VLAN Membership Policy Server (VMPS, discussed in the next section).

In this situation, the administrator must have very defined goals, and network planning must be more detailed so as to not create bottlenecks in the WAN. Your goal in defining an end−to−end VLAN solution must be centered around the 20/80 Rule: Maintain 20 percent of the network traffic as local, or within the VLAN, and design the WAN network to support speeds that will accommodate this use. (Just a few years ago, this rule was reversed—the administrators’ goal was to keep all the servers local and to allow only 20 percent or less of the network traffic to extend outside the local network.)

Note The ISL protocol, IEEE 802.10, IEEE 802.1, and LAN Emulation (LANE) all provide ways of sending multiple VLAN data traffic over certain physical media types, adding tagging information to frames to send data through the network, and creating trunk ports that carry VLAN data. ATM and LANE are covered in Chapter 8. Virtual Trunking Protocol (VTP) is used to let switches know about the VLANs that have been configured in the network. We will cover all of these topics in the rest of this chapter.

VLAN Membership Types

You can create two types of VLANs: static and dynamic. An administrator can configure the Access layer switches with a VLAN for each individual workgroup, and then assign each switch port to a particular VLAN. These are static VLANs; the port is assigned a VLAN number, and any device connecting to that port becomes a member of that VLAN by default.

A static VLAN is the most common and easiest in terms of administration. The switch port that you assign a VLAN association always remains in the VLAN you assign until you change the port assignment. Static VLAN configurations are easy to configure and monitor, and they work well in a network where the movement of users remains controlled. You can also use network management software such as CiscoWorks for Switched Internetworks (CWSI) to configure the ports on the switch.

A dynamic VLAN determines a node’s VLAN assignment automatically using a VLAN Membership Policy Server (VMPS) service to set up a database of Media Access Control (MAC) addresses. This database can be used for dynamic addressing of VLANs. VMPS is a MAC−address−to−VLAN mapping database that contains allowable MAC or physical addresses that are mapped to a particular VLAN. When the user boots up, the switch learns the MAC address and checks the database for the appropriate VLAN assigned to that MAC address. This process allows a switch port to remain in the same VLAN throughout the network regardless of the location at which the node resides.

It takes a lot of network management to maintain the databases of MAC addresses. Therefore, these types of VLANs are not very effective in larger networks. You can use intelligent network management software to allow you to match a VLAN number to a hardware (MAC) address, protocol, or even application address to create dynamic VLANs.

Traffic Patterns Flowing through the Network

VLANs need to be configured for optimal use through the network. If your servers do not support trunk links, you don’t want everyone outside the VLAN that the server resides in to have to route all the packets to and from a router or internal route processor. Therefore, you should place servers in the most optimal VLAN, to route the data traffic of as few VLANs as possible to and from the server. It doesn’t make sense to place your server in one VLAN and the rest of your work−stations in another.

Cisco’s VLAN Recommendations

Cisco makes certain recommendations to ensure that the switch block performs as it should. The first recommendation is that the Core layer not contain any routing and filtering policies. VLANs should not be a part of the Core layer, with the exception of those being routed along the backbone through trunk links. So, VLANs should not extend past the Distribution layer switches for interVLAN routing.

93

Page 109
Image 109
Cisco Systems RJ-45-to-AUX manual Vlan Membership Types, Traffic Patterns Flowing through the Network