VLAN Memberships


VLANs are usually created by an administrator, who then assigns switch ports to each VLAN. These are called static VLANs. If the administrator wants to do a little more work up front and assign all the host devices’ hardware addresses into a database, the switches can be configured to assign VLANs dynamically whenever a host is plugged into a switch.

Static VLANs

Static VLANs are the usual way of creating VLANs, and they’re also the most secure. The switch port that you assign a VLAN association always maintains that association until an administrator manually changes that port assignment.

This type of VLAN configuration is comparatively easy to set up and monitor, and it works well in a network where the movement of users within the network is controlled. And, although it can be helpful to use network management software to configure the ports, it’s not mandatory.

In Figure 2.14, each switch port is configured with a VLAN membership by an administrator based on which VLAN the host needed to be a member of; the device’s actual physical location doesn’t matter. The broadcast domain that the hosts become a member of is an administrative choice. Remember that each host must also have the correct IP address information. For example, each host in VLAN 2 must be configured into the 172.16.20.0/24 network. It’s also important to remember that if you plug a host into a switch, you must verify the VLAN membership of that port. If the membership is different than what is needed for that host, then the host will not be able to reach the needed network services, like a workgroup server, for example.

Dynamic VLANs

Dynamic VLANs determine a node’s VLAN assignment automatically. Using intelligent management software, you can enable hardware (MAC) addresses, protocols, or even applications to create dynamic VLANs. It’s up to you! For example, suppose MAC addresses have been entered into a centralized VLAN management application. If a node is then attached to an unassigned switch port, the VLAN management database can look up the hardware address and assign and configure the switch port to the correct VLAN. This is very cool—it makes management and configuration easier because if a user moves, the switch assigns them to the correct VLAN automatically. But you have to do a lot more work initially setting up the database.

Cisco administrators can use the VLAN Management Policy Server (VMPS) service to set up a database of MAC addresses that can be used for the dynamic addressing of VLANs. A VMPS database maps MAC addresses to VLANs.




CCDA. Cisco Certified Design Associate Study Guide
CCDA: Cisco Certified Design Associate Study Guide, 2nd Edition (640-861)
ISBN: 0782142001
EAN: 2147483647
Year: 2002
Pages: 201

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net