No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Common Operation Guide

CloudEngine 12800, 12800E, 8800, 7800, 6800, and 5800 Series Switches

Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring MAC Address-based VLAN Assignment

Configuring MAC Address-based VLAN Assignment

Networking Requirements

On an enterprise network, the network administrator adds users in a department to the same VLAN. To improve information security, only users in this department are allowed to access the intranet.

In Figure 18-5, User1, User2, and User3 connect to the key department demanding high security. It is required that only the three users be allowed to access the intranet through Switch.

To improve information security of the key department, you can configure MAC address-based VLAN assignment and bind MAC addresses of User1, User2, and User3 to a VLAN.

Figure 18-5  Networking diagram for configuring MAC address-based VLAN assignment

Configuration Roadmap

The configuration roadmap is as follows:

  1. Create VLANs and determine the VLANs to which the users belong.

  2. Add Ethernet interfaces to VLANs so that packets from the VLANs are allowed to pass through the interfaces.

  3. Associate MAC addresses of User1, User2, and User3 with VLANs so that the VLANs are assigned based on source MAC addresses in packets.

Procedure

  1. Configure Switch.

    # Create VLANs.

    <HUAWEI> system-view
    [~HUAWEI] sysname Switch
    [*HUAWEI] commit
    [~Switch] vlan batch 10
    [*Switch] commit
    

    # Add interfaces to VLANs. The configurations of 10GE1/0/3 and 10GE1/0/4 are similar to the configuration of 10GE1/0/2, and are not mentioned here.

    [~Switch] interface 10ge 1/0/1
    [~Switch-10GE1/0/1] port link-type hybrid
    [*Switch-10GE1/0/1] port hybrid tagged vlan 10
    [*Switch-10GE1/0/1] quit
    [*Switch] interface 10ge 1/0/2
    [*Switch-10GE1/0/2] port link-type hybrid
    [*Switch-10GE1/0/2] port hybrid untagged vlan 10
    [*Switch-10GE1/0/2] quit
    [*Switch] commit
    

    # Associate MAC addresses of User with VLAN 10.

    [~Switch] vlan 10
    [~Switch-vlan10] mac-vlan mac-address 22-22-22
    [*Switch-vlan10] mac-vlan mac-address 33-33-33
    [*Switch-vlan10] mac-vlan mac-address 44-44-44
    [*Switch-vlan10] quit
    [*Switch] commit
    

    # Enable MAC address-based VLAN assignment on 10GE1/0/2. The configurations of 10GE1/0/3 and 10GE1/0/4 are similar to the configuration of 10GE1/0/2, and are not mentioned here.

    [~Switch] interface 10ge 1/0/2
    [~Switch-10GE1/0/2] mac-vlan enable
    [*Switch-10GE1/0/2] quit
    [*Switch] commit
    

  2. Verify the configuration.

    User1, User2, and User3 can access the intranet, whereas other users cannot access the intranet.

Translation
Download
Updated: 2018-10-08

Document ID: EDOC1000102369

Views: 141062

Downloads: 3153

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next