Implementation of VLANs


VLAN are normally used to divide large network into smaller segments. VLAN are created by network administrators, assigning port of every switch to a specific VLAN. Depending on the network infrastructure and security, VLANs can be implemented using two methods i.e. Static VLAN and Dynamic VLAN.

Static VLAN

Static VLAN is most widely used method because of administrative control and security. Network administrator will statically assign each port to particular VLAN. Once the ports are  members of VLAN than simply connect device to switch and assign IP address in the rage of VLAN. Static VLAN are certainly more secure than traditional switches while also easy to configure and monitor. You are also able to controls your users move within large network. By assigning specific ports on your switches throughout your network, you are able to control access and limit the network resources to which your users are able to use.

The network diagram is quite simple 5 switches with 5 VLANs configured one VLAN per department as shown. While each VLAN has one logical network assigned to it, IT department has in addition for the support purposes. The network administrator has assigned port 1 on each department switch to VLAN 5 that belongs to IT department, while rest of the ports are assigned to appropriate VLAN as shown in diagram. This setup allow network administrator to place any employee in any department without worrying if the user will be able to connect and access to other department.

Dynamic VLAN

In dynamic VLAN network administrator do not require to configure each port individually but instead, a central server called VLAN member policy server. The VMPS server contain a database of all vlans with MAC address i.e VLAN to MAC address mapping.

The above diagram shows us a VLAN capable switch that has been configured to support dynamic VLANs. On port 0 we have connected a simple switch from which another  3 hosts are connected. But in dynamic VLAN there are some restrictions and limitations as its semi-security feature. For example if the switch detects more than 25 hosts on the port active and it will once again shut it down, leaving the hosts without ant network connections. When this happens, the port that shuts down will return into an isolated state, not belonging to any VLAN. The fact is that, dynamic VLANs are really not suitable for every network in a real time scenarios.


Leave a Reply

Your email address will not be published. Required fields are marked *