156
Figure 52 Flowchart for processing a frame in dynamic MAC-based VLAN assignment
When you configure dynamic MAC-based VLAN assignment, follow these guidelines:
• When a port joins a VLAN specified in the MAC-to-VLAN entry, one of the following events
occurs depending on the port configuration:
{ If the port has not been configured to allow packets from the VLAN to pass through, the port
joins the VLAN as an untagged member.
{ If the port has been configured to allow packets from the VLAN to pass through, the port
configuration remains the same.
• If you configure both static and dynamic MAC-based VLAN assignments on a port, dynamic
MAC-based VLAN assignment takes effect.
• The 802.1p priority of the VLAN in a MAC-to-VLAN entry determines the transmission priority of
the matching packets.
Server-assigned MAC-based VLAN
Use this feature with access authentication, such as MAC-based 802.1X authentication, to
implement secure and flexible terminal access.
To implement server-assigned MAC-based VLAN, perform the following tasks:
1. Configure the server-assigned MAC-based VLAN feature on the access device.
2. Configure username-to-VLAN entries on the access authentication server.
When a user passes authentication of the access authentication server, the server assigns the
authorization VLAN information for the user to the device. The device then performs the following
operations:
1. Generates a MAC-to-VLAN entry by using the source MAC address of the user packet and the
authorization VLAN information. The authorization VLAN is a MAC-based VLAN.
The generated MAC-to-VLAN entry cannot conflict with the existing static MAC-to-VLAN entries.
If a confliction exists, the dynamic MAC-to-VLAN entry cannot be generated.
No
Yes
No
Yes
No
No
Yes
Yes
No
Yes
Yes
No
Uses source MAC to
match the MAC in MAC-
to-VLAN entries
MAC addresses
match?
VLAN IDs
match?
Drops the frame
Joins the VLAN
Forwards the frame in
the VLAN
The port receives a
frame
Drops the frame
VLAN ID match the
port PVID?
PVID allowed?
Tagged frame ?
Selects a VLAN for the
frame
Gets the source MAC
Is the VLAN ID the primary VLAN ID and the
port PVID a secondary VLAN ID?
To Next Page
Loading...
Need help?
General