Section 3.1: VLAN Membership

When a VLAN is provided at an access layer switch, an end user must be able to gain membership to it. Two membership methods exist on Cisco Catalyst switches: static VLANs and dynamic VLANs.

• Static VLANs offer port-based membership, where switch ports are assigned to specific VLANs. End user devices become members in a VLAN based on which physical switch port they are connected to. No handshaking or unique VLAN membership protocol is needed for the end devices; they automatically assume VLAN connectivity when they connect to a port. The static port-to-VLAN membership is normally handled in hardware with application specific integrated circuits (ASICs) in the switch. This membership provides good performance because all port mappings are done at the hardware level with no complex table lookups needed.

You must enter the following commands in enable mode to configure static VLANs on an IOS-based switch:

Switch# vlan database

Switch(vlan)# vlan vlan-number name vlan_name Switch(vlan)# exit Switch# configure terminal

Switch(config)# interface interface module_number/port_number Switch(config-if)# switchport mode access Switch(config-if)# switchport access vlan vlan_number Switch(config-if)# end

You must enter the following commands in enable mode to configure static VLANs on a CLI-based switch:

Switch(enable) set vlan vlan-number [ name name ] Switch(enable) set vlan vlan-number module_number/port_list

Note: To create a new VLAN, several prerequisites relating to VLAN Trunking Protocol (VTP) must be met. The switch must be assigned to a VTP domain and be configured for either server or transparent VTP mode.

VTP is discussed in Section 3.5.

• Dynamic VLANs are used to provide membership based on the MAC address of an end user device. When a device is connected to a switch port, the switch must query a database to establish VLAN membership. A network administrator must assign the user's MAC address to a VLAN in the database of a VLAN Membership Policy Server (VMPS). With Cisco switches, dynamic VLANs are created and managed through the use of network management tools like CiscoWorks 2000 or CiscoWorks for Switched Internetworks (CWSI). Dynamic VLANs allow a great deal of flexibility and mobility for end users, but require more administrative overhead.