|
In port-based VLAN
membership, the port is assigned to a specific VLAN independent of
the user or system attached to the port. This means all users
attached to the port should be members in the same VLAN. The network
administrator typically performs the VLAN assignment. The port
configuration is static and cannot be automatically changed to
another VLAN without manual reconfiguration.
As with other VLAN
approaches, the packets forwarded using this method do not leak into
other VLAN domains on the network. After a port has been assigned to
a VLAN, the port cannot send or receive from devices in another VLAN
without the intervention of a Layer 3 device.
The device that is
attached to the port likely has no understanding that a VLAN exists.
The device simply knows that it is a member of a subnet and that the
device should be able to talk to all other members of the subnet by
simply sending information to the cable segment. The switch is
responsible for identifying that the information came from a
specific VLAN and for ensuring that the information gets to all
other members of the VLAN. The switch is further responsible for
ensuring that ports in a different VLAN do not receive the
information.
This approach is quite
simple, fast, and easy to manage in that there are no complex lookup
tables required for VLAN segmentation. If port-to-VLAN association
is done with an application-specific integrated circuit (ASIC), the
performance is very good. An ASIC allows the port-to-VLAN mapping to
be done at the hardware level.
|