8-2
Catalyst 3550 Multilayer Switch Software Configuration Guide
78-11194-03
Chapter 8 Configuring Interface Characteristics
Understanding Interface Types
Port-Based VLANs
A VLAN is a switched network that is logically segmented by function, team, or application, without
regard to the physical location of the users. For more information about VLANs, see
Chapter 9,
“Creating and Maintaining VLANs.”
Packets received on a port are forwarded only to ports that belong
to the same VLAN as the receiving port. Network devices in different VLANs cannot communicate with
one another without a Layer 3 device to route traffic between the VLANs.
VLAN partitions provide hard firewalls for traffic in the VLAN, and each VLAN has its own MAC
address table. A VLAN comes into existence when a local port is configured to be associated with the
VLAN, when the VLAN Trunking Protocol (VTP) learns of its existence from a neighbor on a trunk, or
when a user adds a VLAN to the local VTP database.
To configure VLANs, use the vlan database privileged EXEC command to enter VLAN configuration
mode.
Add ports to a VLAN by using the switchport interface configuration commands:
•
Identify the interface.
•
For a trunk port, set trunk characteristics, and if desired, define the VLANs to which it can belong.
•
For an access port, set and define the VLAN to which it belongs.
Switch Ports
Switch ports are Layer 2 only interfaces associated with a physical port. A switch port can be either an
access port or a trunk port. You can configure a port as an access port or trunk port or let the Dynamic
Trunking Protocol (DTP) operate on a per-port basis to determine if a switch port should be an access
port or a trunk port by negotiating with the port on the other end of the link. Switch ports are used for
managing the physical interface and associated Layer 2 protocols and do not handle routing or bridging.
Configure switch ports (access ports and trunk ports) by using the switchport interface configuration
commands. For detailed information about configuring access ports and trunk ports, see
Chapter 9,
“Creating and Maintaining VLANs.”
Access Ports
An access port carries the traffic of and belongs to only one VLAN. Traffic is received and sent in native
formats with no VLAN tagging. Traffic arriving on an access port is assumed to belong to the VLAN
assigned to the port. If an access port receives a tagged packet (Inter-Switch Link [ISL] or 802.1Q
tagged), the packet is dropped, the source address is not learned, and the frame is counted in the No
destination statistic.
Two types of access ports are supported:
•
Static access ports are manually assigned to a VLAN.
•
VLAN membership of dynamic access ports is learned through incoming packets. By default, a
dynamic access port is a member of no VLAN, and forwarding to and from the port is enabled only
when the VLAN membership of the port is discovered. In the Catalyst 3550 switch, dynamic access
ports are assigned to a VLAN by a VLAN Membership Policy Server (VMPS). The VMPS can be
a Catalyst 6000 series switch; the Catalyst 3550 switch does not support the function of a VMPS.