Multiple Host Multiple VLAN Usage

The following example illustrates the usage scenario for a MHMV port with n unauthenticated clients:The following figure represents the functionality when clients are not authenticated.
Click to expand in new window
Note

Note

The clients cannot access the network as they are not authenticated.

When client PC1 authenticates, there are two scenarios:
  1. Client PC1 does not receive RADIUS VLAN attribute:

    • There are no changes to the port membership and port default VLAN ID.

    • PC1 is the only client that is allowed access to the initial VLANs.

    • A VLAN MAC rule is added that associates the MAC with the default VLAN ID.

    • If the VLAN is configured on the port, then the tagged traffic from PC1 is forwarded to the VLAN associated with the tag.

    • Untagged traffic from PC1 is forwarded to the port default VLAN.

  2. Client PC1 receives RADIUS VLAN attribute:

    • The port is left in all initial VLANs and added to the VLAN corresponding to the RADIUS VLAN attribute.

    • Port default VLAN remains unchanged.

    • A VLAN MAC based rule is configured for client PC1.

    • Using the VLAN MAC based capabilities, the untagged traffic from PC1 goes to the RADIUS assigned VLAN 1 as shown in the figure below.

    • Client PC1 can access all initial VLANs using tagged frames.

    • The remaining clients stay unauthenticated and cannot access any VLANs.

The following figure represents the functionality when client PC1 authenticates.
Click to expand in new window
Note

Note

PC1 is authenticated with RADIUS VLAN 1. The other clients cannot access the network as they are unauthenticated.

When a client disconnects the following happens: