3-15
User Guide for the Catalyst Express 500 Switches
OL-8122-01
Chapter 3 Customization
Isolate Traffic and Users through VLANs
You can assign switch ports to either the default VLAN or to VLANs that you
have created. Using only the default VLAN might be sufficient based on the size
and requirements of your network. We recommend that you first determine your
VLAN needs before creating VLANs.
The default VLAN is, by default, the management VLAN. After initial setup, you
can designate any VLAN on the switch as the management VLAN. The purpose
of the management VLAN is to ensure unlimited administrative access to all
users, devices, and traffic on the network. Because all network traffic flows
through the switch, you should assign one of the switch ports to the management
VLAN.
Depending on the type of device that is connected to the switch port:
•
A switch port applied with one of these port roles—Desktop, IP
Phone+Desktop, Printer, Server, Guest, and Other—can belong only to an
access VLAN. The access VLAN provides the attached device with the
specific access designed for that VLAN (for example, access only to
personnel records).
•
A switch port applied with one of these port roles—Switch, Router, and
Access Point—can send and receive traffic for all VLANs configured on the
switch, one of which can be identified as a native vlan. On this port, any
traffic that is received or sent without the VLAN explicitly identified is
assumed to belong to the native VLAN.
Both the switch port and the attached device port must be in the same native
VLAN.
A complete discussion about using VLANs is provided in Cisco LAN Switching
Fundamentals published by Cisco Press.