A VLAN consists of hosts defined as members, communicating as a logical network segment. In contrast, a physical segment consists of devices that must be connected to a physical cable segment. A VLAN can have connected members located anywhere in the campus network, as long as VLAN connectivity is provided among all members. Layer 2 switches are configured with a
VLAN mapping and provide the logical connectivity among the VLAN members.
When a VLAN is provided at an access-layer switch, an end user must have some means of
gaining membership to it. Two membership methods exist on Cisco Catalyst switches:
■ Static VLAN configuration
■ Dynamic VLAN assignment
Static VLANs – Static VLANs offer port-based membership, in which switch ports are assigned to specific VLANs. End user devices become members in a VLAN based on the physical switch port to which they are connected. No handshaking or unique VLAN membership protocol is needed for the end devices; they automatically assume VLAN connectivity when they connect to a port. Normally, the end device is not even aware that the VLAN exists. The switch port and its VLAN simply are viewed and used as any other network segment, with other “locally attached” members on the wire.
Switch ports are assigned to VLANs by the manual intervention of the network administrator, hence the static nature. Each port receives a Port VLAN ID (PVID) that associates it with a VLAN number. The ports on a single switch can be assigned and grouped into many VLANs. Even though two devices are connected to the same switch, traffic will not pass between them if they are connected to ports on different VLANs. To perform this function, you could use either a Layer 3 device to route packets or an external Layer 2 device to bridge packets between the two VLANs.
Configuring Static VLANs
First, the VLAN must be created on the switch, if it does not already exist. Then, the VLAN must be assigned to specific switch ports. VLANs always are referenced by a VLAN number, which can range from 1 to 1005. VLANs 1 and 1002 through 1005 automatically are created and are set aside for special uses.
Catalyst IOS switches also can support extended-range VLANs, in which the VLAN number can be 1 to 4094, for compatibility with the IEEE 802.1Q standard. The extended range is enabled only when the switch is configured for VTP transparent mode with the vtp mode transparent global configuration command. This is because of limitations with VTP versions 1 and 2. VTP version 3 does allow extended range VLANs to be used and advertised.
Switch(config)# vlan vlan-num
Switch(config-vlan)# name vlan-name
Assign switch ports to the VLAN
Switch(config)# interface type module/number
Switch(config-if)# switchport mode access
Switch(config-if)# switchport access vlan vlan-num
To verify VLAN configuration, use the show vlan command to output a list of all VLANs defined
in the switch
Dynamic VLANs provide membership based on the MAC address of an end-user device. When a
device is connected to a switch port, the switch must, in effect, query a database to establish VLAN
membership. A network administrator also must assign the user’s MAC address to a VLAN in the
database of a VLAN Membership Policy Server (VMPS).