< Home

Example for Configuring MAC Address-based VLAN Assignment

Overview

MAC address-based VLAN assignment applies to small-scale networks where user terminals often change physical locations but their NICs seldom change, for example, mobile computers.

VLANs can be assigned based on interfaces, MAC addresses, IP subnets, protocols, and policies (MAC addresses, IP addresses, and interfaces). Table 1 compares different VLAN assignment modes.
Table 1 Comparisons among VLAN assignment modes
VLAN Assignment Mode
Implementation Advantage Disadvantage Usage Scenario

Interface-based VLAN assignment

VLANs are assigned based on interfaces.

A network administrator preconfigures a PVID for each interface on a switch. When an untagged frame arrives at an interface, the switch adds the PVID of the interface to the frame. The frame is then transmitted in the VLAN specified by the PVID.

It is simple to define VLAN members.

The network administrator needs to reconfigure VLANs when VLAN members change.

Applies to networks of any scale and with devices at fixed locations.

MAC address-based VLAN assignment

VLANs are assigned based on source MAC addresses of frames.

A network administrator preconfigures mappings between MAC addresses and VLAN IDs. When receiving an untagged frame, the switch adds the VLAN tag mapping the MAC address of the frame to the frame. Then the frame is transmitted in the specified VLAN.

When physical locations of users change, the network administrator does not need to reconfigure VLANs for the users. This improves security and access flexibility on a network.

The network administrator must predefine VLANs for all members on a network.

Applies to small-scale networks where user terminals often change physical locations but their NICs seldom change, for example, mobile computers.

IP subnet-based VLAN assignment

VLANs are assigned based on source IP addresses and subnet masks.

A network administrator preconfigures mappings between IP addresses and VLAN IDs. When receiving an untagged frame, the switch adds the VLAN tag mapping the IP address of the frame to the frame. Then the frame is transmitted in the specified VLAN.
  • When physical locations of users change, the network administrator does not need to reconfigure VLANs for the users.
  • This mode reduces communication traffic and allows a broadcast domain to span multiple switches.

Users are evenly spread and multiple users are on the same network segment.

Applies to scenarios where there are high requirements for mobility and simplified management and low requirements for security. For example, this mode can be used if a PC with multiple IP addresses needs to access servers on different network segments or a PC needs to join a new VLAN automatically after the PC's IP address changes.

Protocol-based VLAN assignment

VLANs are assigned based on protocol (suite) types and encapsulation formats of frames.

A network administrator preconfigures mappings between protocol types and VLAN IDs. When receiving an untagged frame, the switch adds the VLAN tag mapping the protocol type of the frame to the frame. The frame is then transmitted in the specified VLAN.

This mode binds service types to VLANs, facilitating management and maintenance.
  • The network administrator must preconfigure mappings between all protocol types and VLAN IDs.
  • The switch needs to analyze protocol address formats and convert the formats, which consumes excessive resources. Therefore, this mode slows down switch response time.

Applies to networks using multiple protocols.

Policy-based VLAN assignment (MAC addresses, IP addresses, and interfaces)

VLANs are assigned based on policies such as combinations of interfaces, MAC addresses, and IP addresses.

A network administrator preconfigures policies. When receiving an untagged frame that matches a configured policy, the switch adds a specified VLAN tag to the frame. The frame is then transmitted in the specified VLAN.
  • This mode provides high security. MAC addresses or IP addresses of users who have been bound to VLANs cannot be changed.
  • The network administrator can flexibly select which policies to use according to the management mode and requirements.

Each policy needs to be manually configured.

Applies to complex networks.

Configuration Notes

This example applies to all versions of all switches.

Networking Requirements

In Figure 1, GE1/0/1 interfaces on SwitchA and SwitchB connect to two conference rooms, respectively. Laptop1 and Laptop2 are portal computers used in the two conferences rooms. Laptop1 and Laptop2 belong to two departments, which belong to VLAN 100 and VLAN 200, respectively. Regardless of which conference room in which Laptop1 and Laptop2 are used, Laptop1 and Laptop2 are required to access the servers of their respective departments (Server1 and Server2, respectively). The MAC addresses of Laptop1 and Laptop2 are 0001-00ef-00c0 and 0001-00ef-00c1.

Figure 1 Networking of MAC address-based VLAN assignment

Configuration Roadmap

The configuration roadmap is as follows:

  1. Create VLANs on SwitchA and SwitchB and add interfaces to VLANs to implement Layer 2 connectivity.

  2. Configure MAC address-based VLAN assignment on SwitchA and SwitchB.

  3. Configure transparent transmission of VLAN tagged-packets on the switch so that Laptop1 and Laptop2 can access Server1 and Server2 of their respective departments.

Procedure

  1. Configure SwitchA. The configuration of SwitchB is similar to the configuration of SwitchA, and is not mentioned here. 

    <HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] vlan batch 100 200   //Create VLAN 100 and VLAN 200.
[SwitchA] interface gigabitethernet 1/0/2
[SwitchA-GigabitEthernet1/0/2] port link-type trunk   //The link type of interfaces connecting switches must be trunk. The default link type of an interface is not trunk, so you need to manually configure the trunk interface.
[SwitchA-GigabitEthernet1/0/2] port trunk allow-pass vlan 100 200   //Add GE1/0/2 to VLAN 100 and VLAN 200.
[SwitchA-GigabitEthernet1/0/2] quit
[SwitchA] vlan 100
[SwitchA-vlan100] mac-vlan mac-address 0001-00ef-00c0   //Packets with the MAC address of 0001-00ef-00c0 are transmitted in VLAN 100.
[SwitchA-vlan100] quit
[SwitchA] vlan 200
[SwitchA-vlan200] mac-vlan mac-address 0001-00ef-00c1   //Packets with the MAC address of 0001-00ef-00c1 are transmitted in VLAN 200.
[SwitchA-vlan200] quit
[SwitchA] interface gigabitethernet 1/0/1 
[SwitchA-GigabitEthernet1/0/1] port link-type hybrid   //MAC address-based VLAN assignment can only be enabled on hybrid interfaces. In V200R005C00 and later versions, the default link type of an interface is not hybrid, so you need to manually configure the hybrid interface.
[SwitchA-GigabitEthernet1/0/1] port hybrid untagged vlan 100 200   //Add the interface to VLAN 100 and VLAN 200 in untagged mode.
[SwitchA-GigabitEthernet1/0/1] mac-vlan enable   //Enable MAC address-based VLAN assignment on the interface.
[SwitchA-GigabitEthernet1/0/1] quit

  2. Configure the switch. The configurations of GE1/0/2, GE1/0/3, and GE1/0/4 are similar to the configuration of GE1/0/1, and are not mentioned here. 

    <HUAWEI> system-view
[HUAWEI] sysname Switch
[Switch] vlan batch 100 200
[Switch] interface gigabitethernet 1/0/1
[Switch-GigabitEthernet1/0/1] port link-type trunk
[Switch-GigabitEthernet1/0/1] port trunk allow-pass vlan 100 200  //Add GE1/0/1 to VLAN 100 and VLAN 200.
[Switch-GigabitEthernet1/0/1] quit

  3. Verify the configuration.

    # Run the display mac-vlan mac-address all command in any view to check the configuration of MAC address-based VLAN assignment.

    [SwitchA] display mac-vlan mac-address all
---------------------------------------------------                             
MAC Address     MASK            VLAN    Priority                                
---------------------------------------------------                             
0001-00ef-00c0  ffff-ffff-ffff  100     0                                       
0001-00ef-00c1  ffff-ffff-ffff  200     0                                       
                                                                                
Total MAC VLAN address count: 2

Configuration Files

SwitchA configuration file

#
sysname SwitchA
#
vlan batch 100 200
#
interface GigabitEthernet1/0/1
 port link-type hybrid
 port hybrid untagged vlan 100 200
 mac-vlan enable
#
interface GigabitEthernet1/0/2
 port link-type trunk
 port trunk allow-pass vlan 100 200
#
vlan 100                                                                        
 mac-vlan mac-address 0001-00ef-00c0 priority 0                                 
vlan 200                                                                        
 mac-vlan mac-address 0001-00ef-00c1 priority 0 
#
return

SwitchB configuration file

#
sysname SwitchB
#
vlan batch 100 200
#
interface GigabitEthernet1/0/1
 port link-type hybrid
 port hybrid untagged vlan 100 200
 mac-vlan enable
#
interface GigabitEthernet1/0/2
 port link-type trunk
 port trunk allow-pass vlan 100 200
#
vlan 100                                                                        
 mac-vlan mac-address 0001-00ef-00c0 priority 0                                 
vlan 200                                                                        
 mac-vlan mac-address 0001-00ef-00c1 priority 0 
#
return

Switch configuration file

#
sysname Switch
#
vlan batch 100 200
#
interface GigabitEthernet1/0/1
 port link-type trunk
 port trunk allow-pass vlan 100 200
#
interface GigabitEthernet1/0/2
 port link-type trunk
 port trunk allow-pass vlan 100 200
#
interface GigabitEthernet1/0/3
 port link-type trunk
 port trunk allow-pass vlan 100 200
#
interface GigabitEthernet1/0/4
 port link-type trunk
 port trunk allow-pass vlan 100 200
#
return
Parent Topic: Typical VLAN Configuration
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >