24.7.1 Overview
MAC VLANs divide VLAN groups by source MAC address. MAC addresses can be registered with VLANs by configuration, or dynamically through the Layer 2 authentication functionality.
MAC VLANs can be set to allow communication only with terminals permitted to connect by registering MAC addresses of permitted terminals during configuration, or by registering MAC addresses authenticated using the Layer 2 authentication functionality.
In addition, if the mac-based-vlan static-only configuration command is set, the mac-address configuration command can be used to set as many MAC addresses as the maximum allowable MAC VLAN count permits. In this case, the Layer 2 authentication functionality cannot be run.
The figure below shows an example MAC VLAN configuration. When a trunk port is set between switches comprising a VLAN, VLANs are determined by VLAN tags regardless of source MAC addresses. Therefore, all switches do not need to be set with the same MAC address. The MAC address of the terminal connected to the MAC port is set for each switch.
|
|
![[Figure Data]](./GRAPHICS/ZU115080.GIF)