Enterasys 2200 Betriebsanweisung
Example 8, Locking a MAC Address to a Port Using Classification Rules
VLAN Operation and Network Applications
12-47
12.19.1 Solving the Problem
Switch S1 needs to be configured with two 802.1Q VLANs. Since the switch, by default, already
has one VLAN created (the Default VLAN), only one new VLAN will need to be created. In this
example, the new VLAN will be named the Red VLAN.
has one VLAN created (the Default VLAN), only one new VLAN will need to be created. In this
example, the new VLAN will be named the Red VLAN.
The objective here is to configure S1 so that when it receives a frame on Port 1 from MAC address
00.00.00.00.00.0A, the frame is classified into the Red VLAN. When S1 receives a frame on Port
1 from a MAC address other than 00.00.00.00.00.0A, the frame is associated with the Default
VLAN. To accomplish this, S1 is configured so that the frames originating from the Red VLAN
are eligible to be forwarded out the desired ports. The frames associated with the Default VLAN
are not forwarded to any ports and are discarded by S1. Frames received on Port 2 will be handled
in the same way except that S1 will only allow frames with the MAC address 00.00.00.00.00.0B
frames to be forwarded out the desired ports and discard all other frames received on Port 2 that
are not MAC address 00.00.00.00.00.0B frames.
00.00.00.00.00.0A, the frame is classified into the Red VLAN. When S1 receives a frame on Port
1 from a MAC address other than 00.00.00.00.00.0A, the frame is associated with the Default
VLAN. To accomplish this, S1 is configured so that the frames originating from the Red VLAN
are eligible to be forwarded out the desired ports. The frames associated with the Default VLAN
are not forwarded to any ports and are discarded by S1. Frames received on Port 2 will be handled
in the same way except that S1 will only allow frames with the MAC address 00.00.00.00.00.0B
frames to be forwarded out the desired ports and discard all other frames received on Port 2 that
are not MAC address 00.00.00.00.00.0B frames.
This is accomplished using
•
the Device VLAN Configuration screen to create one VLAN, which will be named Red
VLAN in this example,
VLAN in this example,
•
the VLAN CLassification Configuration screen to create two src MAC address classification
rules and assign them to the appropriate new VLAN, and
rules and assign them to the appropriate new VLAN, and
•
the Protocol Port Configuration screen to assign the new classification rules to Ports 1 and 2
and add the new VLANs to their port VLAN forwarding list.
and add the new VLANs to their port VLAN forwarding list.
Switch 1
To secure Port 1, Switch 1 is configured as follows:
1. To create the Red VLAN, the following settings are entered using the Device VLAN
Configuration screen:
•
VLAN ID: 2
•
FID: 2
•
VLAN NAME: VLAN A
•
ADD VLAN A to the Module VLAN list.
2. To assign Port 1 and 2 to the Red VLAN, the following settings are entered using the Port
Assignment Configuration screen.
•
Port 1 – Port Mode: HYBRID; VLAN ID: 2; FID: 2; VLAN NAME: Red VLAN
•
Port 2 – Port Mode: HYBRID; VLAN ID: 2; FID: 2; VLAN NAME: Red VLAN
No other ports are assigned to the Red VLAN.