Configuring mac-based vlan, Manually configuring a static mac-based vlan – H3C Technologies H3C S7500E Series Switches User Manual

15-15

If you manually assign a port to static MAC-based VLANs and also enable MAC-based dynamic port
assignment on it, the port discards packets whose source MAC addresses do not exactly match any
MAC-to-VLAN mapping.

Approach 3: Configuring dynamic MAC-based VLAN issuing

The dynamic MAC-based VLAN issuing feature is used in conjunction with security features such as
802.1X to provide secure, flexible network access for terminal devices. After enabling MAC-based
VLAN on the switch, you still must create MAC-to-VLAN mappings on the access authentication
server.

When a user goes online, the access authentication server first authenticates the user. If the user
passes authentication, the server issues VLAN information to the switch. Based on the issued VLAN
information and the source MAC address carried in the user’s packets, the switch automatically
generates a MAC-to-VLAN mapping entry and adds the MAC-based VLAN to the permitted VLAN list
of the access port. When the user goes offline, the switch automatically removes the MAC-to-VLAN
mapping entry and removes the MAC-based VLAN from the permitted VLAN list of the access port.

Configuring MAC-Based VLAN

MAC-based VLANs are available only on hybrid ports.

Because MAC-based dynamic port assignment is mainly configured on the downlink ports of the
user access devices, do not enable this function together with link aggregation.

Manually configuring a static MAC-based VLAN

Follow these steps to manually create static MAC-based VLANs and assign ports to them:

To do...

Use the command...

Remarks

Enter system view

system-view

—

Associate MAC addresses

with a VLAN

mac-vlan mac-address

mac-address

[ mask mac-mask ]

vlan vlan-id

[ priority priority ]

Required

Enter

Ethernet

Enter Ethernet

interface view

interface interface-type

interface-number

Use either command.

In Ethernet interface view, the