Mac-based vlans, Mac-based vlan guidelines – Extreme Networks 200 Series User Manual
Page 107
MAC-Based VLANs
Summit 200 Series Switch Installation and User Guide
105
MAC-Based VLANs
MAC-Based VLANs allow physical ports to be mapped to a VLAN based on the source MAC address
learned in the FDB. This feature allows you to designate a set of ports that have their VLAN
membership dynamically determined by the MAC address of the end station that plugs into the
physical port. You can configure the source MAC address-to-VLAN mapping either offline or
dynamically on the switch. For example, you could use this application for a roaming user who wants
to connect to a network from a conference room. In each room, the user plugs into one of the designated
ports on the switch and is mapped to the appropriate VLAN. Connectivity is maintained to the network
with all of the benefits of the configured VLAN in terms of QoS, routing, and protocol support.
MAC-Based VLAN Guidelines
When using the MAC-to-VLAN mapping, consider the following guidelines:
•
A port can only accept connections from an endstation/host and should not be connected to a
layer-2 repeater device. Connecting to a layer-2 repeater device can cause certain addresses to not be
mapped to their respective VLAN if they are not correctly configured in the MAC-VLAN
configuration database. If a repeater device is connected to a MAC-Based VLAN port, and the
configured MAC-to-VLAN mapped station enters on the repeater, any endstation that is attached to
the repeater can be mapped to that VLAN while the configured endstation is active in that VLAN.
Upon removal of the configured MAC-to-VLAN endstation, all other endstations lose connectivity.
•
Groups are used as a security measure to allow a MAC address to enter into a VLAN only when the
group mapping matches the port mapping.
As an example, the following configuration allows MAC 00:00:00:00:00:aa to enter into the VLAN
only on ports 10 and 11 because of membership in group 100:
* Summit48:50 # show mac
Port
Vlan
Group
State
10
MacVlanDiscover
100
Discover
11
MacVlanDiscover
100
Discover
12
MacVlanDiscover
any
Discover
13
MacVlanDiscover
any
Discover
14
MacVlanDiscover
any
Discover
Total Entries in Database:2
Mac
Vlan
Group
00:00:00:00:00:aa
sales
100
00:00:00:00:00:01
sales
any
2 matching entries
•
The group “any” is equivalent to the group “0”. Ports that are configured as “any” allow any MAC
address to be assigned to a VLAN, regardless of group association.
•
Partial configurations of the MAC to VLAN database can be downloaded to the switch using the
timed download configuration feature.