| Device Online Help |
(Passport 8600 modules only.) As with all policy-based VLANs, using source MAC address VLANs allows Passport 8600 modules to associate frames with a VLAN based on the frame content. With source MAC-based VLANs, a frame is associated with a VLAN if the source MAC address is one of the MAC addresses explicitly associated with the VLAN. To create a source MAC-based VLAN, you add the MAC address to a list of MAC addresses that constitutes the VLAN. However, because it is necessary to explicitly associate MAC addresses with a source MAC-based VLAN, the administrative overhead can be quite high. Use source MAC-based VLANs when you want to enforce a MAC level security scheme to differentiate groups of users. For example, in a university environment, the students are a part of a student VLAN with certain services and access privileges, and the faculty are a part of a source MAC-based VLAN with faculty services and access privileges. Therefore, a student and a faculty member could plug into the same port but have access to a different range of services. In order to provide the correct services throughout the campus, the source MAC-based VLAN would need to be defined on Passport 8600 modules throughout the campus, which entails administrative overhead.