Dynamic mac-based vlan assignment – H3C Technologies H3C S5560 Series Switches User Manual

128

a.

The port first performs a fuzzy match as follows:

−

Searches for the MAC-to-VLAN entries whose masks are not all-Fs.

−

Performs a logical AND operation on the source MAC address and each of these masks.

If the result of an AND operation matches the MAC address in a MAC-to-VLAN entry, the
port tags the frame with the VLAN ID specific to this entry.

b.

If the fuzzy match fails, the port performs an exact match. It searches for MAC-to-VLAN entries
whose masks are all-Fs. If the source MAC address of the frame matches the MAC address of
a MAC-to-VLAN entry, the port tags the frame with the VLAN ID specific to this entry.

c.

If no matching VLAN ID is found, other criteria, such as IP subnet or protocol, are used for
VLAN assignment.

d.

If no VLAN is available, the port tags the frame with its PVID.

•

For a tagged frame, the port determines whether the VLAN ID of the frame is permitted on the port.

{

If the VLAN ID of the frame is permitted on the port, the port forwards the frame.

{

If the VLAN ID of the frame is not permitted on the port, the port drops the frame.

Dynamic MAC-based VLAN assignment

When you cannot determine the target MAC-based VLANs of a port, you can use dynamic MAC-based

VLAN assignment on the port. To use dynamic MAC-based VLAN assignment, perform the following

tasks:

1.

Create MAC-to-VLAN entries.

2.

Enable the MAC-based VLAN feature on the port.

3.

Enable dynamic MAC-based VLAN assignment on the port.

Dynamic MAC-based VLAN assignment uses the following workflow, as shown in

Figure 40

:

4.

When a port receives a frame, it first determines whether the frame is tagged.

{

If the frame is tagged, the port reports the source MAC address of the frame.

{

If the frame is untagged, the port selects a VLAN for the frame by using the following matching
order:

−

MAC-based VLAN.

−

IP subnet-based VLAN.

−

Protocol-based VLAN.

−

Port-based VLAN.

After tagging the frame with the selected VLAN, the port reports the source MAC address of the
frame.

5.

The port uses the source address and VLAN of the frame to match the MAC-to VLAN entries.

{

If the source MAC address of the frame exactly matches the MAC address in a MAC-to-VLAN
entry, the port checks whether the VLAN ID of the frame matches the VLAN in the entry.

−

If the two VLAN IDs match, the port joins the VLAN and forwards the frame.

−

If the two VLAN IDs do not match, the port drops the frame.

{

If the source MAC address of the frame does not match any MAC addresses in MAC-to-VLAN
entries exactly, the port checks whether the VLAN ID of the frame is its PVID.

−

If the VLAN ID of the frame is the PVID of the port, the port determines whether it allows the
PVID. If the PVID is allowed, the port forwards the frame within the PVID. If the PVID is not

allowed, the port drops the frame.