Configuring MAC VLAN

CHAPTERS

1. Overview

2. MAC VLAN Configuration

3. Configuration Example

4. Appendix: Default Parameters

This guide applies to:

T1500G-8T v2 or above, T1500G-10PS v2 or above, T1500G-10MPS v2 or above, T1500-28PCT v3 or above, T1600G-18TS v2 or above, T1600G-28TS v3 or above, T1600G-28PS v3 or above, T1600G-52TS v3 or above, T1600G-52PS v3 or above, T1700X-16TS v3 or above, T1700G-28TQ v3 or above, T2500G-10TS v2 or above, T2600G-18TS v2 or above, T2600G-28TS v3 or above, T2600G-28MPS v3 or above, T2600G-28SQ v1 or above, T2600G-52TS v3 or above.

1Overview

VLAN is generally divided by ports. It is a common way of division but isn’t suitable for those networks that require frequent topology changes. With the popularity of mobile office, at different times a terminal device may access the network via different ports. For example, a terminal device that accessed the switch via port 1 last time may change to port 2 this time. If port 1 and port 2 belong to different VLANs, the user has to re-configure the switch to access the original VLAN. Using MAC VLAN can free the user from such a problem. It divides VLANs based on the MAC addresses of terminal devices. In this way, terminal devices always belong to their MAC VLANs even when their access ports change.

The figure below shows a common application scenario of MAC VLAN.

Figure 1-1 Common Application Scenario of MAC VLAN

Two departments share all the meeting rooms in the company, but use different servers and laptops. Department A uses Server A and Laptop A, while Department B uses Server B and Laptop B. Server A is in VLAN 10 while Server B is in VLAN 20. It is required that Laptop A can only access Server A and Laptop B can only access Server B, no matter which meeting room the laptops are being used in. To meet this requirement, simply bind the MAC addresses of the laptops to the corresponding VLANs respectively. In this way, the MAC address determines the VLAN each laptop joins. Each laptop can access only the server in the VLAN it joins.

2MAC VLAN Configuration

To complete MAC VLAN configuration, follow these steps:

1)Configure 802.1Q VLAN.

2)Bind the MAC address to the VLAN.

3)Enable MAC VLAN for the port.

Configuration Guidelines

When a port in a MAC VLAN receives an untagged data packet, the switch will first check whether the source MAC address of the data packet has been bound to the MAC VLAN. If yes, the switch will insert the corresponding tag to the data packet and forward it within the VLAN. If no, the switch will continue to match the data packet with the matching rules of other VLANs (such as the protocol VLAN). If there is a match, the switch will forward the data packet. Otherwise, the switch will process the data packet according to the processing rule of the 802.1 Q VLAN. When the port receives a tagged data packet, the switch will directly process the data packet according to the processing rule of the 802.1Q VLAN.

2.1Using the GUI

2.1.1Configuring 802.1Q VLAN

Before configuring MAC VLAN, create an 802.1Q VLAN and set the port type according to network requirements. For details, refer to Configuring 802.1Q VLAN.

2.1.2Binding the MAC Address to the VLAN

Choose the menu L2 FEATURES > VLAN > MAC VLAN and click to load the following page.

Figure 2-1 Creating MAC VLAN

Follow these steps to bind the MAC address to the 802.1Q VLAN:

1)Enter the MAC address of the device, give it a description, and enter the VLAN ID to bind it to the VLAN.

MAC Address

Enter the MAC address of the device in the format of 00-00-00-00-00-01.

Description

Give a MAC address description for identification with up to 8 characters.

VLAN ID/Name

Enter the ID number or name of the 802.1Q VLAN that will be bound to the MAC VLAN..

2)Click Create.

Note:

One MAC address can be bound to only one VLAN.

2.1.3Enabling MAC VLAN for the Port

By default, MAC VLAN is disabled on all ports. You need to enable MAC VLAN for your desired ports manually.

Choose the menu L2 FEATURES > VLAN > MAC VLAN to load the following page.

Figure 2-2 Enabling MAC VLAN for the Port

In the Port Enable section, select the desired ports to enable MAC VLAN, and click Apply.

Note:

The member port of an LAG (Link Aggregation Group) follows the configuration of the LAG and not its own. The configurations of the port can take effect only after it leaves the LAG.

2.2Using the CLI

2.2.1Configuring 802.1Q VLAN

Before configuring MAC VLAN, create an 802.1Q VLAN and set the port type according to network requirements. For details, refer to Configuring 802.1Q VLAN.

2.2.2Binding the MAC Address to the VLAN

Follow these steps to bind the MAC address to the VLAN:

Step 1

configure

Enter global configuration mode.

Step 2

mac-vlan mac-address mac-addr vlan vlan-id [description descript]

Bind the MAC address to the VLAN.

mac-addr: Specify the MAC address of the device in the format of xx:xx:xx:xx:xx:xx.

vlan-id: Enter the ID number of the 802.1Q VLAN that will be bound to the MAC VLAN.

descript: Specify the MAC address description for identification, with up to 8 characters.

Step 3

show mac-vlan { all | mac-address mac-addr | vlan vlan-id }

Verify the configuration of MAC VLAN.

vid: Specify the MAC VLAN to be displayed.

Step 4

end

Return to privileged EXEC mode.

Step 5

copy running-config startup-config

Save the settings in the configuration file.

The following example shows how to bind the MAC address 00:19:56:8A:4C:71 to VLAN 10, with the address description as Dept.A.

Switch#configure

Switch(config)#mac-vlan mac-address 00:19:56:8a:4c:71 vlan 10 description Dept.A

Switch(config)#show mac-vlan vlan 10

MAC-Addr Name VLAN-ID

-------------- ----------- ------------

00:19:56:8A:4C:71 Dept.A 10

Switch(config)#end

Switch#copy running-config startup-config

2.2.3Enabling MAC VLAN for the Port

Follow these steps to enable MAC VLAN for the port:

Step 1

configure

Enter global configuration mode.

Step 2

interface {fastEthernet port | range fastEthernet port-list | gigabitEthernet port | range gigabitEthernet port-list | ten-gigabitEthernet port | range ten-gigabitEthernet port-list | port-channel port-channel-id | range port-channel port-channel-list}

Enter interface configuration mode.

Step 3

mac-vlan

Enable MAC VLAN for the port.

Step 4

show mac-vlan interface

Verify the configuration of MAC VLAN on each interface.

Step 5

end

Return to privileged EXEC mode.

Step 6

copy running-config startup-config

Save the settings in the configuration file.

The following example shows how to enable MAC VLAN for port 1/0/1.

Switch#configure

Switch(config)#interface gigabitEthernet 1/0/1

Switch(config-if)#mac-vlan

Switch(config-if)#show mac-vlan interface

Port STATUS

------- -----------

Gi1/0/1 Enable

Gi1/0/2 Disable

...

Switch(config-if)#end

Switch#copy running-config startup-config

3Configuration Example

3.1Network Requirements

Two departments share all the meeting rooms in the company, but use different servers and laptops. Department A uses Server A and Laptop A, while Department B uses Server B and Laptop B. Server A is in VLAN 10 while Server B is in VLAN 20. It is required that Laptop A can only access Server A and Laptop B can only access Server B, no matter which meeting room the laptops are being used in. The figure below shows the network topology.

Figure 3-1 Network Topology

3.2Configuration Scheme

You can configure MAC VLAN to meet this requirement. On Switch 1 and Switch 2, bind the MAC addresses of the laptops to the corresponding VLANs respectively. In this way, each laptop can access only the server in the VLAN it joins, no matter which meeting room the laptops are being used in. The overview of the configuration is as follows:

1)Create VLAN 10 and VLAN 20 on each of the three switches and add the ports to the VLANs based on the network topology. For the ports connecting the laptops, set the egress rule as Untagged; for the ports connecting to other switch, set the egress rule as Tagged.

2)On Switch 1 and Switch 2, bind the MAC addresses of the laptops to their corresponding VLANs, and enable MAC VLAN for the ports.

Demonstrated with T2600G-28TS, the following sections provide configuration procedure in two ways: using the GUI and using the CLI.

3.3Using the GUI

Configurations for Switch 1 and Switch 2

The configurations of Switch 1 and Switch 2 are similar. The following introductions take Switch 1 as an example.

1)Choose the menu L2 FEATURES > VLAN > 802.1Q VLAN > VLAN Config and click to load the following page. Create VLAN 10, and add untagged port 1/0/1 and tagged port 1/0/2 to VLAN 10. Click Create.

Figure 3-2 Creating VLAN 10

2)Choose the menu L2 FEATURES > VLAN > 802.1Q VLAN > VLAN Config and click to load the following page. Create VLAN 20, and add untagged port 1/0/1 and tagged port 1/0/2 to VLAN 20. Click Create.

Figure 3-3 Creating VLAN 20

3)Choose the menu L2 FEATURES > VLAN > MAC VLAN and click to load the following page. Specify the corresponding parameters and click Create to bind the MAC address of Laptop A to VLAN 10 and bind the MAC address of Laptop B to VLAN 20.

Figure 3-4 Creating MAC VLAN

4)Choose the menu L2 FEATURES > VLAN > MAC VLAN to load the following page. In the Port Enable section select port 1/0/1 and click Apply to enable MAC VLAN.

Figure 3-5 Enabing MAC VLAN for the Port

5)Click to save the settings.

Configurations for Switch 3

1)Choose the menu L2 FEATURES > VLAN > 802.1Q VLAN > VLAN Config and click to load the following page. Create VLAN 10, and add untagged port 1/0/4 and tagged ports 1/0/2-3 to VLAN 10. Click Create.

Figure 3-6 Creating VLAN 10

2)Click Create to load the following page. Create VLAN 20, and add untagged port 1/0/5 and tagged ports 1/0/2-3 to VLAN 20. Click Create.

Figure 3-7 Creating VLAN 20

3)Click to save the settings.

3.4Using the CLI

Configurations for Switch 1 and Switch 2

The configurations of Switch 1 and Switch 2 are the same. The following introductions take Switch 1 as an example.

1)Create VLAN 10 for Department A and create VLAN 20 for Department B.

Switch_1#configure

Switch_1(config)#vlan 10

Switch_1(config-vlan)#name deptA

Switch_1(config-vlan)#exit

Switch_1(config)#vlan 20

Switch_1(config-vlan)#name deptB

Switch_1(config-vlan)#exit

2)Add tagged port 1/0/2 and untagged port 1/0/1 to both VLAN 10 and VLAN 20. Then enable MAC VLAN on port 1/0/1.

Switch_1(config)#interface gigabitEthernet 1/0/2

Switch_1(config-if)#switchport general allowed vlan 10,20 tagged

Switch_1(config-if)#exit

Switch_1(config)#interface gigabitEthernet 1/0/1

Switch_1(config-if)#switchport general allowed vlan 10,20 untagged

Switch_1(config-if)#mac-vlan

Switch_1(config-if)#exit

3)Bind the MAC address of Laptop A to VLAN 10 and bind the MAC address of Laptop B to VLAN 20.

Switch_1(config)#mac-vlan mac-address 00:19:56:8A:4C:71 vlan 10 description PCA

Switch_1(config)#mac-vlan mac-address 00:19:56:82:3B:70 vlan 20 description PCB

Switch_1(config)#end

Switch_1#copy running-config startup-config

Configurations for Switch 3

1)Create VLAN 10 for Department A and create VLAN 20 for Department B.

Switch_3#configure

Switch_3(config)#vlan 10

Switch_3(config-vlan)#name deptA

Switch_3(config-vlan)#exit

Switch_3(config)#vlan 20

Switch_3(config-vlan)#name deptB

Switch_3(config-vlan)#exit

2)Add tagged port 1/0/2 and port 1/0/3 to both VLAN 10 and VLAN 20.

Switch_3(config)#interface gigabitEthernet 1/0/2

Switch_3(config-if)#switchport general allowed vlan 10,20 tagged

Switch_3(config-if)#exit

Switch_3(config)#interface gigabitEthernet 1/0/3

Switch_3(config-if)#switchport general allowed vlan 10,20 tagged

Switch_3(config-if)#exit

3)Add untagged port 1/0/4 to VLAN 10 and untagged port 1/0/5 to VLAN 20.

Switch_3(config)#interface gigabitEthernet 1/0/4

Switch_3(config-if)#switchport general allowed vlan 10 untagged

Switch_3(config-if)#exit

Switch_3(config)#interface gigabitEthernet 1/0/5

Switch_3(config-if)#switchport general allowed vlan 20 untagged

Switch_3(config-if)#end

Switch_3#copy running-config startup-config

Verify the Configurations

Switch 1

Switch_1#show mac-vlan all

MAC Add Name VLAN-ID

---------------------- ----------------- ----------

00:19:56:8A:4C:71 PCA 10

00:19:56:82:3B:70 PCB 20

---------------------------------------------------------------------

Switch 2

Switch_2#show mac-vlan all

MAC Address Description VLAN

---------------------- --------------------- -----------

00:19:56:8A:4C:71 PCA 10

00:19:56:82:3B:70 PCB 20

-------------------------------------------------------------------------

Switch 3

Switch_3#show vlan

VLAN Name Status Ports

-------- --------------- ------------- -------------------------------------

1 System-VLAN active Gi1/0/1, Gi1/0/2, Gi1/0/3, Gi1/0/4,

Gi1/0/5, Gi1/0/6, Gi1/0/7, Gi1/0/8

...

10 DeptA active Gi1/0/2, Gi1/0/3, Gi1/0/4

20 DeptB active Gi1/0/2, Gi1/0/3, Gi1/0/5

4Appendix: Default Parameters

Default settings of MAC VLAN are listed in the following table.

Table 4-1Default Settings of MAC VLAN

Parameter

Default Setting

MAC Address

None

Description

None

VLAN ID

None

Port Enable

Disabled