MAC Address-Based VLAN Configuration 91
MAC Address-Based
VLAN Configuration
Introduction to MAC
Address-Based VLAN
With MAC address-based VLANs created, the VLAN to which a packet belongs is
determined by its source MAC address, and packets in a MAC address-based
VLAN are forwarded after being tagged with the tag of the VLAN. This function is
usually coupled with the security technologies (such as 802.1X) to provide secure
and flexible network accesses for terminal devices.
MAC address-based VLAN implementation
With MAC address-based VLANs created on a port, the port operates as follows:
■ If an untagged packet is received, the port checks its MAC address VLAN
entries for the one that matches the source MAC address of the packet. If the
entry exists, the packet is forwarded based on the matched VLAN ID and the
precedence value; otherwise, the packet is forwarded based on other match
rules.
■ If a tagged packet is received, the port processes the packet in the same way as
it processes port-based VLAN packets, that is, forwards the packet if the VLAN
corresponding to the VLAN tag is permitted by the port or drops the packet if
the VLAN corresponding to the VLAN tag is not permitted by the port.
The ways to create MAC address-based VLANs
A MAC address-based VLAN can be created in one of the following two ways.
■ Static configuration (through CLI)
You can associate MAC addresses and VLANs by using corresponding commands.
■ Auto configuration though the authentication server (that is, VLAN issuing)
The device associates MAC addresses and VLANs dynamically based on the
information provided by the authentication server. If a user goes offline, the
corresponding MAC address-to-VLAN association is removed automatically. Auto
configuration requires MAC address-to-VLAN mapping relationship be configured
on the authentication server. For detailed information, refer to “VLAN Assigning”
on page 740.
The two configuration methods can be used at the same time, that is, you can
configure a MAC address-to-VLAN entry on both the local device and the
authentication serer at the same time. Note that the MAC address-to-VLAN entry
configuration takes effect only when the configuration on the local device is
consistent with that on the authentication server.
Configuring a MAC
Address-Based VLAN
n
MAC address-based VLANs are available only on Hybrid ports.
Follow these steps to configure a MAC address-based VLAN:
To Next Page
Loading...
