFC3580] configure both the ingress VLAN ID for untagged packets, also
know as the PVID, and the egress VLAN ID for untagged packets on that
same VLAN. The Egress-VLANID configures only the egress VLAN ID for
either tagged or untagged packets. It is not necessary to use the
Egress-VLANID attribute to configure the same untagged VLANID that the
tunnel attributes of [RFC3580] confiures. These attributes can be used
concurrently and MAY appear in the same RADIUS message. To configure an
untagged VLAN for both ingress and egress the tunnel attrubutes of
[RFC3580] MUST be used."
Paul
________________________________
From: owner-radiusext@ops.ietf.org
[mailto:owner-radiusext@ops.ietf.org] On Behalf Of Sanchez, Mauricio
(ProCurve)
Sent: Thursday, April 27, 2006 5:44 PM
To: radiusext@ops.ietf.org
Subject: Vlan draft - relationhip of tunnel attributes
and egress-xxx attributes
Relationship of tunnel attributes and egress-xxx
attributes
address: mauricio.sanchez@hp.com Date first submitted:
4/27/06
Reference: none
Document: draft-ietf-radext-vlan-04.txt
Comment type: T
Priority: S
Section: 2.1, 2.3
Rationale/Explanation of issue:
While the introduction acknowledges tunnel attributes
from rfc2868 and rfc3580, there is no guidance on their use with the
egress-vlanid and egress-vlan-name attributes. I suggest formalizing
the fact that they can be used concurrently and providing guidance on
their interaction/relationship.
Requested change:
1) To section 2.1 add the following paragraph between
the second and third paragraphs of the description section for
egress-vlanid:
"Tunnel attributes, as described in [RFC2868] and
[RFC3580], and Egress-VLANID both can be used to configure the egress
VLAN for untagged packets. These attributes can be used concurrently
and MAY appear in the same RADIUS message. When they do appear
concurrently, the list of allowed VLANs consists of the concatenation of
all Egress-VLANID attributes and the Tunnel-Private-Group-ID(81)
attribute.
Egress-VLANID does not alter the ingress VLAN untagged
traffic on a port, also known as the PVID. The tunnel attributes from
[RFC2868] and [RFC3580] should be relied upon instead to set the PVID."
2) To section 2.3 add the following paragraph between
the first and second paragraphs of the description section for
egress-vlan-name:
"Tunnel attributes, as described in [RFC2868] and
[RFC3580], and Egress-VLAN-Name both can be used to configure the egress
VLAN for untagged packets. These attributes can be used concurrently
and MAY appear in the same RADIUS message. When they do appear
concurrently, the list of allowed VLANs consists of the concatenation of
all Egress-VLAN-Name attributes and the Tunnel-Private-Group-ID(81)
attribute.
Egress-VLAN-Name does not alter the ingress VLAN for
untagged traffic on a port, also known as the PVID. The tunnel
attributes from [RFC2868] and [RFC3580] should be relied upon instead to
set the PVID."
--------------------------------------------
Mauricio Sanchez, CISSP
Network Security Architect
ProCurve Networking Business
Hewlett Packard
8000 Foothills Boulevard, ms 5557
Roseville CA, 95747-5557
916.785.1910 Tel
916.785.1815 Fax
mauricio.sanchez@hp.com
--------------------------------------------
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>