Mac-based vlan configuration example, Network requirements – H3C Technologies H3C S10500 Series Switches User Manual

128

To do...

Use the command...

Remarks

Disable the PVID of the port
from forwarding packets with
unknown source MAC

addresses that do not match

any MAC address-to-VLAN

entry

port pvid disable

Optional
By default, when a port receives a

packet with an unknown source MAC

address that does not match to any
MAC address-to-VLAN entry, it

forwards the packet in its PVID.

NOTE:

After you use the mac-vlan trigger enable command to enable dynamic MAC-based VLAN assignment,
H3C recommends that you configure the vlan precedence mac-vlan command to preferentially match

VLANs based on MAC addresses, and do not configure the vlan precedence ip-subnet-vlan command to
preferentially match VLANs based on IP subnet-VLAN entries, because the vlan precedence

ip-subnet-vlan command does not take effect in this case.

Follow these steps to configure dynamic MAC-based VLAN:

To do...

Use the command...

Remarks

Enter system view

system-view

—

Enter Ethernet
interface view

interface interface-type
interface-number

Enter
interface

view or port

group view

Enter port group
view

port-group manual
port-group-name

Use either command.

•

The configuration made in Ethernet
interface view applies only to the port.

•

The configuration made in port group
view applies to all ports in the port
group.

Configure the link type of the ports
as hybrid

port link-type hybrid

Required
By default, all ports are access ports.

Configure the hybrid ports to permit
packets from specific MAC-based

VLANs to pass through

port hybrid vlan vlan-id-list
{ tagged | untagged }

Required
By default, a hybrid port only permits the
packets of VLAN 1 to pass through.

Enable the MAC-based VLAN
feature

mac-vlan enable

Required
Disabled by default.

Configure 802.1X/MAC/portal
authentication or any combination

For more information, see
Security Command
Reference.

Required

MAC-based VLAN configuration example

Network requirements

As shown in

Figure 41

,

•

GigabitEthernet 1/0/1 of Device A and Device C are each connected to a meeting room. Laptop
1 and Laptop 2 are used for meetings and might be used in either of the two meeting rooms.

•

Different departments own Laptop 1 and Laptop 2. The two departments use VLAN 100 and VLAN
200 respectively. Each laptop must be able to access only its own department server, no matter

which meeting room it is used in.

•

The MAC address of Laptop 1 is 000D-88F8-4E71, and that of Laptop 2 is 0014-222C-AA69.