R3303-HP HSR6800 Routers Layer 2 - LAN Switching Configuration Guide

Figure 37 Flowchart for processing a frame in dynamic MAC-based VLAN assignment

When you configure dynamic MAC-based VLAN assignment, follow these guidelines:

• When a port is assigned to the corresponding VLAN in a MAC address-to-VLAN entry, but has not

been assigned to the VLAN by using the port hybrid vlan command, the port sends packets from

the VLAN with VLAN tags removed.

• If you configure both static and dynamic MAC-based VLAN assignment on the same port, dynamic

MAC-based VLAN assignment applies.

• When a packet matches a MAC address-to-VLAN entry, the device picks a forwarding policy for

the packet according to the 802.1p priority mapped to the MAC address.

Dynamic MAC-based VLAN

You can use dynamic MAC-based VLAN with access authentication (such as 802.1X authentication

based on MAC addresses) to implement secure, flexible terminal access. After configuring dynamic

MAC-based VLAN on the device, you must configure the username-to-VLAN entries on the access

authentication server.

When a user passes authentication of the access authentication server, the device obtains VLAN

information from the server, generates a MAC address-to-VLAN entry by using the source MAC address

of the user packet and the VLAN information, and assigns the port to the MAC-based VLAN. When the

user goes offline, the device automatically deletes the MAC address-to-VLAN entry, and removes the port

from the MAC-based VLAN. For more information about 802.1X, MAC, and portal authentication, see

Security Configuration Guide.

Configuration restrictions and guidelines

The following guidelines apply for MAC-based VLAN configuration: