OBJECTIVE
The purpose of this post is to present an introduction to VLAN Assignment.
VLAN Assignment
VLANs can be assigned based on ports, MAC addresses, IP subnets, network protocols, and matching policies.
Table 1 describes differences between VLAN assignment modes.
| VLAN Assignment Mode | Principle | Advantage | Disadvantage |
| VLAN assignment based on port numbers | In this mode, VLANs are classified based on the numbers of ports on a switching device. The network administrator configures a port default VLAN ID (PVID), that is, the default VLAN ID, for each port on the switching device. That is, a port belongs to a VLAN by default.
the port is configured with a PVID. Different types of ports process VLAN frames in different manners. | It is simple to define VLAN members. | VLANs must be re-configured when VLAN members change locations. |
| VLAN assignment based on MAC addresses | In this mode, VLANs are classified based on the MAC addresses of network interface cards (NICs). The network administrator configures the mappings between MAC addresses and VLAN IDs. In this case, when a switching device receives an untagged packet, it searches the MAC-VLAN table for a VLAN tag to be added to the packet according to the MAC address of the packet. | When the physical locations of users change, you do not need to re-configure VLANs for the users. This improves the security of users and increases the flexibility of user access. |
|
| VLAN assignment based on IP subnets | When receiving an untagged packet, a switching device adds a VLAN tag to the packet based on the IP address of the packet. | Packets sent from specified network segments or IP addresses are transmitted in specific VLANs. This decreases burden on the network administrator and facilitates management. | This mode is applicable to the networking environment where users are distributed in an orderly manner and multiple users are on the same network segment. |
| VLAN assignment based on protocols | VLAN IDs are allocated to packets received on an interface according to the protocol (suite) type and encapsulation format of the packets. The network administrator configures the mappings between types of protocols and VLAN IDs. In this case, when a switching device receives an untagged packet, it searches the Protocol-VLAN table for a VLAN tag to be added to the packet according to the protocol of the packet. | The classification of VLANs based on protocols binds the type of services to VLANs. This facilitates management and maintenance. |
|
| VLAN assignment based on policies (MAC addresses, IP addresses, and interfaces) | In this mode, VLANs are classified based on MAC addresses and IP addresses configured on switched and associated with VLANs. Only users matching a policy can be added to a specific VLAN. After users are added to the VLAN, if their IP addresses or MAC addresses are changed, they no longer belong to the VLAN. |
| Each policy needs to be manually configured. |
Table 1 - Differences between VLAN assignment modes
If the switch supports multiple VLAN assignment modes, the priority is of policy-based VLAN assignment, MAC address-based VLAN assignment, IP subnet-based VLAN assignment, protocol-based VLAN assignment, and port-based VLAN assignment in a descending order.
MAC address-based VLAN assignment and IP subnet-based VLAN assignment have the same priority.
By default, MAC address-based VLAN assignment is preferentially adopted. Alternatively, you can run commands to change priorities of these two VLAN assignment modes to select a VLAN assignment mode.
Port-based VLAN assignment has the lowest priority and is the most common VLAN assignment mode.
Policy-based VLAN assignment has the highest priority and is the least useful VLAN assignment mode.
Figure 1 shows the process of classifying VLANs.
Figure 1 - Process of assigning VLAN
--- End
