BLADEOS 6.3 Application Guide
16 BMD00178, April 2010
VLAN Maps
A VLAN map (VMAP) is an Access Control List (ACL) that can be assigned to a VLAN rather
than to a switch port as with regular ACLs. In a virtualized environment, VMAPs allow you to
create traffic filtering and metering policies that are associated with a VM group VLAN, allowing
ACLs to follow VMs as they migrate between hypervisors.
VMAPs are configured from the ACL menu, available with the following CLI command:
BLADEOS 6.3 supports up to 128 VMAPs. Individual VMAP filters are configured in the same
fashion as regular ACLs, except that VLANs cannot be specified as a filtering criteria since the
filter is explicitly assigned to a VLAN by nature.
Once a VMAP filter is created, it can be assigned or removed using the following commands:
For a regular VLAN:
For a VM group:
When the optional intports or extports parameter is specified, the action to add or remove
the VMAP is applied for only the switch server ports (intports) or uplink ports (extports). If
omitted, the operation will be applied to all ports in the associated VLAN or VM group.
Note – VMAPs have a lower priority than port-based ACLs. If both an ACL and a VMAP match a
particular packet, both filter actions will be applied as long as there is no conflict. In the event of a
conflict, the port ACL will take priority.
# /cfg/acl/vmap <1-128>
/cfg/l2/vlan <VLAN ID>/vmap {add|rem} <VMAP ID> [intports|extports]
/cfg/virt/vmgroup <ID>/vmap {add|rem} <VMAP ID> [intports|extports]
