MAC-based VLAN configuration example
Network requirements
As shown in Figure 43:
Ten-GigabitEthernet 1/0/1 of Device A and Device C are each connected to a meeting room. Laptop 1 and Laptop 2 are used for meetings and might be used in either of the two meeting rooms.
Different departments own Laptop 1 and Laptop 2. The two departments use VLANs 100 and 200, respectively.
Configure MAC-based VLANs, so that each laptop is able to access only its own department server, no matter which meeting room they are used in.
Figure 43: Network diagram
Configuration procedure
Configure Device A:
# Create VLANs 100 and 200.
<DeviceA> system-view [DeviceA] vlan 100 [DeviceA-vlan100] quit [DeviceA] vlan 200 [DeviceA-vlan200] quit
# Associate the MAC addresses of Laptop 1 and Laptop 2 with VLANs 100 and 200, respectively.
[DeviceA] mac-vlan mac-address 000d-88f8-4e71 vlan 100 [DeviceA] mac-vlan mac-address 0014-222c-aa69 vlan 200
# Configure Ten-GigabitEthernet 1/0/1 as a hybrid port to forward packets from VLANs 100 and 200 without VLAN tags.
[DeviceA] interface ten-gigabitethernet 1/0/1 [DeviceA-Ten-GigabitEthernet1/0/1] port link-type hybrid [DeviceA-Ten-GigabitEthernet1/0/1] port hybrid vlan 100 200 untagged
# Enable the MAC-based VLAN feature on Ten-GigabitEthernet 1/0/1.
[DeviceA-Ten-GigabitEthernet1/0/1] mac-vlan enable [DeviceA-Ten-GigabitEthernet1/0/1] quit
# Configure the uplink port Ten-GigabitEthernet 1/0/2 as a trunk port, and assign it to VLANs 100 and 200.
[DeviceA] interface ten-gigabitethernet 1/0/2 [DeviceA-Ten-GigabitEthernet1/0/2] port link-type trunk [DeviceA-Ten-GigabitEthernet1/0/2] port trunk permit vlan 100 200 [DeviceA-Ten-GigabitEthernet1/0/2] quit
Configure Device B:
# Create VLAN 100 and assign Ten-GigabitEthernet 1/0/13 to VLAN 100.
<DeviceB> system-view [DeviceB] vlan 100 [DeviceB-vlan100] port ten-gigabitethernet 1/0/13 [DeviceB-vlan100] quit
# Create VLAN 200 and assign Ten-GigabitEthernet 1/0/14 to VLAN 200.
[DeviceB] vlan 200 [DeviceB-vlan200] port ten-gigabitethernet 1/0/14 [DeviceB-vlan200] quit
# Configure Ten-GigabitEthernet 1/0/3 as a trunk port, and assign the port to VLANs 100 and 200.
[DeviceB] interface ten-gigabitethernet 1/0/3 [DeviceB-Ten-GigabitEthernet1/0/3] port link-type trunk [DeviceB-Ten-GigabitEthernet1/0/3] port trunk permit vlan 100 200 [DeviceB-Ten-GigabitEthernet1/0/3] quit
# Configure Ten-GigabitEthernet 1/0/4 as a trunk port, and assign the port to VLANs 100 and 200.
[DeviceB] interface ten-gigabitethernet 1/0/4 [DeviceB-Ten-GigabitEthernet1/0/4] port link-type trunk [DeviceB-Ten-GigabitEthernet1/0/4] port trunk permit vlan 100 200 [DeviceB-Ten-GigabitEthernet1/0/4] quit
Configure Device C in the same way as the Device A is configured. (Details not shown.)
Verifying the configuration
# Verify that Laptop 1 can access only Server 1, and Laptop 2 can access only Server 2. (Details not shown.)
# Verify the MAC-to-VLAN entries on Device A and Device C, for example, Device A.
[DeviceA] display mac-vlan all The following MAC VLAN addresses exist: S:Static D:Dynamic MAC address Mask VLAN ID Dot1q State 000d-88f8-4e71 ffff-ffff-ffff 100 0 S 0014-222c-aa69 ffff-ffff-ffff 200 0 S Total MAC VLAN address count: 2