HP 5820X Series

To Next Page

To Previous Page

115

If you configure both static and dynamic MAC-based VLAN assignment on the same port, dynamic MAC-

based VLAN assignment applies, and the port drops the frames that do not exactly match any MAC

address-to-VLAN entry.

Approach 3: Dynamic MAC-based VLAN

Use dynamic MAC-based VLAN with access authentication (such as 802.1X authentication based on

MAC addresses) to implement secure, flexible terminal access. After configuring dynamic MAC-based

VLAN on the switch, you must configure the MAC address-to-VLAN entries on the access authentication

server.

When a user passes authentication of the access authentication server, the switch obtains VLAN

information from the server, generates a MAC address-to-VLAN entry by using the source MAC address

of the user packet and the VLAN information, and assigns the port to the MAC-based VLAN. When the

user goes offline, the switch automatically deletes the MAC address-to-VLAN entry, and removes the port

from the MAC-based VLAN.

Configuring MAC-based VLAN

MAC-based VLANs are available only on hybrid ports.

The MAC-based VLAN feature is mainly configured on the downlink ports of the user access devices. Do

not enable this function together with link aggregation.

Configuring static MAC-based VLAN assignment

To configure static MAC-based VLAN assignment

To do... Use the command... Remarks

1. Enter system view

system-view —

2. Associate MAC addresses

with a VLAN

mac-vlan mac-address mac-address

[ mask mac-mask ] vlan vlan-id

[ priority priority ]

Required.

Enter Ethernet

interface view

interface interface-type interface-

number

3. Enter

Ethernet

interface

view or

port

group

view

Enter port

group view

port-group manual port-group-name

Use either command.

• The configuration made in

Ethernet interface view applies

only to the current port.

• The configuration made in port

group view applies to all ports in

the port group.

4. Configure the link type of

the ports as hybrid

port link-type hybrid Required.

5. Configure the hybrid ports

to permit packets of

specific MAC-based

VLANs to pass through

port hybrid vlan vlan-id-list { tagged

| untagged }

Required.

By default, a hybrid port only

permits the packets of VLAN 1 to

pass through.

6. Enable MAC-based VLAN

mac-vlan enable

Required.

Disabled by default

7. Configure VLAN matching

precedence

vlan precedence { mac-vlan | ip-

subnet-vlan }

Optional.

By default, VLANs are preferentially

matched based on MAC addresses.

Main Page

Table of Contents

Related product manuals