When a VLAN is provided at an access layer switch, an end user must be able to gain membership to it.
Two membership methods exist on Cisco Catalyst switches: static VLANs and dynamic VLANs.
• Static VLANs offer port-based membership, where switch ports are assigned to specific VLANs. End
user devices become members in a VLAN based on which physical switch port they are connected to.
No handshaking or unique VLAN membership protocol is needed for the end devices; they automatically
assume VLAN connectivity when they connect to a port. The static port-to-VLAN membership is
normally handled in hardware with application specific integrated circuits (ASICs) in the switch. This
membership provides good performance because all port mappings are done at the hardware level with
no complex table lookups needed.
• Dynamic VLANs are used to provide membership based on the MAC address of an end user device.
When a device is connected to a switch port, the switch must query a database to establish VLAN
membership. A network administrator must assign the user's MAC address to a VLAN in the database of
a VLAN Membership Policy Server (VMPS). With Cisco switches, dynamic VLANs are created and
managed through the use of network management tools like CiscoWorks 2000 or CiscoWorks for
Switched Internetworks (CWSI). Dynamic VLANs allow a great deal of flexibility and mobility for end
users, but require more administrative overhead.