MAC Address-Based VLAN Configuration 91MAC Address-BasedVLAN ConfigurationIntroduction to MACAddress-Based VLANWith MAC address-based VLANs created, the VLAN to which a packet belongs isdetermined by its source MAC address, and packets in a MAC address-basedVLAN are forwarded after being tagged with the tag of the VLAN. This function isusually coupled with the security technologies (such as 802.1X) to provide secureand flexible network accesses for terminal devices.MAC address-based VLAN implementationWith MAC address-based VLANs created on a port, the port operates as follows:■ If an untagged packet is received, the port checks its MAC address VLANentries for the one that matches the source MAC address of the packet. If theentry exists, the packet is forwarded based on the matched VLAN ID and theprecedence value; otherwise, the packet is forwarded based on other matchrules.■ If a tagged packet is received, the port processes the packet in the same way asit processes port-based VLAN packets, that is, forwards the packet if the VLANcorresponding to the VLAN tag is permitted by the port or drops the packet ifthe VLAN corresponding to the VLAN tag is not permitted by the port.The ways to create MAC address-based VLANsA MAC address-based VLAN can be created in one of the following two ways.■ Static configuration (through CLI)You can associate MAC addresses and VLANs by using corresponding commands.■ Auto configuration though the authentication server (that is, VLAN issuing)The device associates MAC addresses and VLANs dynamically based on theinformation provided by the authentication server. If a user goes offline, thecorresponding MAC address-to-VLAN association is removed automatically. Autoconfiguration requires MAC address-to-VLAN mapping relationship be configuredon the authentication server. For detailed information, refer to “VLAN Assigning”on page 740.The two configuration methods can be used at the same time, that is, you canconfigure a MAC address-to-VLAN entry on both the local device and theauthentication serer at the same time. Note that the MAC address-to-VLAN entryconfiguration takes effect only when the configuration on the local device isconsistent with that on the authentication server.Configuring a MACAddress-Based VLANn MAC address-based VLANs are available only on Hybrid ports.Follow these steps to configure a MAC address-based VLAN: