Mac-Based Vlan Configuration; Introduction To Mac-Based Vlan - H3C SR8800 Configuration Manual

10g core routers layer 2 - lan switching

Hide thumbs Also See for SR8800:

Command reference manual (107 pages)

Manual (5 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

page of 159

/ 159
Contents
Table of Contents
Bookmarks

Table of Contents

Tagged

GigabitEthernet3/1/3

Untagged Ports:

GigabitEthernet3/1/1

[DeviceA-GigabitEthernet3/1/3] display vlan 200

VLAN ID: 200

VLAN Type: static

Route Interface: not configured

Description: VLAN 0200

Name: VLAN 0200

Broadcast MAX-ratio: 100%

Tagged

GigabitEthernet3/1/3

Untagged Ports:

GigabitEthernet3/1/2

MAC-based VLAN configuration

Introduction to MAC-based VLAN

The MAC-based VLAN feature assigns hosts to a VLAN based on their MAC addresses. This feature is

mostly used in conjunction with security technologies such as 802.1X to provide secure, flexible network

access for terminal devices.

Static MAC-based VLAN assignment

Static MAC-based VLAN assignment applies to networks containing a small number of VLAN users. In

such a network, you can create a MAC address-to-VLAN map containing multiple MAC

address-to-VLAN entries on a port, enable MAC-based VLAN on the port, and assign the port to

MAC-based VLANs.

With static MAC-based VLAN assignment configured on a port, the device processes received frames by

using the following guidelines:

When the port receives an untagged frame, the device looks up the MAC address-to-VLAN map

•

based on the source MAC address of the frame for a match. The device first performs a fuzzy match.

In the fuzzy match, the device searches the MAC address-to-VLAN entries whose masks are not

all-Fs and performs a logical AND operation on the source MAC address and each mask. If the

result of an AND operation matches the corresponding MAC address, the device tags the frame

with the corresponding VLAN ID. If the fuzzy match fails, the device performs an exact match. In the

exact match, the device searches the MAC address-to-VLAN entries whose masks are all-Fs. If the

MAC address of a MAC address-to-VLAN entry matches the source MAC address of the untagged

frame, the device tags the frame with the corresponding VLAN ID. If no match is found, the device

assigns a VLAN to the frame by using other criteria, such as IP address. If no match is found, the

device tags the frame with the PVID of the receiving port and forwards the frame.

When the port receives a tagged frame, the port forwards the frame if the VLAN ID of the frame is

•

permitted by the port, or otherwise drops the frame.

Dynamic MAC-based VLAN

You can use dynamic MAC-based VLAN with access authentication (such as 802.1X authentication

based on MAC addresses) to implement secure, flexible terminal access. After configuring dynamic

Ports:

Table of Contents

Mac-Based Vlan Configuration; Introduction To Mac-Based Vlan - H3C SR8800 Configuration Manual

MAC-based VLAN configuration

Introduction to MAC-based VLAN

Related Manuals for H3C SR8800

Related Content for H3C SR8800

Table of Contents