
VLAN Membership Policy Server (VMPS, discussed in the next section).
In this situation, the administrator must have very defined goals, and network planning must be more detailed
so as to not create bottlenecks in the WAN. Your goal in defining an end−to−end VLAN solution must be
centered around the 20/80 Rule: Maintain 20 percent of the network traffic as local, or within the VLAN, and
design the WAN network to support speeds that will accommodate this use. (Just a few years ago, this rule
was reversed—the administrators’ goal was to keep all the servers local and to allow only 20 percent or less of
the network traffic to extend outside the local network.)
Note The ISL protocol, IEEE 802.10, IEEE 802.1, and LAN Emulation (LANE) all provide ways of sending
multiple VLAN data traffic over certain physical media types, adding tagging information to frames to
send data through the network, and creating trunk ports that carry VLAN data. ATM and LANE are
covered in Chapter 8. Virtual Trunking Protocol (VTP) is used to let switches know about the VLANs
that have been configured in the network. We will cover all of these topics in the rest of this chapter.
VLAN Membership Types
You can create two types of VLANs: static and dynamic. An administrator can configure the Access layer
switches with a VLAN for each individual workgroup, and then assign each switch port to a particular VLAN.
These are static VLANs; the port is assigned a VLAN number, and any device connecting to that port
becomes a member of that VLAN by default.
A static VLAN is the most common and easiest in terms of administration. The switch port that you assign a
VLAN association always remains in the VLAN you assign until you change the port assignment. Static
VLAN configurations are easy to configure and monitor, and they work well in a network where the
movement of users remains controlled. You can also use network management software such as CiscoWorks
for Switched Internetworks (CWSI) to configure the ports on the switch.
A dynamic VLAN determines a node’s VLAN assignment automatically using a VLAN Membership Policy
Server (VMPS) service to set up a database of Media Access Control (MAC) addresses. This database can be
used for dynamic addressing of VLANs. VMPS is a MAC−address−to−VLAN mapping database that
contains allowable MAC or physical addresses that are mapped to a particular VLAN. When the user boots
up, the switch learns the MAC address and checks the database for the appropriate VLAN assigned to that
MAC address. This process allows a switch port to remain in the same VLAN throughout the network
regardless of the location at which the node resides.
It takes a lot of network management to maintain the databases of MAC addresses. Therefore, these types of
VLANs are not very effective in larger networks. You can use intelligent network management software to
allow you to match a VLAN number to a hardware (MAC) address, protocol, or even application address to
create dynamic VLANs.
Traffic Patterns Flowing through the Network
VLANs need to be configured for optimal use through the network. If your servers do not support trunk links,
you don’t want everyone outside the VLAN that the server resides in to have to route all the packets to and
from a router or internal route processor. Therefore, you should place servers in the most optimal VLAN, to
route the data traffic of as few VLANs as possible to and from the server. It doesn’t make sense to place your
server in one VLAN and the rest of your work−stations in another.
Cisco’s VLAN Recommendations
Cisco makes certain recommendations to ensure that the switch block performs as it should. The first
recommendation is that the Core layer not contain any routing and filtering policies. VLANs should not be a
part of the Core layer, with the exception of those being routed along the backbone through trunk links. So,
VLANs should not extend past the Distribution layer switches for interVLAN routing.