This window appears when you select the Create VLAN menu option,
or if you select New in the VLAN
Selection View or the Role VLAN window in the Role Wizard. If you access this window from the VLAN Selection View or Role Wizard, the
title bar states Create Deny VLAN or Create Contain VLAN, and
the appropriate
items are selected or grayed out, depending on whether you have selected
"Contain to VLAN" or a "Deny Traffic" (discard VLAN) as
your access control.
See How to Create a VLAN, How to Create a Policy VLAN
Island, and Roles
for additional information.
|
Click the graphic for more information.
|
- VLAN Name
- Unique name for the VLAN you want to create. VLAN names can be up
to 32 characters in length, including spaces. VLAN names are case sensitive.
For example, "Sales" and "sales" would be considered two different VLAN names.
You cannot have two VLANs with the same name in Policy Manager.
- VLAN Scope
- Scope of the VLAN (Local or Global).
This choice is available
only if the Policy VLAN Islands feature is enabled.
If Policy VLAN Islands are disabled, this selection is grayed out, and the
VLAN will be global by default. If you open this window from the Policy VLAN
Islands Configuration Wizard, the selection is grayed out, and the VLAN
will be local by default.
- Local - Creates a local VLAN, which can be segmented into
different VIDs for use with Policy
VLAN Islands.
- Global - Creates a global VLAN, which will be written to all
selected devices with the same VID.
You can change a global VLAN to a local VLAN and vice versa, but if you switch from
local to global, you will need to supply a VID for the global VLAN.
- VLAN ID
- Unique numerical identifier for the VLAN, also known as VID. Can be a value between
1 and 4094, with VID1 being reserved for the DEFAULT VLAN (a name for a
particular VLAN, not to be confused with a default VLAN you assign to a role).
To select the next VID in sequence, click Next Available VID.
- This VLAN is intended as a Discard VLAN only
- If this VLAN is to be used to deny traffic, select this box. If it is to
be used to contain traffic, leave the box unchecked.
- Dynamic Egress Enabled
- Dynamic Egress is enabled by
default in Policy Manager. If you want to disable Dynamic Egress, uncheck
the box. If you select "This VLAN is intended as a Discard VLAN only"
option, the Dynamic Egress is automatically deselected. If for some reason
you wish to have it enabled for a discard VLAN, you can reselect it.
Note: GVRP (GARP VLAN Registration Protocol) is automatically enabled the
first time you enforce a Dynamic Egress
VLAN in Policy Manager. If you do not want GVRP enabled on your network, you can disable
it by selecting the Policy Manager Edit > GVRP Disabled menu option.
If necessary, you can then manually configure the interswitch ports to do what
GVRP does automatically, using NetSight Element Manager or local management to
set up set up your interswitch links as Q trunks. The trunk ports will be
automatically added to the egress lists of all the VLANs at the time of trunk
configuration.
-
- Note: If GVRP is already enabled on your network and you enforce, the
GVRP status of ports on which you have disabled GVRP will not
change.
- Always write VLAN to device(s)
- If the box is checked, the VLAN will be written to the device
whether the VLAN is being used in a rule or role, or not. If it is not checked,
the VLAN will not be written to the device unless it is being used in a rule
or role. Enabling this option is a way of ensuring that the device is aware of
a VLAN that is being used for something other than policy configuration,
and it allows you to configure that VLAN for Dynamic Egress.
Buttons
- Next Available VID
- Enters the next unassigned VID in the
VLAN ID field.
- Apply
- Creates the VLAN and leaves the window open.
For information on related concepts:
For information on related tasks:
For information on related windows:
