157
2. Assigns the port that connects the user to the MAC-based VLAN.
When the user goes offline, the device automatically deletes the MAC-to-VLAN entry and removes
the port from the MAC-based VLAN. For more information about 802.1X and MAC authentication,
see Security Configuration Guide.
General configuration restrictions and guidelines
When you configure MAC-based VLANs, follow these restrictions and guideline:
• Do not configure a VLAN as both a super VLAN and a MAC-based VLAN.
• The MAC-based VLAN feature is mainly configured on downlink ports of user access devices.
Do not use this feature with link aggregation.
Configuring static MAC-based VLAN assignment
Step Command Remarks
1. Enter system view.
system-view
N/A
2. Create a MAC-to-VLAN
entry.
mac-vlan mac-address
mac-address
[
mask
mac-mask ]
vlan
vlan-id
[
dot1q
priority ]
By default, no MAC-to-VLAN
entries exist.
3. Enter Layer 2 Ethernet
interface view.
interface
interface-type interface-number N/A
4. Set the port link type to
hybrid.
port link-type
hybrid
By default, all ports are access
ports.
5. Assign the hybrid port to
the MAC-based VLANs.
port hybrid
vlan
vlan-id-list {
tagged
|
untagged
}
By default, a hybrid port is an
untagged member of the
VLAN to which the port
belongs when its link type is
access
.
6. Enable the MAC-based
VLAN feature.
mac-vlan enable
By default, this feature is
disabled.
7. (Optional.) Configure
the system to assign
VLANs based on the
MAC address
preferentially.
vlan precedence mac-vlan
By default, the system assigns
VLANs based on the MAC
address preferentially when
both the MAC-based VLAN
and IP subnet-based VLAN
are configured on a port.
Configuring dynamic MAC-based VLAN assignment
Configuration restrictions and guidelines
When you configure dynamic MAC-based VLAN assignment, follow these restrictions and guideline:
• As a best practice to ensure correct operation of 802.1X and MAC authentication, do not use
dynamic MAC-based VLAN assignment with 802.1X or MAC authentication.
• As a best practice, do not both configure dynamic MAC-based VLAN assignment and disable
MAC address learning on a port. If the two features are configured together on a port, the port
forwards only packets exactly matching the MAC-to-VLAN entries and drops inexactly matching
packets.
• As a best practice, do not configure both dynamic MAC-based VLAN assignment and the MAC
learning limit on a port.
To Next Page
Loading...
