[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Vlan draft - relationhip of tunnel attributes and egress-xxx attributes
The first sentence is a little long and could probably be split at the
'whereas' part, but otherwise this sounds good to me.
> -----Original Message-----
> From: Sanchez, Mauricio (ProCurve)
> Sent: Friday, April 28, 2006 9:51 AM
> To: Congdon, Paul T (ProCurve)
> Cc: radiusext@ops.ietf.org
> Subject: RE: Vlan draft - relationhip of tunnel attributes
> and egress-xxx attributes
>
> Paul
>
> How about the following? Your text has some missing
> 'ingress' denotes.
>
> "The tunnel attributes used for VLAN assignment, as described
> in [RFC3580], concurrently configure both the untagged
> ingress VLAN, also known as the PVID, and the untagged egress
> VLAN, whereas Egress-VLANID can only configure the egress
> VLAN ID for untagged or tagged frames. Tunnel attributes and
> Egress-VLANID can be used at the same time and MAY appear in
> the same RADIUS message. When using both concurrently, an
> Egress-VLANID attribute is unnecessary to set the same
> untagged egress VLAN set by the tunnel attributes. However,
> to configure an untagged VLAN for both ingress and egress
> frames, the tunnel attributes of [RFC3580] MUST be used."
>
> MS
> ________________________________
>
> From: Congdon, Paul T (ProCurve)
> Sent: Thursday, April 27, 2006 8:05 PM
> To: Sanchez, Mauricio (ProCurve)
> Subject: RE: Vlan draft - relationhip of tunnel
> attributes and egress-xxx attributes
>
>
> Ooops... Here are the suggested changes I was going to
> make. Word smithing expected... Replace the two paragraphs
> suggested with the following.
>
> "The tunnel attributes used for VLAN assignment
> described in [RFC3580] configure both the ingress VLAN ID for
> untagged packets, also know as the PVID, and the egress VLAN
> ID for untagged packets on that same VLAN. The
> Egress-VLANID configures only the egress VLAN ID for either
> tagged or untagged packets. It is not necessary to use the
> Egress-VLANID attribute to configure the same untagged VLANID
> that the tunnel attributes of [RFC3580] confiures. These
> attributes can be used concurrently and MAY appear in the
> same RADIUS message. To configure an untagged VLAN for both
> ingress and egress the tunnel attrubutes of [RFC3580] MUST be used."
>
> Paul
>
>
> ________________________________
>
> From: owner-radiusext@ops.ietf.org
> [mailto:owner-radiusext@ops.ietf.org] On Behalf Of Sanchez,
> Mauricio (ProCurve)
> Sent: Thursday, April 27, 2006 5:44 PM
> To: radiusext@ops.ietf.org
> Subject: Vlan draft - relationhip of tunnel
> attributes and egress-xxx attributes
>
>
>
> Relationship of tunnel attributes and
> egress-xxx attributes
> address: mauricio.sanchez@hp.com Date first
> submitted: 4/27/06
> Reference: none
> Document: draft-ietf-radext-vlan-04.txt
> Comment type: T
> Priority: S
> Section: 2.1, 2.3
> Rationale/Explanation of issue:
> While the introduction acknowledges tunnel
> attributes from rfc2868 and rfc3580, there is no guidance on
> their use with the egress-vlanid and egress-vlan-name
> attributes. I suggest formalizing the fact that they can be
> used concurrently and providing guidance on their
> interaction/relationship.
>
> Requested change:
>
> 1) To section 2.1 add the following paragraph
> between the second and third paragraphs of the description
> section for egress-vlanid:
>
> "Tunnel attributes, as described in [RFC2868]
> and [RFC3580], and Egress-VLANID both can be used to
> configure the egress VLAN for untagged packets. These
> attributes can be used concurrently and MAY appear in the
> same RADIUS message. When they do appear concurrently, the
> list of allowed VLANs consists of the concatenation of all
> Egress-VLANID attributes and the Tunnel-Private-Group-ID(81)
> attribute.
>
> Egress-VLANID does not alter the ingress VLAN
> untagged traffic on a port, also known as the PVID. The
> tunnel attributes from [RFC2868] and [RFC3580] should be
> relied upon instead to set the PVID."
>
>
> 2) To section 2.3 add the following paragraph
> between the first and second paragraphs of the description
> section for egress-vlan-name:
>
> "Tunnel attributes, as described in [RFC2868]
> and [RFC3580], and Egress-VLAN-Name both can be used to
> configure the egress VLAN for untagged packets. These
> attributes can be used concurrently and MAY appear in the
> same RADIUS message. When they do appear concurrently, the
> list of allowed VLANs consists of the concatenation of all
> Egress-VLAN-Name attributes and the
> Tunnel-Private-Group-ID(81) attribute.
>
> Egress-VLAN-Name does not alter the ingress
> VLAN for untagged traffic on a port, also known as the PVID.
> The tunnel attributes from [RFC2868] and [RFC3580] should be
> relied upon instead to set the PVID."
>
>
> --------------------------------------------
> Mauricio Sanchez, CISSP
> Network Security Architect
> ProCurve Networking Business
> Hewlett Packard
> 8000 Foothills Boulevard, ms 5557
> Roseville CA, 95747-5557
>
> 916.785.1910 Tel
> 916.785.1815 Fax
> mauricio.sanchez@hp.com
> --------------------------------------------
>
>
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>