Allow Vlan 4095 #10547

New Issue

Open

opened 2025-12-29 21:32:59 +01:00 by adam · 2 comments

adam commented 2025-12-29 21:32:59 +01:00

Owner

Copy Link

Originally created by @Nexis81 on GitHub (Dec 6, 2024).

NetBox version

v4.1.6

Feature type

Change to existing functionality

Triage priority

N/A

Proposed functionality

The proposed functionality is to enable the use of VLAN ID 4095 within NetBox, specifically for VMware environments or other specialized use cases. This change would include:

Validation Updates:
Modify the validation logic in NetBox to allow the configuration of VLAN 4095.
Ensure VLAN 4095 is treated as a valid VLAN ID when defining VLANs in the database, API, and UI.

Documentation Support:
Permit users to document VMware environments where VLAN 4095 is used for monitoring purposes (e.g., IDS/IPS traffic monitoring).

API Integration:
Ensure that NetBox's API supports VLAN 4095, allowing VMware-related automation and integration tools to use this VLAN ID when configuring or syncing data.

Optional Role/Scope Restriction:
Optionally restrict VLAN 4095 to specific use cases, such as:
VMware devices or configurations.
Special roles like "monitoring" or "trunking."
This change would allow NetBox to support organizations that use VLAN 4095 for valid and critical purposes, enabling more accurate network documentation and improved automation with platforms like VMware.

Use case

Scenario:
An organization deploys an IDS/IPS solution that relies on virtual sensors (vSensors) installed on all VMware vCenter hosts. These vSensors are configured to use VLAN 4095, which is a reserved VLAN in VMware environments, to monitor traffic across all VLANs on an internal vSwitch. This configuration allows the IDS/IPS system to analyze and secure network traffic efficiently.

Challenges:
- Documentation Gaps:
NetBox currently prohibits the use of VLAN 4095, making it impossible to accurately document VMware setups that utilize this VLAN for traffic monitoring.
As a result, the representation of VMware network configurations in NetBox is incomplete or inaccurate.

Automation Limitations:
Many organizations rely on APIs to integrate NetBox with VMware for automated network configuration and synchronization. The restriction on VLAN 4095 in NetBox prevents full automation, as configurations requiring this VLAN cannot be generated or applied through NetBox.

- Consistency and Accuracy:
Inconsistent documentation or manual workarounds, such as adding VLAN 4095 directly to the database via tools like pgAdmin, creates potential for errors and undermines NetBox’s value as a "source of truth."

Database changes

None

External dependencies

None

Originally created by @Nexis81 on GitHub (Dec 6, 2024). ### NetBox version v4.1.6 ### Feature type Change to existing functionality ### Triage priority N/A ### Proposed functionality The proposed functionality is to enable the use of VLAN ID 4095 within NetBox, specifically for VMware environments or other specialized use cases. This change would include: **Validation Updates:** Modify the validation logic in NetBox to allow the configuration of VLAN 4095. Ensure VLAN 4095 is treated as a valid VLAN ID when defining VLANs in the database, API, and UI. **Documentation Support:** Permit users to document VMware environments where VLAN 4095 is used for monitoring purposes (e.g., IDS/IPS traffic monitoring). **API Integration:** Ensure that NetBox's API supports VLAN 4095, allowing VMware-related automation and integration tools to use this VLAN ID when configuring or syncing data. **Optional Role/Scope Restriction:** Optionally restrict VLAN 4095 to specific use cases, such as: VMware devices or configurations. Special roles like "monitoring" or "trunking." This change would allow NetBox to support organizations that use VLAN 4095 for valid and critical purposes, enabling more accurate network documentation and improved automation with platforms like VMware. ### Use case **Scenario:** An organization deploys an IDS/IPS solution that relies on virtual sensors (vSensors) installed on all VMware vCenter hosts. These vSensors are configured to use VLAN 4095, which is a reserved VLAN in VMware environments, to monitor traffic across all VLANs on an internal vSwitch. This configuration allows the IDS/IPS system to analyze and secure network traffic efficiently. **Challenges:** **- Documentation Gaps:** NetBox currently prohibits the use of VLAN 4095, making it impossible to accurately document VMware setups that utilize this VLAN for traffic monitoring. As a result, the representation of VMware network configurations in NetBox is incomplete or inaccurate. **Automation Limitations:** Many organizations rely on APIs to integrate NetBox with VMware for automated network configuration and synchronization. The restriction on VLAN 4095 in NetBox prevents full automation, as configurations requiring this VLAN cannot be generated or applied through NetBox. **- Consistency and Accuracy:** Inconsistent documentation or manual workarounds, such as adding VLAN 4095 directly to the database via tools like pgAdmin, creates potential for errors and undermines NetBox’s value as a "source of truth." ### Database changes None ### External dependencies None

adam added the type: featurenetboxneeds milestonestatus: backlogcomplexity: low labels 2025-12-29 21:32:59 +01:00

adam commented 2025-12-29 21:33:00 +01:00

Author

Owner

Copy Link

@DanSheps commented on GitHub (Mar 10, 2025):

Came across this when looking into something else.

What does VLAN 4095 get you that "Tagged All" does not get you? VLAN 4095 is not part of the standard, so adding something outside of the standard can result in inconsistent data in other aspects.

"Tagged All" means "all vlans are tagged" and can include the "native vlan" if there is no vlan set as untagged, so I am dubious of the benefit of this proposal as there are typically only 2 options beyond entering in the VID ("0" for None and "4095" for All). It seems like "Tagged All" would accomplish what you are trying to get at and you don't address why that is insufficient.

@DanSheps commented on GitHub (Mar 10, 2025): Came across this when looking into something else. What does VLAN 4095 get you that "Tagged All" does not get you? VLAN 4095 is not part of the standard, so adding something outside of the standard can result in inconsistent data in other aspects. "Tagged All" means "all vlans are tagged" and can include the "native vlan" if there is no vlan set as untagged, so I am dubious of the benefit of this proposal as there are typically only 2 options beyond entering in the VID ("0" for None and "4095" for All). It seems like "Tagged All" would accomplish what you are trying to get at and you don't address why that is insufficient.

adam commented 2025-12-29 21:33:00 +01:00

Author

Owner

Copy Link

@cronicded commented on GitHub (May 15, 2025):

From IEEE Standard - 9.6 - VLAN Tag Control Information [IEEE Std 802.1Q™-2005] - Virtual Bridged Local Area Networks:

0xFFF - Reserved for implementation use. This VID value shall not be configured as a PVID or a member of a VID Set, or transmitted in a tag header.

Ensure VLAN 4095 is treated as a valid VLAN ID

0xFFF is not a valid ID in representing a functional, non-experimental implementation, and would not be transmitted across a network. This is a VMWare specific implementation, I believe in violation of 8021.q standards if utilized between network devices, and probably outside of the scope of Netbox?

@cronicded commented on GitHub (May 15, 2025): From IEEE Standard - 9.6 - VLAN Tag Control Information [IEEE Std 802.1Q™-2005] - Virtual Bridged Local Area Networks: `0xFFF - Reserved for implementation use. This VID value shall not be configured as a PVID or a member of a VID Set, or transmitted in a tag header.` > Ensure VLAN 4095 is treated as a valid VLAN ID 0xFFF is not a valid ID in representing a functional, non-experimental implementation, and would not be transmitted across a network. This is a VMWare specific implementation, I believe in violation of 8021.q standards if utilized between network devices, and probably outside of the scope of Netbox?

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

21050-device-oob-ip-may-become-orphaned

21102-fix-graphiql-explorer

20911-dropdown

20239-plugin-menu-classes-mutable-state

21097-graphql-id-lookups

feature

fix_module_substitution

20923-dcim-templates

20044-elevation-stuck-lightmode

feature-ip-prefix-link

v4.5-beta1-release

20068-import-moduletype-attrs

20766-fix-german-translation-code-literals

20378-del-script

7604-filter-modifiers-v3

circuit-swap

12318-case-insensitive-uniqueness

20637-improve-device-q-filter

20660-script-load

19724-graphql

20614-update-ruff

14884-script

02496-max-page

19720-macaddress-interface-generic-relation

19408-circuit-terminations-export-templates

20203-openapi-check

fix-19669-api-image-download

7604-filter-modifiers

19275-fixes-interface-bulk-edit

fix-17794-get_field_value_return_list

11507-show-aggregate-and-rir-on-api

9583-add_column_specific_search_field_to_tables

v4.5.0

v4.4.10

v4.4.9

v4.5.0-beta1

v4.4.8

v4.4.7

v4.4.6

v4.4.5

v4.4.4

v4.4.3

v4.4.2

v4.4.1

v4.4.0

v4.3.7

v4.4.0-beta1

v4.3.6

v4.3.5

v4.3.4

v4.3.3

v4.3.2

v4.3.1

v4.3.0

v4.2.9

v4.3.0-beta2

v4.2.8

v4.3.0-beta1

v4.2.7

v4.2.6

v4.2.5

v4.2.4

v4.2.3

v4.2.2

v4.2.1

v4.2.0

v4.1.11

v4.1.10

v4.1.9

v4.1.8

v4.2-beta1

v4.1.7

v4.1.6

v4.1.5

v4.1.4

v4.1.3

v4.1.2

v4.1.1

v4.1.0

v4.0.11

v4.0.10

v4.0.9

v4.1-beta1

v4.0.8

v4.0.7

v4.0.6

v4.0.5

v4.0.3

v4.0.2

v4.0.1

v4.0.0

v3.7.8

v3.7.7

v4.0-beta2

v3.7.6

v3.7.5

v4.0-beta1

v3.7.4

v3.7.3

v3.7.2

v3.7.1

v3.7.0

v3.6.9

v3.6.8

v3.6.7

v3.7-beta1

v3.6.6

v3.6.5

v3.6.4

v3.6.3

v3.6.2

v3.6.1

v3.6.0

v3.5.9

v3.6-beta2

v3.5.8

v3.6-beta1

v3.5.7

v3.5.6

v3.5.5

v3.5.4

v3.5.3

v3.5.2

v3.5.1

v3.5.0

v3.4.10

v3.4.9

v3.5-beta2

v3.4.8

v3.5-beta1

v3.4.7

v3.4.6

v3.4.5

v3.4.4

v3.4.3

v3.4.2

v3.4.1

v3.4.0

v3.3.10

v3.3.9

v3.4-beta1

v3.3.8

v3.3.7

v3.3.6

v3.3.5

v3.3.4

v3.3.3

v3.3.2

v3.3.1

v3.3.0

v3.2.9

v3.2.8

v3.3-beta2

v3.2.7

v3.3-beta1

v3.2.6

v3.2.5

v3.2.4

v3.2.3

v3.2.2

v3.2.1

v3.2.0

v3.1.11

v3.1.10

v3.2-beta2

v3.1.9

v3.2-beta1

v3.1.8

v3.1.7

v3.1.6

v3.1.5

v3.1.4

v3.1.3

v3.1.2

v3.1.1

v3.1.0

v3.0.12

v3.0.11

v3.0.10

v3.1-beta1

v3.0.9

v3.0.8

v3.0.7

v3.0.6

v3.0.5

v3.0.4

v3.0.3

v3.0.2

v3.0.1

v3.0.0

v2.11.12

v3.0-beta2

v2.11.11

v2.11.10

v3.0-beta1

v2.11.9

v2.11.8

v2.11.7

v2.11.6

v2.11.5

v2.11.4

v2.11.3

v2.11.2

v2.11.1

v2.11.0

v2.10.10

v2.10.9

v2.11-beta1

v2.10.8

v2.10.7

v2.10.6

v2.10.5

v2.10.4

v2.10.3

v2.10.2

v2.10.1

v2.10.0

v2.9.11

v2.10-beta2

v2.9.10

v2.10-beta1

v2.9.9

v2.9.8

v2.9.7

v2.9.6

v2.9.5

v2.9.4

v2.9.3

v2.9.2

v2.9.1

v2.9.0

v2.9-beta2

v2.8.9

v2.9-beta1

v2.8.8

v2.8.7

v2.8.6

v2.8.5

v2.8.4

v2.8.3

v2.8.2

v2.8.1

v2.8.0

v2.7.12

v2.7.11

v2.7.10

v2.7.9

v2.7.8

v2.7.7

v2.7.6

v2.7.5

v2.7.4

v2.7.3

v2.7.2

v2.7.1

v2.7.0

v2.6.12

v2.6.11

v2.6.10

v2.6.9

v2.7-beta1

Solcon-2020-01-06

v2.6.8

v2.6.7

v2.6.6

v2.6.5

v2.6.4

v2.6.3

v2.6.2

v2.6.1

v2.6.0

v2.5.13

v2.5.12

v2.6-beta1

v2.5.11

v2.5.10

v2.5.9

v2.5.8

v2.5.7

v2.5.6

v2.5.5

v2.5.4

v2.5.3

v2.5.2

v2.5.1

v2.5.0

v2.4.9

v2.5-beta2

v2.4.8

v2.5-beta1

v2.4.7

v2.4.6

v2.4.5

v2.4.4

v2.4.3

v2.4.2

v2.4.1

v2.4.0

v2.3.7

v2.4-beta1

v2.3.6

v2.3.5

v2.3.4

v2.3.3

v2.3.2

v2.3.1

v2.3.0

v2.2.10

v2.3-beta2

v2.2.9

v2.3-beta1

v2.2.8

v2.2.7

v2.2.6

v2.2.5

v2.2.4

v2.2.3

v2.2.2

v2.2.1

v2.2.0

v2.1.6

v2.2-beta2

v2.1.5

v2.2-beta1

v2.1.4

v2.1.3

v2.1.2

v2.1.1

v2.1.0

v2.0.10

v2.1-beta1

v2.0.9

v2.0.8

v2.0.7

v2.0.6

v2.0.5

v2.0.4

v2.0.3

v2.0.2

v2.0.1

v2.0.0

v2.0-beta3

v1.9.6

v1.9.5

v2.0-beta2

v1.9.4-r1

v1.9.3

v2.0-beta1

v1.9.2

v1.9.1

v1.9.0-r1

v1.8.4

v1.8.3

v1.8.2

v1.8.1

v1.8.0

v1.7.3

v1.7.2-r1

v1.7.1

v1.7.0

v1.6.3

v1.6.2-r1

v1.6.1-r1

1.6.1

v1.6.0

v1.5.2

v1.5.1

v1.5.0

v1.4.2

v1.4.1

v1.4.0

v1.3.2

v1.3.1

v1.3.0

v1.2.2

v1.2.1

v1.2.0

v1.1.0

v1.0.7-r1

v1.0.7

v1.0.6

v1.0.5

v1.0.4

v1.0.3-r1

v1.0.3

1.0.0

Labels

Clear labels

beta

breaking change

complexity: high

complexity: low

complexity: medium

needs milestone

netbox

pending closure

plugin candidate

pull-request

Mirrored from GitHub Pull Request

severity: high

severity: low

severity: medium

status: accepted

status: backlog

status: blocked

status: duplicate

status: needs owner

status: needs triage

status: revisions needed

status: under review

topic: GraphQL

topic: Internationalization

topic: OpenAPI

topic: UI/UX

topic: cabling

topic: event rules

topic: htmx navigation

topic: industrialization

topic: migrations

topic: plugins

topic: scripts

topic: templating

topic: testing

type: bug

type: deprecation

type: documentation

type: feature

type: housekeeping

type: translation

No Label complexity: low needs milestone netbox status: backlog type: feature

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

adam

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/netbox#10547