When an end system is connected to a switch port, it needs to be associated
with a VLAN, in accordance with the network design. To associate a device with
a VLAN, the switch port to which the device connects will be assigned to a
single VLAN and therefore becomes an access port. A switch port can become an
access port through Static or Dynamic configuration.
Static Access
Port Association
On most switches, VLAN membership results from
execution of a specific switchport configuration command. In a local VLAN
strategy, the switch port is associated with the VLAN of other devices on that
same switch or switch cluster.
Attributes and characteristics of access
ports are:
- An access port is associated with a single VLAN.
- The VLAN to which the access port is assigned must exist in the VLAN
database of the switch or the port will be associated with an inactive VLAN
that does NOT forward frames.
- Because an access switch port is part of a VLAN or Layer 2 domain, that
port will receive broadcasts, multicasts, unicast floods, and so forth that are
sent to all ports in the VLAN.
- The end device will typically have an IP address that is common to all
other devices on the access VLAN.
Dynamic Access Port Association
Switch ports can be
dynamically associated with a given VLAN based upon the MAC address of the
device connecting on that port. This requires that the switch query a VLAN
Membership Policy Server (VMPS) to determine what VLAN to associate with a
switch port, when a specific source MAC address is seen on the switch port.
This might be beneficial with a set of workstations that roved
throughout the enterprise. Regardless of what switch or switch port the
workstation connected to, that switch port would become an access port on a
single, specific VLAN. Some security situations may require Dynamic VLAN
associations. However dynamic VLANs are not consistent with the Enterprise
Composite model and will not be discussed further in this course.