User guide
E
XTREME
W
ARE
S
OFTWARE
U
SER
G
UIDE
6-21
MAC-B
ASED
VLAN
S
MAC-B
ASED
VLAN G
UIDELINES
When using the MAC-to-VLAN mapping, consider the following guidelines:
• A port can only accept connections from an endstation/host and should not be
connected to a layer-2 repeater device. Connecting to a layer-2 repeater device can
cause certain addresses to not be mapped to their respective VLAN if they are not
correctly configured in the MAC-VLAN configuration database. If a repeater device
is connected to a MAC-Based VLAN port, and the configured MAC-to-VLAN
mapped station enters on the repeater, any endstation that is attached to the repeater
can be mapped to that VLAN while the configured endstation is active in that
VLAN. Upon removal of the configured MAC-to-VLAN endstation, all other
endstations lose connectivity.
• Groups are used as a security measure to allow a MAC address to enter into a
VLAN only when the group mapping matches the port mapping. As an example,
the following configuration allows MAC 00:00:00:00:00:aa to enter into the VLAN
only on ports 10 and 11 because of membership in group 100:
* Summit48:50 # show mac
Port Vlan Group State
10 MacVlanDiscover 100 Discover
11 MacVlanDiscover 100 Discover
12 MacVlanDiscover any Discover
13 MacVlanDiscover any Discover
14 MacVlanDiscover any Discover
Total Entries in Database:2
Mac Vlan Group
00:00:00:00:00:aa sales 100
00:00:00:00:00:01 sales any
2 matching entries
• The group “any” is equivalent to the group “0”. Ports that are configured as “any”
allow any MAC address to be assigned to a VLAN, regardless of group association.
• Partial configurations of the MAC to VLAN database can be downloaded to the
switch using the timed download configuration feature.
MAC-B
ASED
VLAN L
IMITATIONS
The following list contains the limitations of MAC-based VLANs:
• Ports participating in MAC VLANs must first be removed from any static VLANs.
• The MAC- to-VLAN mapping can only be associated with VLANs that exist on the
switch.