Dynamic VLAN Assignment By MAC Address

Options
AlanSmithee
AlanSmithee Posts: 2
edited August 2022 in Switch
Simple setup, VLAN aware router connecting WAN to multiple VLANs on a single managed switch, a Zyxel GS1900-24

Right now, the config on the switch needs to know "assign this port to this vlan and incoming packets will be tagged or untagged". From an admin perpective, that is a pain, especially when different devices move from port to port. I'd like the be able to add device MAC addresses to the switch and say "This MAC address X should be on VLAN 20, no matter which port it is connected to". (maybe assuming it's not on a port that is already marked as trunk or something).

Is this possible? From what I can tell it might be called "Dynamic" or "Mac Based VLAN"

Thanks!



All Replies

  • Zyxel_Adam
    Zyxel_Adam Posts: 340  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    edited July 2022
    Options
    Hi @AlanSmithee,

    Welcome to Zyxel Community!

    I totally agree configuring every ports to VLANs is a pain for network administrator, and MAC-Based VLAN and Dynamic VLAN Assignment mitigate the task. They are two different features, let me explain a bit.

    "This MAC address X should be on VLAN 20, no matter which port it is connected to"
    > From this description, MAC-based VLAN fits your requirement.

    Switch with Dynamic VLAN Assignment feature needs communicating to an AD server, so the server tells switch what is the VLAN that the client belongs to after receving radius request from switch. We need to set up all the clients MAC address to Windows NPS server policies, for example.

    However, GS1900 switch does NOT support both of these features.

    • Most Zyxel L2 switches support MAC-Based VLAN, such as GS1915 or GS1920 Series (except XGS1930/XS1930).
      If you would like to consider a 10G switch, XGS2210 will be the option.
    • Only XGS2210 and GS2220 switch support Dynamic VLAN Assignment.

    Hope it helps,
    Adam
  • AlanSmithee
    Options
    Thanks for the reply. Yes, it looks like MAC-based VLAN does fit the requirement, though I did not expect to have to add in additional services like AD or Radius, though it kind of makes sense that it would be needed. I found this helpful post that outlines how it might be done.

    Is "Dynamic VLAN" the ability to communicate with an AD server and "MAC-Based VLAN" the ability to assign a device to a VLAN? They seem like they are related or parts of the same functionality. I guess I'm not sure how "they are two different features".

    I don't see a 24 port option for the GS1915 so I guess the GS1920 would be the other option.
  • Zyxel_Adam
    Zyxel_Adam Posts: 340  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    edited July 2022
    Options
    Hi @AlanSmithee,

    Thanks for your reply.

    Is "Dynamic VLAN" the ability to communicate with an AD server and "MAC-Based VLAN" the ability to assign a device to a VLAN? They seem like they are related or parts of the same functionality. I guess I'm not sure how "they are two different features".
    The link you provided is about "MAC authentication + Dynamic VLAN assingment" Rather than "MAC-Based VLAN + Dynamic VLAN assignment".

    You could think about it in this way, "Dynamic VLAN assignement" is an attached function on 802.1x or MAC authentication, but MAC-Based VLAN is an indepentdent feature.

    This is the reason I mentioned they are two different features since they are not cooperative.

    Please feel free to let us know if there is any concern.
    Adam