General Tab
(VLAN)

The VLAN General tab displays information about the VLAN selected in the left panel and lets you configure certain VLAN parameters. If you are using VLAN to Role mapping in your network, you can use this tab to map the VLAN to a specific role. To access this tab, select a VLAN in the left panel's VLANs tab and click the General tab in the right panel. If you make a change on this tab, you need to enforce it using the Enforce button on the toolbar.

Click the graphic for more information.

General
This area provides general information about the VLAN.

Name: Name of the VLAN selected in the left panel.

VLAN Scope: Scope of the VLAN (Local or Global).

VLAN ID: Unique number assigned to the VLAN, also called VID (for VLAN ID). This ID was either assigned by an administrator or assigned automatically by the system when the VLAN was created. The value can be anywhere between 1 and 4094, with VID 1 being reserved for the DEFAULT VLAN (a name for a particular VLAN, not to be confused with a role's assigned default VLAN).

Configuration
This area allows you to configure the VLAN.

This VLAN is intended as a Discard VLAN only: If this VLAN is to be used to deny traffic, select this box. If it is to be used to contain traffic, leave the box unchecked.

Dynamic Egress Enabled

Dynamic Egress is enabled by default in Policy Manager. If you want to disable Dynamic Egress, uncheck the box. See Dynamic Egress for more information.

NOTE: GVRP (GARP VLAN Registration Protocol) is automatically enabled the first time you enforce a Dynamic Egress VLAN in Policy Manager. If you do not want GVRP enabled on your network, you can disable it by selecting the Policy Manager Edit > GVRP Disabled menu option. If necessary, you can then manually configure the interswitch ports to do what GVRP does automatically, using local management to set up your interswitch links as Q trunks. The trunk ports will be automatically added to the egress lists of all the VLANs at the time of trunk configuration.

	NOTE:	GVRP (GARP VLAN Registration Protocol) is automatically enabled the first time you enforce a Dynamic Egress VLAN in Policy Manager. If you do not want GVRP enabled on your network, you can disable it by selecting the Policy Manager Edit > GVRP Disabled menu option. If necessary, you can then manually configure the interswitch ports to do what GVRP does automatically, using local management to set up your interswitch links as Q trunks. The trunk ports will be automatically added to the egress lists of all the VLANs at the time of trunk configuration.

NOTE: If GVRP is already enabled on your network and you enforce, the GVRP status of ports on which you have disabled GVRP will not change.

	NOTE:	If GVRP is already enabled on your network and you enforce, the GVRP status of ports on which you have disabled GVRP will not change.

Always write VLAN to device(s): If the box is checked, the VLAN will be written to the device whether the VLAN is being used in a rule or role, or not. If it is not checked, the VLAN will not be written to the device unless it is being used in a rule or role. Enabling this option is a way of ensuring that the device is aware of a VLAN that is being used for something other than policy configuration, and it allows you to configure that VLAN for Dynamic Egress. If the Default VLAN (VID=1) is selected in the left panel, this option is checked and cannot be edited, as the default VLAN is always on the device.

Tagged Packet VLAN to Role Mapping
This area displays whether the VLAN is mapped to a specific role and lets you select a role for mapping, if desired. Tagged Packet VLAN to Role Mapping provides a way to let policy-enabled devices assign a role to network traffic, based on a VLAN ID. For more information, see VLAN to Role Mapping in the Concepts help topic.

NOTE: When configuring Tagged Packet VLAN to role mapping, you must also enable the TCI Overwrite attribute. TCI Overwrite allows the VLAN or class of service tag in a received packet to be overwritten by the VLAN (access control) and class of service characteristics defined in the mapped role. You can enable TCI Overwrite on a per-port basis in the port's General tab, or for an individual role in the role's General tab.

	NOTE:	When configuring Tagged Packet VLAN to role mapping, you must also enable the TCI Overwrite attribute. TCI Overwrite allows the VLAN or class of service tag in a received packet to be overwritten by the VLAN (access control) and class of service characteristics defined in the mapped role. You can enable TCI Overwrite on a per-port basis in the port's General tab, or for an individual role in the role's General tab.

Mapped to Role: The role the VLAN is mapped to. To select a role, click Select, choose a role, and click OK.

Select: Opens the role Selection View, where you can choose a role to associate with the VLAN.

Authentication-Based VLAN to Role Mapping
This area displays whether the VLAN is mapped to a specific role and lets you select a role for mapping, if desired. Authentication-Based VLAN to Role Mapping provides a way to assign a role to a user during the authentication process, based on a VLAN ID. For more information, see VLAN to Role Mapping in the Concepts help topic.

NOTE: When configuring Authentication-Based VLAN to role mapping, you must enable RFC3580 VLAN Authorization on the device via the device Authentication tab.

	NOTE:	When configuring Authentication-Based VLAN to role mapping, you must enable RFC3580 VLAN Authorization on the device via the device Authentication tab.

Mapped to Role: The role the VLAN is mapped to. To select a role, click Select, choose a role, and click OK.

Select: Opens the role Selection View, where you can choose a role to associate with the VLAN.

Related Information

For information on related concepts:

For information on related tasks:

General Tab (VLAN)

Related Information

General Tab
(VLAN)