Greetings,

My intent is to separate communications between two groups of user devices (mainly PCs and laptops), based on their MAC addresses. I would like to achieve a situation where, any user of the two groups, can plug into any port of the switch, and be able to see only the users from his own MAC group, without seeing devices from the other group.

What I did:

1) in the "802.1Q" section I configured two new 802.1Q VLANS, with VLAN ID = 10 and 20 respectively. Assigned all the ports from the switch to both VLANS as untagged.

2) in the "MAC VLAN" section I have assigned three MAC-VLAN bindings:

2a) MAC of computerA --> VLAN 10

2b) MAC of computerB --> VLAN 10

2c) MAC of computerC --> VLAN 20

3) I have checked that the binding works properly, i.e. in the "Mac address" table I can see that the MAC addresses have been assigned to the VLANs as I intended.

ComputerA and computerB ping each other. However, they can ping computerC as well. I have expected that computerC wouldn't be visible for computers A and B.

Are the mac addresses assigned to different VLANs not supposed to be isolated / mutually invisible? What am I missing?

Thanks in advance for help!

Regards,

Maciek