Filter
Top Products
Chapter 51: MAC Address-based VLANs
774
The switch can support more than one MAC-address VLAN at a time, and
ports can be egress members of more than one VLAN. While this can
prove useful in some situations, it can also result in VLAN leakage in
which traffic of one VLAN crosses the boundary into other VLANs.
The problem arises in the case of unknown unicast traffic. If the switch
receives a packet from a member of a MAC address-based VLAN with an
unknown destination address, it floods the packet on all egress ports of
the VLAN. If the VLAN contains a port that is also serving as an egress
port of another VLAN, the node connected to the port receives the flooded
packets, even if it does not belong to the same VLAN as the node that
generated the packet.
Here is an example. Assume that port 4 on a switch has been designated
an egress port of three MAC address-based VLANs. Any unknown unicast
traffic that the switch receives that belongs to any of the VLANs will be
flooded out port 4. This means that whatever device is connected to the
port receives the flooded traffic form all three VLANs.
If security is a major concern for your network, you might not want to
assign ports as egress ports to more than one VLAN at a time when
planning your MAC address-based VLANs.
When a packet whose source MAC address is part of a MAC address-
based VLAN arrives on a port, the switch performs one of the following
actions:
If the packet’s destination MAC address is not in the MAC address
table, the switch floods the packet out all egress ports of the VLAN,
excluding the port where the packet was received.
If the packet’s destination MAC address is in the MAC address
table, and if the port where the address was learned is one of the
VLAN’s egress ports, the switch forwards the packet to the port.
Table 75. Revised Example of Mappings of MAC Addresses to Egress Ports
MAC Address End Node Egress Port
00:30:84:54:1A:45 Workstation 1 (Port 1) 1-6
00:30:84:C3:5A:11 Workstation 2 (Port 2) 1
00:30:84:22:67:17 Workstation 3 (Port 3) 1
00:30:84:78:75:1C Workstation 4 (Port 4) 1
00:30:79:7A:11:10 Server (Port 5) 1
00:30:42:53:10:3A Printer (Port 6) 1