Server-assigned mac-based vlan – H3C Technologies H3C S5560 Series Switches User Manual

Page 163

129

−

If the VLAN ID of the frame is not the PVID of the port, the port matches the VLAN ID of the

frame by using other criteria, such as IP subnet or protocol, and forwards the frame. If no
VLAN is available, the port drops the frame.

Figure 40 Flowchart for processing a frame in dynamic MAC-based VLAN assignment

When you configure dynamic MAC-based VLAN assignment, follow these guidelines:

•

When a port joins a VLAN specified in the MAC-to-VLAN entry, one of the following events occurs
depending on the port configuration:

{

If the port has not been configured to allow packets from the VLAN to pass through, the port
joins the VLAN as an untagged member.

{

If the port has been configured to allow packets from the VLAN to pass through, the port
configuration remains the same.

•

If you configure both static and dynamic MAC-based VLAN assignments on a port, dynamic
MAC-based VLAN assignment takes effect.

•

When a packet matches a MAC-to-VLAN entry, the device determines a forwarding policy for the
packet according to the 802.1p priority of the VLAN in the MAC-to-VLAN entry.

Server-assigned MAC-based VLAN

Use the server-assigned MAC-based VLAN feature with access authentication, such as MAC-based

802.1X authentication, to implement secure and flexible terminal access. In addition to configuring the

server-assigned MAC-based VLAN feature on the device, you must configure the username-to-VLAN

entries on the access authentication server.
When a user passes authentication of the access authentication server, the server issues the VLAN ID for

the user to the device. The device then performs the following operations:

Generates a MAC-to-VLAN entry by using the source MAC address of the user packet and the
received VLAN ID. The VLAN is a MAC-based VLAN.

Yes

Match MAC and VLAN

of the frame against

MAC-to-VLAN entries

MAC addresses

exactly match?

VLAN IDs

match?

Drops the frame

Joins the VLAN

Forwards the frame in

the VLAN

The port receives a

frame

Assigns a VLAN by

using other criteria

Drops the frame

VLAN ID match the

port PVID?

PVID allowed?

Available VLAN

exists?

Tagged frame ?

Selects a VLAN for the

frame

Reports the source MAC

This manual is related to the following products:

H3C S5130 Series Switches H3C S5120 Series Switches H3C SR8800 H3C SR6600-X H3C SR6600 H3C MSR 5600 H3C MSR 50 H3C MSR 3600 H3C MSR 30 H3C MSR 2600 H3C MSR 20-2X[40] H3C MSR 20-1X H3C MSR 930 H3C MSR 900 H3C WX6000 Series Access Controllers H3C WX5000 Series Access Controllers H3C WX3000 Series Unified Switches H3C LSWM1WCM10 Access Controller Module H3C LSWM1WCM20 Access Controller Module H3C LSQM1WCMB0 Access Controller Module H3C LSRM1WCM2A1 Access Controller Module H3C LSBM1WCM2A0 Access Controller Module