[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: FW: Vlan draft - relationhip of tunnel attributes and egress-xxx attributes
Ok with me.
MS
> -----Original Message-----
> From: owner-radiusext@ops.ietf.org
> [mailto:owner-radiusext@ops.ietf.org] On Behalf Of Bernard Aboba
> Sent: Friday, April 28, 2006 4:39 PM
> To: Congdon, Paul T (ProCurve); radiusext@ops.ietf.org
> Subject: RE: FW: Vlan draft - relationhip of tunnel
> attributes and egress-xxx attributes
>
> How about this (insert in Section 2.1, second paragraph):
>
> "As defined in [RFC3580], the VLAN assigned via tunnel
> attributes applies both to the ingress VLANID for untagged
> packets (known as the PVID) and the egress VLANID for
> untagged packets.
> In contrast, the Egress-VLANID attribute configures only the
> egress VLANID for either tagged or untagged packets. The
> Egress-VLANID attribute MAY be included in the same RADIUS
> packet as [RFC3580] tunnel attributes; however, the
> Egress-VLANID attribute is not necessary if it is being used
> to configure the same untagged VLANID included in tunnel attributes.
> To configure an untagged VLAN for both ingress and egress,
> the tunnel attrubutes of [RFC3580] MUST be used."
>
>
>
> >From: "Congdon, Paul T (ProCurve)" <paul.congdon@hp.com>
> >To: <radiusext@ops.ietf.org>
> >Subject: FW: Vlan draft - relationhip of tunnel attributes and
> >egress-xxx attributes
> >Date: Thu, 27 Apr 2006 21:12:57 -0700
> >
> >
> >some how the list got dropped... Comments welcome.
> >
> >
> >________________________________
> >
> >From: Congdon, Paul T (ProCurve)
> >Sent: Thursday, April 27, 2006 8:05 PM
> >To: Sanchez, Mauricio (ProCurve)
> >Subject: RE: Vlan draft - relationhip of tunnel attributes and
> >egress-xxx attributes
> >
> >
> >Ooops... Here are the suggested changes I was going to make. Word
> >smithing expected... Replace the two paragraphs suggested with the
> >following.
> >
> >"The tunnel attributes used for VLAN assignment described in
> [RFC3580]
> >configure both the ingress VLAN ID for untagged packets,
> also know as
> >the PVID, and the egress VLAN ID for untagged packets on
> that same VLAN.
> >The Egress-VLANID configures only the egress VLAN ID for
> either tagged
> >or untagged packets. It is not necessary to use the Egress-VLANID
> >attribute to configure the same untagged VLANID that the tunnel
> >attributes of [RFC3580] confiures. These attributes can be used
> >concurrently and MAY appear in the same RADIUS message. To
> configure
> >an untagged VLAN for both ingress and egress the tunnel
> attrubutes of
> >[RFC3580] MUST be used."
> >
> >Paul
> >
> >
> >________________________________
> >
> > From: owner-radiusext@ops.ietf.org
> >[mailto:owner-radiusext@ops.ietf.org] On Behalf Of Sanchez, Mauricio
> >(ProCurve)
> > Sent: Thursday, April 27, 2006 5:44 PM
> > To: radiusext@ops.ietf.org
> > Subject: Vlan draft - relationhip of tunnel attributes
> and egress-xxx
> >attributes
> >
> >
> >
> > Relationship of tunnel attributes and egress-xxx attributes
> > address: mauricio.sanchez@hp.com Date first submitted: 4/27/06
> > Reference: none
> > Document: draft-ietf-radext-vlan-04.txt
> > Comment type: T
> > Priority: S
> > Section: 2.1, 2.3
> > Rationale/Explanation of issue:
> > While the introduction acknowledges tunnel attributes from
> >rfc2868 and rfc3580, there is no guidance on their use with the
> >egress-vlanid and egress-vlan-name attributes. I suggest
> formalizing
> >the fact that they can be used concurrently and providing
> guidance on
> >their interaction/relationship.
> >
> > Requested change:
> >
> > 1) To section 2.1 add the following paragraph between
> the second and
> >third paragraphs of the description section for egress-vlanid:
> >
> > "Tunnel attributes, as described in [RFC2868] and
> [RFC3580], and
> >Egress-VLANID both can be used to configure the egress VLAN for
> >untagged packets. These attributes can be used concurrently and MAY
> >appear in the same RADIUS message. When they do appear
> concurrently,
> >the list of allowed VLANs consists of the concatenation of all
> >Egress-VLANID attributes and the Tunnel-Private-Group-ID(81)
> attribute.
> >
> > Egress-VLANID does not alter the ingress VLAN untagged
> traffic on a
> >port, also known as the PVID. The tunnel attributes from
> [RFC2868] and
> >[RFC3580] should be relied upon instead to set the PVID."
> >
> >
> > 2) To section 2.3 add the following paragraph between
> the first and
> >second paragraphs of the description section for egress-vlan-name:
> >
> > "Tunnel attributes, as described in [RFC2868] and
> [RFC3580], and
> >Egress-VLAN-Name both can be used to configure the egress VLAN for
> >untagged packets. These attributes can be used concurrently and MAY
> >appear in the same RADIUS message. When they do appear
> concurrently,
> >the list of allowed VLANs consists of the concatenation of all
> >Egress-VLAN-Name attributes and the Tunnel-Private-Group-ID(81)
> >attribute.
> >
> > Egress-VLAN-Name does not alter the ingress VLAN for
> untagged traffic
> >on a port, also known as the PVID. The tunnel attributes from
> >[RFC2868] and [RFC3580] should be relied upon instead to set
> the PVID."
> >
> >
> > --------------------------------------------
> > Mauricio Sanchez, CISSP
> > Network Security Architect
> > ProCurve Networking Business
> > Hewlett Packard
> > 8000 Foothills Boulevard, ms 5557
> > Roseville CA, 95747-5557
> >
> > 916.785.1910 Tel
> > 916.785.1815 Fax
> > mauricio.sanchez@hp.com
> > --------------------------------------------
> >
>
>
>
> --
> to unsubscribe send a message to
> radiusext-request@ops.ietf.org with the word 'unsubscribe' in
> a single line as the message text body.
> archive: <http://psg.com/lists/radiusext/>
>
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>