Multiple Host Multiple VLAN Usage

The following example illustrates the usage scenario for a MHMV port with unauthenticated clients:

The following figure represents the functionality when clients are not authenticated.

Click to expand in new window
MHMV - clients not authenticated
Note

Note

The clients cannot access the network because they are not authenticated.

When client PC1 authenticates, there are two scenarios:

  1. Client PC1 does not receive RADIUS VLAN attribute:

    • There are no changes to the port membership and port default VLAN ID.

    • PC1 is the only client that is allowed access to the initial VLANs.

    • A VLAN MAC rule is added that associates the MAC with the default VLAN ID.

    • If the VLAN is configured on the port, then the tagged traffic from PC1 is forwarded to the VLAN associated with the tag.

    • Untagged traffic from PC1 is forwarded to the port default VLAN.

  2. Client PC1 receives RADIUS VLAN attribute:

    • The port is left in all initial VLANs and added to the VLAN corresponding to the RADIUS VLAN attribute.

    • Port default VLAN remains unchanged.

    • A VLAN MAC based rule is configured for client PC1.

    • Using the VLAN MAC based capabilities, the untagged traffic from PC1 goes to the RADIUS assigned VLAN 1 as shown in MHMV - authenticated client.

    • Client PC1 can access all initial VLANs using tagged frames.

    • The remaining clients stay unauthenticated and cannot access any VLANs.

The following figure represents the functionality when client PC1 authenticates.

Click to expand in new window
MHMV - authenticated client
Note

Note

PC1 is authenticated with RADIUS VLAN 1. The other clients cannot access the network as they are unauthenticated.

When a client disconnects the following happens: