Static and Dynamic VLAN Membership Explained

There are two types of VLAN membership: static and dynamic. In the static method, administrators manually add switch ports to VLANs. In the dynamic method, the switch automatically assigns appropriate VLANs to ports.

What VLAN membership is

A VLAN is a group of devices that share broadcast messages. By default, switches have only one VLAN, called VLAN-1. However, you can create and configure additional VLANs to limit broadcast messages and logically arrange devices in groups. After creating VLANs, you need to add desired ports to VLANs. VLAN membership is an authorization to be part of the VLAN. There are two ways to assign VLAN membership to switch ports: Static and Dynamic.

Static VLAN membership

It is an easy and straightforward method. In it, you manually add ports to VLANs. VLANs configured in this way are typically called port-based VLANs.

Let us take an example.

The following image shows an 8-port switch. With the default configuration, all ports belong to the same broadcast domain.

Now, suppose you want to break this network into two broadcast domains. You create two VLANs: VLAN-10 and VLAN-20. You enter the sub-configuration mode of ports and configure VLANs. You configure VLAN-10 on ports 1, 2, 3, and 4, and VLAN-20 on ports 5, 6, 7, and 8. It is an example of static VLAN membership.

Advantages of static VLAN membership

The main advantages of static VLAN membership are the following.

Easy configuration

Configuring a static VLAN membership is easy. To configure a static VLAN membership, you run only one command [switch(config-if)#switchport access vlan VLAN_ID] in the sub-interface configuration mode.

Easy management

Managing static VLAN membership is also easy. From the sub-interface configuration mode of the port, you can easily add, update, and remove VLAN membership.

Secure

Since you manually add, update, and remove static VLAN membership on all ports, the static VLAN membership is more secure than the dynamic VLAN membership.

Availability

Static VLANs are available on almost all Cisco switches. You do not need any high-end Cisco switch to use them. You can configure and use them on existing Cisco switches.

Disadvantages of static VLAN membership

The disadvantages of static VLANs are the following.

Scalability

Static VLAN membership is not scalable. If your network is small, you can choose it because of its easy configuration. But if your network is big, you can not use it alone. For example, if your network has thousands of devices, assigning and managing static VLAN membership for these devices on switches will be a difficult task.

Movability

Static VLAN membership is not movable. If you move a PC from a switch port to another switch port, you need to manually remove the VLAN membership from the current port and add it to the new port.

Dynamic VLAN membership

Dynamic VLAN membership works on a server-client model. In this model, a policy server called the VLAN membership policy server (VMPS) saves VLAN mapping information. VLAN mapping information contains VLAN IDs and MAC addresses of end devices.

All other switches act as VLAN client switches. They forward MAC addresses to the VMPS switch. The VMPS switch finds VLAN ID associated with each MAC address and passes that ID to the VLAN client switch.

Let us take an example.

The following image shows a simple network. It uses dynamic VLAN membership.

In the above network, when you add PC2 to the VLAN client switch's port-2, it forwards PC2's MAC address to the VMPS switch. VMPS switch finds the VLAN ID related to PC2's MAC address and provides that ID to the VLAN client switch. The VLAN client switch assigns the received VLAN ID to port-2.

Now suppose, you remove PC2 from port-2 and attach it to port3. In this situation, the switch will take the following steps.

• It removes configured VLAN on port-2 as soon as you remove the connected device.
• When you attach PC2 to port-3, it sends the PC2's MAC address to the VMPS switch.
• VMPS switch finds the VLAN ID related to the PC2's MAC address and provides it to the VLAN client switch.
• The VLAN client switch assigns the received VLAN ID to port-3.

Advantages of Dynamic VLAN membership

The advantages of dynamic VLAN membership are the following.

Movability

The main advantage of dynamic VLAN membership is movability. If you move an end device from a switch port to another switch port, the switch automatically updates the VLAN information on both ports.

Centralized management

Dynamic VLAN membership provides centralized management. You need to manage VLAN information only on the VMPS swtich. Other switches automatically receive the updated information from the VMPS swtich.

Fast implementation

Since VLAN client switches automatically implement dynamic VLAN membership, it is faster than static VLAN membership. In static VLAN membership, if you change VLAN information, you need to manually update that information on all ports. In dynamic VLAN membership, switches automatically update the information on all ports.

Disadvantages of Dynamic VLAN membership

The disadvantages of dynamic VLAN membership are the following.

Complex configuration

The configuration of dynamic VLAN membership is complex. You need to map the MAC addresses of all end devices to VLANs on the VMPS switch. You also need to configure all other switches to get VLAN information from the VMPS switch.

Add extra cost to the network

You cannot use low-end Cisco switches as VMPS server switch. You need a high-end Cisco switch such as Catalyst 6500 switch to configure VMPS. High-end Cisco switches are costly.