Based on the mac address VLAN division method, it is a dynamic VLAN division method. The main idea is to associate the mac address on the user equipment with a VLAN. It has been realized that the VLAN to which the user computer is connected will remain the same VLAN no matter which switch the user computer is connected to.
The division of VLANs based on MAC addresses can make the corresponding switch port become a member of the VLAN to which the MAC address of the user computer’s network card is mapped regardless of which converter the user computer is connected to and which switch port is connected to it. When the user computer changes the connected port, the VLAN is re-divided, which can further improve the security of the end user (will not be easily illegally changed the VLAN configuration) and the flexibility of access (the user computer can be in the network according to actual needs.
The VLAN based on MAC address only handles Untagged data frames, because the VLANs described here are single-layer VLAN tags (QinQ can implement double-layer VLAN tags).Only the received data frames do not have VLAN tags in accordance with the switch. On the mapping relationship between the MAC address and VLAN ID configured on the data frame, add the corresponding VLAN tag in the data frame. In addition, dividing VLANs based on MAC addresses can only be performed on Hybrid ports. The division of VLANs based on MAC addresses is mainly for end-user devices, not for other network devices, because the data frames sent on the ports connected between other network devices are usually tagged with VLANs, even if it is a hybrid type interface.
When the data frame received by the Hybrid port of the switch is an Untagged data frame, the port will match the MAC-VLAN mapping entry based on the source MAC address of the data frame. If the match is successful, the matched VLAN ID tag is added to the corresponding data frame, and then forwarded according to the corresponding VLAN ID and priority; if the match fails, the match is made according to other matching principles (such as other VLAN division rules). When the switch port receives Tagged data frames (it is only possible on the ports connected between the devices), the processing method is similar to the port-based VLAN, according to the rules of data receiving and sending of Hybrid type ports.
The configuration idea of dividing VLAN based on MAC address is as follows:
(1) Create a VLAN to be used to associate with the MAC address of the user host
(2) Associate user MAC addresses in the VLAN view created above, and establish a mapping table between MAC addresses and VLANs to determine which user MAC addresses can be divided into the VLANs created above.
(3) Configure the Layer 2 Ethernet port type of the switch to which each user is connected as Hybrid, and allow the previously created VLAN based on MAC address division to pass through the current port without VLAN tags. Because all Layer 2 Ethernet ports of Huawei switches are Hybrid by default, the port type is not configured by default.
(4) (Optional) Configure the priority of the VLAN division method to ensure that the VLAN is preferentially divided based on the MAC address. By default, priority is given to dividing VLANs based on MAC addresses, but the way of prioritization can be changed through configuration
(5) On the Hybrid switch port (note that it is not necessary to configure it on the Hybrid port connected to the user’s computer), enable the function of dividing VLANs based on MAC addresses and complete the division of VLANs based on MAC addresses.
[SW]interface Ethernet 0/0/22
[SW-Ethernet0/0/22]port link-type hybrid
[SW-Ethernet0/0/22]port hybrid tagged vlan 10
[SW]interface Ethernet 0/0/1
[SW-Ethernet0/0/1]port link-type hybrid
[SW-Ethernet0/0/1]port hybrid untagged vlan 10
[SW-vlan10]mac-vlan mac-address 56-1A-FB
IE-LAB provides valid materials(accurate dumps) to help you pass your CCIE. For the written, we have valid workbooks that cover all real exam questions. You can easily pass the exam, usually 7 days’ preparation in enough. For the Lab exam, we will offer valid workbooks（real exam）, rack which is the same as real exam, one to one support, professional tutor and timely update.
This article is exclusively published by James from IELAB.NETWORK and cannot be reproduced without permission.
We have huge promotion going on right now, this is your best chance to get accurate written and lab materials.
Get any two Cisco written dumps for 150USD only.
Deposit 150USD now and enjoy 50% off for CCIE next-level lab.
Get 100% accurate CCIE/ CCNP/CCNA dumps in IELAB .
Please follow us if you like our articles.
visit us: http://ielab.network
Facebook : https://www.facebook.com/ielab.network/