Thread Links			Date Links
Thread Prev	Thread Next	Thread Index	Date Prev	Date Next	Date Index

Re: [802.1] Re: [LinkSec] "Wildcard" VLAN ID - ballot

To: Norman Finn <nfinn@cisco.com>
Subject: Re: [802.1] Re: [LinkSec] "Wildcard" VLAN ID - ballot
From: "Les Bell" <Les_Bell@eur.3com.com>
Date: Mon, 12 May 2003 14:28:25 +0100
cc: stds-802-1@ieee.org, "stds-802-linksec@ieee.org" <stds-802-linksec@ieee.org>
Sender: owner-stds-802-linksec@majordomo.ieee.org

There are currently two occurences of a match for "any VLAN-ID"

- in the DOCS-QOS-MIB

DOCSIS uses the Vlan Mask in a packet classification scheme where the
value zero means the VLAN-ID is not analyzed to match the tagged packet.

    docsQosPktClassVlanId OBJECT-TYPE
       SYNTAX          Integer32 (0..4095)
       MAX-ACCESS      read-only
       STATUS          current

- In the framework PIB (draft-ietf-rap-frameworkpib-09.txt) I find:

    frwk802FilterVlanId OBJECT-TYPE
        SYNTAX         Integer32 (-1 | 1..4094)
        STATUS         current
        DESCRIPTION
            "The VLAN ID (VID) that uniquely identifies a VLAN
            within the device. This VLAN may be known or unknown
            (i.e., traffic associated with this VID has not yet
            been seen by the device) at the time this entry
            is instantiated.

            Setting the frwk802FilterVlanId object to -1 indicates that
            VLAN data should not be considered during traffic
            classification."

RFC 2674 (Bridge MIB extensions) currently defines values in the range (1..4094)
for 802.1Q VLANs.  It also defines an unsigned32 textual convention that may be
used to identify an 802.1Q VLAN (1..4094) or a private VLAN (4096 and above).

The value '0' should not be used as a wildcard, as you may want to
match this value for an 802.1D Priority-tagged frame.

And looking ahead to the future, it would be better if the "any" value
were a non-negative value so that the type could be used to define an
index, in an SNMP table.  This would help for VLAN policy-like tables,
e.g. for a policy table which could assign a policy based on the VLAN-ID,
with a 'catch-all' value at the end of the table for anything not matched
by previous entries.

Les...

Norman Finn <nfinn@cisco.com> on 09/05/2003 21:54:34

Sent by:  Norman Finn <nfinn@cisco.com>

To:   Tony Jeffree <tony@jeffree.co.uk>
cc:   stds-802-1@ieee.org, "stds-802-linksec @ieee.org"
      <stds-802-linksec@ieee.org> (Les Bell/GB/3Com)
Subject:  [802.1] Re: [LinkSec] "Wildcard" VLAN ID - ballot

In which specific MIB could this value be used?

-- Norm

Tony Jeffree wrote:
>
> In March, the question was raised as to whether it would be appropriate for
> the Bridge MIB to use the value 4095 as a wildcard VLAN ID. The general
> discussion around this in the meeting favoured the idea; 4095 is a reserved
> VID according to the 802.1Q standard, and therefore, this use is possible.
> It was decided to hold a ballot to make sure that there was no opposition
> to this idea before the Bridge MIB went ahead with this use.
>
> Please consider this to be the start of that ballot. If you have any
> objections to this course of action, please indicate what the objections
> are in an email to the 802.1 exploder. I will collate any comments received
> so that we can discuss at the June interim meeting.
>
> Regards,
> Tony

Prev by Date: [LinkSec] Next week's call: PAR
Next by Date: Re: [LinkSec] "Wildcard" VLAN ID - ballot
Prev by thread: [LinkSec] Next week's call: PAR
Next by thread: Resend: Re: [LinkSec] Proposed Scope for LinkSec PAR
Index(es):
- Date
- Thread