155
MAC address of a MAC-to-VLAN entry, the port tags the frame with the VLAN ID specific to
this entry.
c. If no matching VLAN ID is found, the port determines the VLAN for the packet by using the
following VLAN match order:
− IP subnet-based VLAN.
− Protocol-based VLAN.
− Port-based VLAN.
When a match is found, the port tags the packet with the matching VLAN ID.
• For a tagged frame, the port determines whether the VLAN ID of the frame is permitted on the
port.
{ If the VLAN ID of the frame is permitted on the port, the port forwards the frame.
{ If the VLAN ID of the frame is not permitted on the port, the port drops the frame.
Dynamic MAC-based VLAN assignment
When you cannot determine the target MAC-based VLANs of a port, use dynamic MAC-based VLAN
assignment on the port. To use dynamic MAC-based VLAN assignment, perform the following tasks:
1. Create MAC-to-VLAN entries.
2. Enable the MAC-based VLAN feature on the port.
3. Enable dynamic MAC-based VLAN assignment on the port.
Dynamic MAC-based VLAN assignment uses the following workflow, as shown in Figure 52:
1. Whe
n a port receives a frame, it first determines whether the frame is tagged.
{ If the frame is tagged, the port gets the source MAC address of the frame.
{ If the frame is untagged, the port selects a VLAN for the frame by using the following
matching order:
− MAC-based VLAN (fuzzy and exact MAC address match).
− IP subnet-based VLAN.
− Protocol-based VLAN.
− Port-based VLAN.
After tagging the frame with the selected VLAN, the port gets the source MAC address of the
frame.
2. The port uses the source address and VLAN of the frame to match the MAC-to VLAN entries.
{ If the source MAC address of the frame exactly matches the MAC address in a
MAC-to-VLAN entry, the port checks whether the VLAN ID of the frame matches the VLAN
in the entry.
− If the two VLAN IDs match, the port joins the VLAN and forwards the frame.
− If the two VLAN IDs do not match, the port drops the frame.
{ If the source MAC address of the frame does not exactly match any MAC addresses in
MAC-to-VLAN entries, the port checks whether the VLAN ID of the frame is its PVID.
− If the VLAN ID of the frame is the PVID of the port, the port determines whether it allows
the PVID.
If the PVID is allowed, the port forwards the frame within the PVID. If the PVID is not
allowed, the port drops the frame.
− If the VLAN ID of the frame is not the PVID of the port, the port determines whether the
VLAN ID is the primary VLAN ID and the port PVID is a secondary VLAN ID.
If yes, the port forwards the frame. Otherwise, the port drops the frame.
To Next Page
Loading...
