Step...
8.
Disable the PVID of the
port from forwarding
packets with unknown
source MAC addresses
that do not match any
MAC address-to-VLAN
entry
Configuring a dynamic MAC-based VLAN
Step...
1.
Enter system view
2.
Enter
interface
view or
port
group
view
3.
Configure the link type of the
ports as hybrid
4.
Configure the hybrid ports to
permit packets from specific
MAC-based VLANs to pass
through
5.
Enable the MAC-based VLAN
feature
6.
Configure 802.1X/MAC
authentication or any
combination
Configuring MAC-based VLAN
Network requirements
As shown in
GigabitEthernet 1/0/1 of Device A and Device C are each connected to a meeting room. Laptop 1
and Laptop 2 are used for meetings and can be used in either of the two meeting rooms.
Different departments own Laptop 1 and Laptop 2. The two departments use VLAN 100 and VLAN
200, respectively. Each laptop must be able to access only its own department server, no matter
which meeting room it is used in.
The MAC address of Laptop 1 is 000D-88F8-4E71, and that of Laptop 2 is 0014-222C-AA69.
Command...
port pvid disable
Command...
system-view
Enter Ethernet
interface interface-type
interface view
interface-number
Enter port group
port-group manual port-
view
group-name
port link-type hybrid
port hybrid vlan vlan-id-list
{ tagged | untagged }
mac-vlan enable
For more information, see
Security Command
Reference.
Figure
38,
Remarks
Optional
By default, when a port receives a
packet with an unknown source
MAC address that does not match to
any MAC address-to-VLAN entry, it
forwards the packet in its PVID
Remarks
—
Use either command:
The configuration made in Ethernet
interface view only applies to the
port
The configuration made in port group
view applies to all ports in the port
group
Required
By default, all ports are access ports
Required
By default, a hybrid port only permits the
packets of VLAN 1 to pass through
Required
Disabled by default
Required
117