目录
基于MAC划分vlan
组网需求
实现MAC与vlan绑定,防止私接设备访问:
-
CE1下联PC2,3配置Hybird接口
-
配置untag vlan 100,禁止vlan 1
-
接口开启mac-vlan
-
绑定mac与vlan
组网拓扑
配置文件
bash
!
mac-vlan mac-address 0050.7966.6802 vlan 100 priority 0
mac-vlan mac-address 0050.7966.6803 vlan 100 priority 0
!
interface GigabitEthernet 0/1
switchport mode hybrid
switchport hybrid allowed vlan only tagged 2-99,101-4094
switchport hybrid allowed vlan add untagged 100
mac-vlan enable
!
interface GigabitEthernet 0/2
switchport mode hybrid
switchport hybrid allowed vlan only tagged 2-99,101-4094
switchport hybrid allowed vlan add untagged 100
mac-vlan enable
!测试结果
bash
VPCS> ping 1.1.1.2
84 bytes from 1.1.1.2 icmp_seq=1 ttl=64 time=1.568 ms
84 bytes from 1.1.1.2 icmp_seq=2 ttl=64 time=1.767 ms
84 bytes from 1.1.1.2 icmp_seq=3 ttl=64 time=1.793 ms
84 bytes from 1.1.1.2 icmp_seq=4 ttl=64 time=1.542 ms
84 bytes from 1.1.1.2 icmp_seq=5 ttl=64 time=1.838 ms
VPCS> ping 1.1.1.4
host (1.1.1.4) not reachable