To do...
Disable the PVID of the port
from forwarding packets with
unknown source MAC
addresses that do not match
any MAC address-to-VLAN
entry
Follow these steps to configure dynamic MAC-based VLAN:
To do...
Enter system view
Enter
interface
view or port
group view
Configure the link type of the ports
as hybrid
Configure the hybrid ports to permit
packets from specific MAC-based
VLANs to pass through
Enable the MAC-based VLAN
feature
Configure 802.1X/MAC/portal
authentication or any combination
MAC-based VLAN configuration example
Network requirements
As shown in
•
Ethernet 1/0/1 of Device A and Device C are each connected to a meeting room. Laptop 1 and
Laptop 2 are used for meetings and might be used in either of the two meeting rooms.
Different departments own Laptop 1 and Laptop 2. The two departments use VLAN 100 and VLAN
•
200 respectively. Each laptop must be able to access only its own department server, no matter
which meeting room it is used in.
•
The MAC address of Laptop 1 is 000D-88F8-4E71, and that of Laptop 2 is 0014-222C-AA69.
Use the command...
port pvid disable
Enter Ethernet
interface view
Enter port group
view
Figure
42,
Use the command...
system-view
interface interface-type
interface-number
port-group manual
port-group-name
port link-type hybrid
port hybrid vlan vlan-id-list
{ tagged | untagged }
mac-vlan enable
For more information, see
Security Command
Reference.
129
Remarks
Optional
By default, when a port receives a
packet with an unknown source MAC
address that does not match to any
MAC address-to-VLAN entry, it
forwards the packet in its PVID.
Remarks
—
Use either command.
•
The configuration made in Ethernet
interface view applies only to the port.
•
The configuration made in port group
view applies to all ports in the port
group.
Required
By default, all ports are access ports.
Required
By default, a hybrid port only permits the
packets of VLAN 1 to pass through.
Required
Disabled by default.
Required