The mac-vlan enable command enables MAC address-based VLAN assignment on an interface.
The undo mac-vlan enable command disables MAC address-based VLAN assignment on an interface.
By default, MAC address-based VLAN assignment is disabled on an interface.
Ethernet interface view, GE interface view, XGE interface view, 40GE interface view, 100GE interface view, MultiGE interface view, port group view, Eth-Trunk interface view, 25GE interface view
Usage Scenario
If user devices move frequently on a network, you can use the mac-vlan mac-address command to associate MAC addresses with VLANs. When a user moves, you do not need to assign a VLAN to the user again. This improves security and access flexibility on the network. To enable an interface to forward packets based on associations between MAC addresses and VLANs, you must run the mac-vlan enable command to enable MAC address-based assignment on the interface.
Precautions
On access and trunk interfaces, MAC address-based VLAN assignment can be used only when the MAC address-based VLAN is the same as the PVID. It is recommended that MAC address-based VLAN assignment be configured on hybrid interfaces.
The MUX VLAN function and MAC address-based VLAN assignment cannot be enabled on the same interface.
MAC address-based VLAN assignment and MAC address authentication cannot be enabled on the same interface.
When multiple VLAN assignment methods are configured on the switch, the switch assigns VLANs based on priorities of these methods.
MAC address-based VLAN assignment on an interface and NAC conflict on an interface; therefore, the mac-vlan enable and mac-authen, dot1x enable, web-auth-server or authentication-profile commands cannot be used on the same interface.