< Home

Configuring MAC Address-based VLAN Assignment

Context

In MAC address-based VLAN assignment mode, you do not need to reconfigure VLANs for users when their physical locations change. This improves security and access flexibility on a network.

When MAC address-based VLAN assignment is enabled, only untagged frames are processed, and tagged frames are treated in the same manner as interface-based VLAN assignment.

When receiving an untagged frame, the interface matches the source MAC address of the frame against the MAC-VLAN table:

  • If an entry is matched, the interface forwards the frame based on the VLAN ID and priority in the entry.

  • If no entry is matched, the interface matches the frame according to other matching rules.

The total number of MAC-VLAN entries is the number of configured MAC-VLAN entries multiplied by the number of interfaces where MAC-VLAN entries are delivered. On different models, the number of MAC-VLAN entries is different:
  • The S5720-EI, S5720-HI, S5720I-SI, S5720S-SI, S5720-SI, S5735-S, S5735S-S, S5735-S-I, S5730-HI, S5731-H, S5731-S, S5731S-H, S5731S-S, S5732-H, S6720-EI, S6720-HI, S6720S-EI, S6730-H, S6730S-H, S6730-S, and S6730S-S support a maximum of 1024 MAC-VLAN entries and a maximum of 64 MAC-VLAN entries with the mask.
  • The S2720-EI, S5720S-LI, S5730-SI, S5730S-EI, S6720-SI, S6720S-SI, S6720-LI, S6720S-LI, S5720-LI, S5735-L, S5735S-L, and S5735S-L-M support a maximum of 512 MAC-VLAN entries and a maximum of 64 MAC-VLAN entries with the mask.
  • Other models support a maximum of 512 MAC-VLAN entries and a maximum of 32 MAC-VLAN entries with the mask.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run vlan vlan-id

    A VLAN is created and the VLAN view is displayed. If the specified VLAN has been created, the VLAN view is directly displayed.

    The VLAN ID is in the range from 1 to 4094. If VLANs need to be created in a batch, run the vlan batch { vlan-id1 [ to vlan-id2 ] } &<1-10> command. Then run the vlan vlan-id command to enter the view of a specified VLAN.

    The vlan configuration command completes the VLAN configurations before the VLAN is created. The vlan configuration command only enters the VLAN configuration view. Neither the corresponding VLAN nor configurations in the VLAN take effect. To make configurations in the VLAN take effect, create the VLAN using the vlan command.

  3. Run mac-vlan mac-address mac-address [ mac-address-mask | mac-address-mask-length ] [ priority priority ]

    A MAC address is associated with a VLAN.

    When the mac-vlan mac-address command with the same MAC address specified is executed multiple times, MAC-VLAN entries take effect according to the longest match principle. On the S5720-EI, S6720-EI, and S6720S-EI, MAC-VLAN entries take effect according to the longest match principle only when the subnet mask has 47 bits or less than 47 bits. A MAC-VLAN entry with a 48-bit subnet mask has the lowest priority.

    • The MAC address is input in an H-H-H format, where each H is a hexadecimal number composed of 1 to 4 alphanumeric characters, such as 00e0 and fc01. If you enter less than four alphanumeric characters, 0s are added before the input digits. For example, if e0 is entered, 00e0 is displayed. The MAC address cannot be all Fs, all 0s, or a multicast MAC address.

    • If a MAC-VLAN entry with a mask is specified (excluding a 48-bit mask or mask with all Fs), the priority cannot be changed normally. To change the priority, run the undo mac-vlan mac-address command to delete the MAC-VLAN entry and then run the mac-vlan mac-address command to change the priority.

    • priority specifies the 802.1p priority of a MAC address-based VLAN. The value is in the range from 0 to 7. A larger value indicates a higher priority. The default value is 0. After the 802.1p priority of a MAC address-based VLAN is specified, the switch forwards high-priority frames first during network congestion.

  4. Run quit

    Return to the system view.

  5. Configure attributes for the Ethernet interface.

    1. Run interface interface-type interface-number

      The view of the interface that allows the MAC address-based VLAN is displayed.

    2. Run port link-type hybrid

      The interface is configured as a hybrid interface.

      On access and trunk interfaces, MAC address-based VLAN assignment can be used only when the MAC address-based VLAN is the same as the PVID. It is recommended that MAC address-based VLAN assignment be configured on hybrid interfaces.

    3. Run port hybrid untagged vlan { { vlan-id1 [ to vlan-id2 ] } &<1-10> | all }

      The hybrid interface is configured to allow the MAC address-based VLAN.

  6. (Optional) Run vlan precedence mac-vlan

    The device is configured to preferentially use MAC address-based VLAN assignment.

    By default, the device preferentially uses MAC address-based VLAN assignment.

    Only the S5720-EI, S5720I-SI, S5720S-SI, S5720-SI, S5735-S, S5735S-S, S5735-S-I, S5730S-EI, S5730-SI, S6720-EI, S6720-LI, S6720S-EI, S6720S-LI, S6720S-SI, and S6720-SI support the vlan precedence command.

    S5720I-SI, S5720S-SI, S5720-SI, S5735-S, S5735S-S, S5735-S-I, S5730S-EI, S5730-SI, S6720-LI, S6720S-LI, S6720S-SI, and S6720-SI supports the vlan precedence command only in the system view. Other switches support the vlan precedence command only in the interface view.

    On the S5720-EI, S6720-EI, and S6720S-EI, if both a subnet VLAN and MAC VLAN with a mask are configured, the MAC VLAN with a mask is matched first regardless of whether the vlan precedence command is used.

  7. Run mac-vlan enable

    MAC address-based VLAN assignment is enabled.

    By default, MAC address-based VLAN assignment is disabled.

    MAC address-based VLAN assignment cannot be used with the MUX VLAN and MAC address authentication on the same interface.

    On the S2720-EI, S5720-HI, S5720I-SI, S5720-LI, S5735-L, S5735S-L, S5735S-L-M, S5720S-LI, S5720S-SI, S5720-SI, S5735-S, S5735S-S, S5735-S-I, S5730-HI, S5730S-EI, S5730-SI, S5731-H, S5731-S, S5731S-H, S5731S-S, S5732-H, S6720-HI, S6720-LI, S6720S-LI, S6720S-SI, S6720-SI, S6730-H, S6730S-H, S6730-S, and S6730S-S, MAC address-based VLAN assignment is invalid for packets with a VLAN ID of 0, regardless of whether the mask of the MAC VLAN is specified. On other models, MAC address-based VLAN assignment is invalid for packets with the VLAN ID of 0 only when the mask of the MAC VLAN is specified.

Configuration Example (a Switch Connects to Downstream Terminals)

In Figure 1, the MAC addresses of PC1, PC2, and PC3 are bound to VLAN 10.

Figure 1 Networking of MAC address-based VLAN assignment (a switch connects to downstream terminals)
<HUAWEI> system-view
[HUAWEI] sysname Switch
[Switch] vlan batch 10
[Switch] interface gigabitethernet 0/0/1
[Switch-GigabitEthernet0/0/1] port link-type hybrid
[Switch-GigabitEthernet0/0/1] port hybrid tagged vlan 10
[Switch-GigabitEthernet0/0/1] quit
[Switch] interface gigabitethernet 0/0/2
[Switch-GigabitEthernet0/0/2] port link-type hybrid
[Switch-GigabitEthernet0/0/2] port hybrid untagged vlan 10
[Switch-GigabitEthernet0/0/2] quit
[Switch] interface gigabitethernet 0/0/3
[Switch-GigabitEthernet0/0/3] port link-type hybrid
[Switch-GigabitEthernet0/0/3] port hybrid untagged vlan 10
[Switch-GigabitEthernet0/0/3] quit
[Switch] interface gigabitethernet 0/0/4
[Switch-GigabitEthernet0/0/4] port link-type hybrid
[Switch-GigabitEthernet0/0/4] port hybrid untagged vlan 10
[Switch-GigabitEthernet0/0/4] quit
[Switch] vlan 10
[Switch-vlan10] mac-vlan mac-address 22-22-22
[Switch-vlan10] mac-vlan mac-address 33-33-33
[Switch-vlan10] mac-vlan mac-address 44-44-44
[Switch-vlan10] quit
[Switch] interface gigabitethernet 0/0/2
[Switch-GigabitEthernet0/0/2] mac-vlan enable
[Switch-GigabitEthernet0/0/2] quit
[Switch] interface gigabitethernet 0/0/3
[Switch-GigabitEthernet0/0/3] mac-vlan enable
[Switch-GigabitEthernet0/0/3] quit
[Switch] interface gigabitethernet 0/0/4
[Switch-GigabitEthernet0/0/4] mac-vlan enable
[Switch-GigabitEthernet0/0/4] quit

Configuration Example (a Switch Connects to Downstream Layer 2 Switches)

In Figure 2, Switch1 connects to a Layer 2 switch. On Switch1, associate MAC addresses of PC1 and PC2 with VLAN 10 and MAC addresses of PC3 and PC4 with VLAN 20.

Figure 2 Networking of MAC address-based VLAN assignment (a switch connects to downstream Layer 2 switches)
<HUAWEI> system-view
[HUAWEI] sysname Switch1
[Switch1] vlan batch 10 20
[Switch1] vlan 10
[Switch1-vlan10] mac-vlan mac-address 11-11-11
[Switch1-vlan10] mac-vlan mac-address 22-22-22
[Switch1-vlan10] quit
[Switch1] vlan 20
[Switch1-vlan20] mac-vlan mac-address 33-33-33
[Switch1-vlan20] mac-vlan mac-address 44-44-44
[Switch1-vlan20] quit
[Switch1] interface gigabitethernet 0/0/1
[Switch1-GigabitEthernet0/0/1] mac-vlan enable
[Switch1-GigabitEthernet0/0/1] quit
[Switch1] interface gigabitethernet 0/0/1
[Switch1-GigabitEthernet0/0/1] port link-type hybrid
[Switch1-GigabitEthernet0/0/1] port hybrid untagged vlan 10 20
[Switch1-GigabitEthernet0/0/1] quit
[Switch1] interface gigabitethernet 0/0/2
[Switch1-GigabitEthernet0/0/2] port link-type trunk
[Switch1-GigabitEthernet0/0/2] port trunk allow-pass vlan 10 20
[Switch1-GigabitEthernet0/0/2] quit

Verifying the Configuration

  • Run the display mac-vlan { mac-address { all | mac-address [ mac-address-mask | mac-address-mask-length ] } | vlan vlan-id } command in any view to check the configuration of MAC address-based VLAN assignment.
  • Run the display vlan command in any view to check information about VLANs.
Parent Topic: Assigning VLANs
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >