Filter
Top Products
Chapter 51: MAC Address-based VLANs
772
Overview
As explained in Chapter 47, “Port-based and Tagged VLANs” on page
687, VLANs are used to create independent LAN segments within a
network and are typically employed to improve network performance or
security. The AT-9000 Switch offers several different types of VLANs,
including port-based, tagged, and private VLANs. Membership in these
VLANs is determined either by the port VLAN identifiers (PVIDs) assigned
to the ports on the switch or, in the case of tagged traffic, by the VLAN
identifiers within the packets themselves.
This chapter describes VLANs that are based on the source MAC
addresses of the end nodes that are connected to the switch. With MAC
address-based VLANs, only those nodes whose source MAC addresses
are entered as members of the VLANs can share and access the
resources of the VLANs. This is in contrast to port-based and tagged
VLANs where any node that has access to a switch port can join them as
a member.
One of the principle advantages of this type of VLAN is that it simplifies the
task of managing network users that roam. These are users whose work
requires that they access the network from different points at different
times. The challenge for a network administrator is providing these users
with the same resources regardless of the points at which they access the
network. If you employed port-based or tagged VLANs for roaming users,
you might have to constantly reconfigure the VLANs, moving ports to and
from different virtual LANs, so that the users always have access to the
same network resources. But with MAC address-based VLANs, the switch
can assign network users to the same VLANs and network resources
regardless of the ports from which they access the network.
Egress Ports Implementing MAC address-based VLANs involves more than entering
the MAC addresses of the end nodes of the VLAN members. You must
also designate the egress ports on the switch for the packets from the
nodes. The egress ports define the limits of flooding of packets when a
port receives a unicast packet with an unknown destination address (that
is, an address that has not been learned by the MAC address table).
Without knowing the egress ports of a MAC address-based VLAN, the
switch would be forced to flood the packets on all ports, possibly resulting
in security violations in which end nodes receive packets from other nodes
in different VLANs.
Table 74 on page 773 illustrates a simple example of the mapping of
addresses to egress ports for a MAC address-based VLAN of six nodes.
The example consists of four workstations, a printer, and a server.
Workstation 1, for instance, is connected to port 1 on the switch and is
mapped to egress ports 5 for the server and 6 for the printer.