3Com 4.2.2 Marine Radio User Manual


 
VLAN Moves 5-11
Using the information derived from the snooping procedure, the device
then attempts to resolve something based on the policy it is trying to
enforce. For example, if the policy is a MAC-based auto-VLAN
configuration policy, the device will resolve the MAC address to VLAN
mapping using external services where the mapping information is
stored. This may result in a query to an external server asking for the
VLAN mapping information. This resolution then results in a
configuration change, thus enforcing that policy.
Configuration
Following snooping and resolution, the device enforcing a policy will
make the necessary configuration changes in the device to enforce the
policy.
For example, if a device is enforcing a security policy on a segment, the
device first snoops for the MAC address of the station connected to that
segment. The device then resolves (concludes) if that MAC address is
allowed to use the network. The resolution may be based on a query to
an external MAC address inventory server. If the device resolves not to
allow the endstation to use the network, (if the MAC address is unknown
to the inventory server), the device can configure the port into a
partitioned state, thus enforcing a security policy on that port.
The following configuration policies are available in this release:
MAC-based automatic VLAN configuration policy
Segments or devices assigned to this policy automatically are
configured into various VLANs based on a predefined MAC address to
VLAN mapping. This policy can be applied to the CoreBuilder
7x00-series interface cards and SuperStack II Switch 2700, 1000,
3000 and Desktop Switches when used as ATM edge devices.
The MAC address to VLAN mapping information is stored in a
parameter database named MAC Vdb. This database can be
automatically populated with MAC address information by using the
BuildvDB tool. The BuildvDB tool, once activated, automatically builds
an inventory of MAC addresses that exist in the network.
MAC-based VLSR
This policy is exactly same as the above MAC based policy but in this
case the MAC address to VLAN mapping is stored in an external VLAN
server parameter database. This policy is to be used when an external