125
−
If the VLAN ID of the frame is not the PVID of the port, the port matches the VLAN ID of
the frame by using other criteria, such as IP subnet or protocol, and forwards the frame.
If no VLAN is available, the port drops the frame.
Figure 37 Flowchart for processing a frame in dynamic MAC-based VLAN assignment
When you configure dynamic MAC-based VLAN assignment, follow these guidelines:
•
When a port joins a VLAN specified in the MAC-to-VLAN entry, one of the following events
occurs depending on the port configuration:
{
If the port has not been configured to allow packets from the VLAN to pass through, the port
joins the VLAN as an untagged member.
{
If the port has been configured to allow packets from the VLAN to pass through, the port
configuration remains the same.
•
If you configure both static and dynamic MAC-based VLAN assignments on a port, dynamic
MAC-based VLAN assignment takes effect.
•
When a packet matches a MAC-to-VLAN entry, the device determines a forwarding policy for
the packet according to the 802.1p priority of the VLAN in the MAC-to-VLAN entry.
Server-assigned MAC-based VLAN
Use the server-assigned MAC-based VLAN feature with access authentication, such as MAC-based
802.1X authentication, to implement secure and flexible terminal access. In addition to configuring
the server-assigned MAC-based VLAN feature on the device, you must configure the
username-to-VLAN entries on the access authentication server.
When a user passes authentication of the access authentication server, the server issues the VLAN
ID for the user to the device. The device then performs the following operations:
1.
Generates a MAC-to-VLAN entry by using the source MAC address of the user packet and the
received VLAN ID. The VLAN is a MAC-based VLAN.
2.
Assigns the port that connects the user to the MAC-based VLAN.
No
Yes
No
Yes
No
No
Yes
Yes
No
Yes
Yes
No
Match MAC and VLAN
of the frame against
MAC-to-VLAN entries
MAC addresses
exactly match?
VLAN IDs
match?
Drops the frame
Joins the VLAN
Forwards the frame in
the VLAN
The port receives a
frame
Assigns a VLAN by
using other criteria
Drops the frame
VLAN ID match the
port PVID?
PVID allowed?
Available VLAN
exists?
Tagged frame ?
Selects a VLAN for the
frame
Reports the source MAC