112
Figure 35 Flowchart for processing an untagged frame in dynamic MAC-based VLAN assignment
No
Yes
No
The port uses the source
MAC address of the packet
to search the MAC address-
to-VLAN mapping table
A match is found?
Exactly
matched?
The port discards the
packet
The port is assigned to
the corresponding VLAN
The port forwards the
packet
The port receives
an untagged frame
Yes
When the port receives a tagged frame, the port forwards the frame if the VLAN ID of the frame is
permitted by the port, or otherwise drops the frame.
NOTE:
If you configure both static and dynamic MAC-based VLAN assignment on the same port, dynamic
MAC-based VLAN assignment applies, and the port drops the frames that do not exactly match any
MAC address-to-VLAN entry.
Approach 3: Dynamic MAC-based VLAN
You can use dynamic MAC-based VLAN with access authentication (such as 802.1X authentication based
on MAC addresses) to implement secure, flexible terminal access. After configuring dynamic MAC-based
VLAN on the switch, you must configure the MAC address-to-VLAN entries on the access authentication
server.
When a user passes authentication of the access authentication server, the switch obtains VLAN
information from the server, generates a MAC address-to-VLAN entry by using the source MAC address
of the user packet and the VLAN information, and assigns the port to the MAC-based VLAN. When the
user goes offline, the switch automatically deletes the MAC address-to-VLAN entry, and removes the port
from the MAC-based VLAN.
Configuring MAC-based VLAN
To Next Page
Loading...
Need help?
General
