What Does 'MAC-based VLAN (Virtual Local Area Network)' Mean?

Marvin Kaufman author Marvin Kaufman
What is a MAC-based VLAN (Virtual Local Area Network)?
Image by Brett Sayles on Pexels

A MAC-based VLAN is a type of virtual LAN (VLAN) that is created based on the MAC addresses of network devices. In a MAC-based VLAN, network devices are grouped together based on their MAC addresses. When a network device sends a packet, the switch examines the packet’s MAC address and forwards the packet to the appropriate VLAN based on the MAC address.

This variation of VLANs is usually implemented in layer 2 switches and is useful in cases where the IP address is not fixed or DHCP is not used, and it is easier to identify a device by its MAC address.

The main advantage of MAC-based VLANs is that they do not require any configuration on the network devices themselves, as the switch automatically assigns devices to the appropriate VLAN based on their MAC addresses. This makes it easy to add and remove devices from a VLAN without having to reconfigure the devices themselves.

More information

MAC-based VLANs are typically used in smaller networks where the number of devices is relatively small and there is a need for a simple and efficient way to separate and secure different categories of network traffic. For example, in a small office, a MAC-based VLAN can be used to separate guest traffic from internal traffic.

One important aspect that should be noted about MAC-based VLANs is that they rely on the switch’s MAC address table to determine which VLAN a device belongs to. The switch builds and maintains this table by learning the MAC addresses of devices that connect to it.

When a device sends a packet, the switch examines the packet’s source MAC address and looks up the address in its MAC address table to determine the appropriate VLAN. If the address is not found in the table, the packet is usually forwarded to a default VLAN.

MAC-based VLANs can also be used in conjunction with other classes of VLANs, such as port-based VLANs and protocol-based VLANs, to provide an additional layer of security and segmentation.

For example, a switch may be configured to use both port-based VLANs and MAC-based VLANs. In this case, the switch would first use the port number to assign the packet to a VLAN and then use the MAC address to further segment the traffic within that VLAN.

It’s also worth mentioning that MAC-based VLANs have the limitation of being bound to a specific switch; if you want to move the device to another switch, that device will need to be re-configured.

In contrast, some other VLAN assignment methods like IP-subnet-based VLANs or protocol-based VLANs may not have this limitation, as they are not tied to the MAC address of a device.