1. Drop traffic without analysis from a specific VLAN:

fdpi_cli vlan rule add <id> perm drop

1. Drop traffic with preliminary analysis but without exporting it to Netflow statistics from a specific VLAN (used for asymmetric traffic scenarios where duplicated traffic from another site is received; analysis is required before excluding it from statistics):

fdpi_cli vlan rule add <id> perm hide

1. Pass traffic without any analysis from a specific VLAN:

fdpi_cli vlan rule add <id> perm pass

1. Show current configuration in SDR:

fdpi_cli vlan rule dump

Added support for filtering output by rule type:

Format:

vlan rule dump [type]

type — rule type:

• perm
• dhcp
• all (default)

Examples:

vlan rule dump perm

vlan rule dump dhcp

vlan rule dump

VLAN Rule provides flexible traffic management at VLAN and QinQ levels, allowing policies to be applied to individual VLANs, VLAN ranges, or QinQ tunnels.

The following rule types are supported:

• dhcp — controls DHCP request processing:
  • dhcp enable — allow DHCP processing in the given VLAN/QinQ
  • dhcp disable — block DHCP processing; all DHCP packets are dropped

• perm — basic traffic processing within VLAN/QinQ:
  • drop — completely drop packets; not included in Netflow
  • pass — forward without processing; included in Netflow
  • accept — full processing in the system; included in Netflow
  • hide — packets are processed internally, then dropped:
    • not included in Netflow
    • services 9, 12, 15, 18, NAT, and policing are not applied
    • not recorded via ajb (IPFIX, SIP, FTP, etc.)

• pppoe — PPPoE traffic processing:
  • enable — allow PPPoE processing
  • drop — drop PPPoE packets
  • pass — pass PPPoE traffic without processing
  • delay N — set PPPoE session with delay of N seconds (0 < N < 16)

Rules are applied to ranges:

• single VLAN: 156
• VLAN range: 56-78
• any VLAN: * or any
• QinQ:
  • 67.* / 67.any — S-VLAN=67, any C-VLAN
  • *.68 / any.68 — any S-VLAN, C-VLAN=68
  • *.* / any.any — any QinQ
  • 12-156.78-90 — S-VLAN and C-VLAN ranges
  • 609.1-199 — S-VLAN=609, C-VLAN range

When ranges overlap:

1. more general rules are applied first (e.g., 1-4095, any.any)
2. more specific rules may override the behavior

Example:

vlan rule add 300-700 dhcp disable
vlan rule add 645 dhcp enable
vlan rule add 430-439 dhcp enable

• vlan rule add — add a rule to SDR
• vlan rule modify — modify a rule in SDR
• vlan rule delete — delete a rule from SDR
• vlan rule show — show all rules for VLAN/QinQ
• vlan rule dump [type] — show SDR rules with filtering by type (perm, dhcp, all)
• vlan rule purge vlan/qinq/all — clear SDR VLAN/QinQ rules or both
• vlan rule apply — force rule application (no more than once per minute)

Change application: changes are stored in SDR and automatically applied after 5 minutes since the last modification.