Views:
Virtual segments can be set up to define traffic using a VLAN ID, an endpoint pair (source and destination IP addresses of a packet), or both. One or more physical segments are then assigned to the virtual segment. Virtual segments are members of a segment group and the assigned devices are not exposed in segment group membership. You define the priority order for virtual segment so that any overlapping definitions are resolved. Attempting to define an overlapping virtual segment on a device which does not allow it will produce an error.
Virtual segments can be used as:
  • A target for distribution
  • Search criteria in events and reports
The Virtual Segment table is an inventory listing of the currently defined virtual segments and lists the following information:
  • Order — Priority order that allows resolution for overlapping definitions. Keep in mind the following points:
    • You cannot have a virtual segment with an overlapping VLAN ID on the same physical segment.
    • A user-defined virtual segment with a specified VLAN ID takes precedence over a physical segment (any VLAN).
    • A packet can only be assigned to a single segment and will only be inspected against a single profile.
  • Name — User-defined name of the virtual segment.
  • VLAN — VLAN associated with the virtual segment.
  • Src/Dest Addr — Source/Destination address of a layer 2 virtual segment.
  • Segments Assigned — User-assigned physical segments associated with the virtual segment.
  • Segment Group — User-created segment group associated with the virtual segment.
  • Profile Name — Name of profile associated with the virtual segment.
Related information