Filter
Top Products
113
Figure 3-10.5.2: The Port Isolation Configuration
Parameter description:
Port Members :
A check box is provided for each port of a private VLAN. When checked, port isolation is
enabled on that port. When unchecked, port isolation is disabled on that port. By default,
port isolation is disabled on all ports.
Buttons:
Save – Click to save changes.
Reset- Click to undo any changes made locally and revert to previously saved
values.
3-10.6 MAC-based VLAN
MAC address-based VLAN decides the VLAN for forwarding an untagged frame based on the
source MAC address of the frame.
The most common way of grouping VLAN members is by port, hence the name port-based
VLAN. Typically, the device adds the same VLAN tag to untagged packets that are received
through the same port. Later on, these packets can be forwarded in the same VLAN. Port-
based VLAN is easy to configure, and applies to networks where the locations of terminal
devices are relatively fixed. As mobile office and wireless network access gain more
popularity, the ports that terminal devices use to access the networks are very often non-fixed.
A device may access a network through Port A this time, but through Port B the next time. If
Port A and Port B belong to different VLANs, the device will be assigned to a different VLAN
the next time it accesses the network. As a result, it will not be able to use the resources in
the old VLAN. On the other hand, if Port A and Port B belong to the same VLAN, after
terminal devices access the network through Port B, they will have access to the same
resources as those accessing the network through Port A do, which brings security issues. To
provide user access and ensure data security in the meantime, the MAC-based VLAN
technology is developed.
MAC-based VLANs group VLAN members by MAC address. With MAC-based VLAN
configured, the device adds a VLAN tag to an untagged frame according to its source MAC
address. MAC-based VLANs are mostly used in conjunction with security technologies such
as 802.1X to provide secure, flexible network access for terminal devices.
3-10.6.1 Configuration
The MAC-based VLAN entries can be configured here. This page allows for adding and
deleting MAC-based VLAN entries and assigning the entries to different ports. This page
shows only static entries.
Web Interface
To configure MAC address-based VLAN configuration in the Web interface:
1. Click MAC address-based VLAN configuration and add new entry.
2. Specify the MAC address and VLAN ID.
3. Click Save.