206
2-22 VCL
2-22.1 MAC-based VLAN
MAC address-based VLAN decides the VLAN for forwarding an untagged frame based
on the source MAC address of the frame.
A most common way of grouping VLAN members is by port, hence the name
port-based VLAN. Typically, the device adds the same VLAN tag to untagged packets
that are received through the same port. Later on, these packets can be forwarded in
the same VLAN. Port-based VLAN is easy to configure, and applies to networks where
the locations of terminal devices are relatively fixed. As mobile office and wireless
network access gain more popularity, the ports that terminal devices use to access the
networks are very often non-fixed. A device may access a network through Port A this
time, but through Port B the next time. If Port A and Port B belong to different VLANs,
the device will be assigned to a different VLAN the next time it accesses the network.
As a result, it will not be able to use the resources in the old VLAN. On the other hand,
if Port A and Port B belong to the same VLAN, after terminal devices access the
network through Port B, they will have access to the same resources as those
accessing the network through Port A do, which brings security issues. To provide user
access and ensure data security in the meantime, the MAC-based VLAN technology is
developed.
MAC-based VLANs group VLAN members by MAC address. With MAC-based VLAN
configured, the device adds a VLAN tag to an untagged frame according to its source
MAC address. MAC-based VLANs are mostly used in conjunction with security
technologies such as 802.1X to provide secure, flexible network access for terminal
devices.
Web Interface
To configure MAC address-based VLAN configuration in the web interface:
1. Click VLC, MAC-based VLAN configuration and add new entry.
2. Specify the MAC address and VLAN ID.
3. Click Apply.
To Next Page
Loading...
