Dynamic VLANs, explained but no configuration, as config is not needed for SWITCH, the ups and down of using it!

Posted on by Loopy

Wiring_Hell

I wasn’t sure what to put as a graphic here, so I thought a glimpse into troubleshooting hell would suffice, I dig the whole “chaos” theme of a million cables between devices 🙂

First I want to start with a couple things I previously had missed in prior articles:

  • If you want to see only a single VLAN’s information, “sh vlan id #”

Also If you remove the vlan from the switch configuration, the ports stay in the missing VLAN # until otherwise “statically” configured (and disappear from “sh vlan brief”), as we demonstrated in the last couple articles. However if you get on an interface and issue “no switchport access vlan #” to remove it, the port will return to Default VLAN 1.

Now onto a quick discussion about dynamic VLAN assignment

There is no configuration because you are only expected to know some theory for the exam, if you really see it at all, so I’ll try to keep it brief.

There is a thing called “VMPS” which translates to VLAN Membership Policy Server, which is the core of Dynamic VLAN assignment, so that is a very important acronym and name to remember!

VMPS is configured to track incoming frames source MAC address on certain ports, and if frames are seen coming in from that same source address on the other port, it will automatically updates the MAC entry table and places the new port in the same VLAN as the last known port configured for.

The major upside to this is it is fast, dynamic, and saves the admin time as well as being something an end user could do to get themselves back up and running if allowed near the switch (as a lot of small businesses are).

The major downside, is security, there is none. In fact, you must disable port security as part of the configuration for the dynamic VLANs, given I am not familiar with the configuration I am not sure how bad it gets but having to disable port security is baaad.

I’ll finish this off with some default behaviors, some redundant, and we are done with the Dynamic VLANs discussion:

  • VMPS must be configured before Dynamic VLANs can happen
  • VMPS uses STP Portfast by default – This feature can be turned off and still work
  • Trunk ports cannot be in a Dynamic VLAN because it’s technically in all ports by default

All of these can be used in Dynamic VLAN gotcha questions on exam day, so try to commit those to memory, and speaking of Trunk ports we have a whole section to get cracking on that and then STP mentioned above!

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s