Virtual Private LAN Service164FD 100/320Gbps NT and FX NT IHub Services Guide3HH-11985-AAAA-TQZZA Issue: 135.3.2.4 Residential and regular port usageThe v-VPLS behavior distinguishes between the user-side (SAPs built on residentialports) and the network-side (SAPs built on regular ports or on LAGs made of regularports), to secure control over MAC learning capabilities, and enable the ability tocontrol user-to-user communication. User-to-user communication can be enabled ordisabled, to allow or prevent user-to-user communications between residential ports.SAPs that are built on residential ports inherit the untrusted property of the underlyingport and consequently, they have restricted capabilities compared to SAPs built onregular ports.The following security measures apply to SAPs built on residential ports:• In case of conflict during MAC address self-learning, a regular (network) port haspriority over a residential (user) port.• MAC address relearning (movement) is not allowed between residential ports.• User-to-user connectivity is forbidden by default (but may be overruled byoperator as a property of the v-VPLS).5.3.2.5 Using virtual ports to extend the VPRN interfacereachThe ISAM requires configuration of one VPRN IP interface SAP on a LAN, (a groupof ports such as the LT-Links).A virtual port is used to concatenate v-VPLS and VPRN services. The virtual port hasbeen defined as an intuitive way to couple v-VPLS and VPRN service such that anIP interface (VPRN SAP) is spread over a group of physical/LAG ports.The virtual port is automatically associated with a v-VPLS when the service iscreated, and requires no input from the operator.For more information about access port configuration and usage in the ISAM,see “Residential and regular port usage”.The v-VPLS transmits frames that bear the ISAM IHub MAC address as destinationaddress to the virtual port, which functions as a shared collector. As shown inFigures 18 and 19.
