Dynamic VLANs or Static VLANs

Posted on 2006-04-22
Last Modified: 2012-05-05

We are designing and implementing a new switching solution for our datacenter;  We have around 250 servers and have a 6500 switch.we are unable to decide between choosing either Static or Dyanmic VLANs. Can you recommend which is better and let us know why?

Question by:jaisimha_4474
    LVL 9

    Assisted Solution

    In my opinion, I would say static VLAN. Why? Because:

    1) Better performance.  No complex table lookup since port mapping is statically define.

    2) Less administrative overhead compare to dynamic VLAN. In dynamic VLAN you need to map every end users MAC address to a VLAN.

    3) Requires less resources. With dynamic VLAN, you need to have VMPS (vlan membership policy server) to map MAC address to a VLAN or use CiscoWorks2000 or CWSI.
    LVL 57

    Expert Comment

    I would need more detail.

    Dynamic VLAN's are really only usefull (IMHO) if you have a lot of desktops/laptops in different VLANs and you move the desktops/laptops move from location to location within your building/entreprise (meaning they are connected to different switch ports) quite often and you want the desktop/laptop to always be in the same VLAN.  There could be other uses for dynamic VLANs.

    LVL 14

    Accepted Solution

    Go with the static VLANs. I agree with stressedout2004's points, but they are not my chief concerns.

    My server room is fairly large and modular.  The power supply is arranged in a controllable grid format.  I know which master switches control which part of the server room.  The UPS grids are set up in a similar fashion.  The servers are setup in well spaced out racks, each rack supports a specific function or application.  They are all labelled and the cables are color coded to indicate which part of the room they came from.  We won't talk about the individual labels for the cables.  The room is also well diagrammed with rack contents on the front of each rack.  (there is concept and operational docs pertaining to this in the operations center)

    Our switch fabric is implemented in the same manner; servers on specific racks are on specific subnetworks.  When this is translated to the L2 switches, they are assigned specific switch blades.  The ports on a swicth blade are part of a specific subnetwork and VLAN.  Again, everything is properly labeled and documented.  

    So how is this beneficial to have static VLANs?
    1.   Easier to document and identify.  If you point to a specific cable, I can tell you which sub network/VLAN a cable is on.  
         (Which part of the room the server is in.  And if I look at the cable ID, find out which server its connected to in a short span of time.)
         If I removed that cable and placed it elsewhere on my switch fabric, I can tell you without too much effort, where it was and where it is by just looking at the
         cable, diagram and labeled port that it is on.
    2.  Understandable structure - I can pick up the logic of my switch fabric (and network) fairly quickly.  If a cable is out of place and I was a new guy, it would
         stick out like a sore thumb.  Since the switch ports are diagrammed and documented, understanding the flow becomes easy.
    3. Troubleshooting - this is the pay dirt for me.  Because I can trace from server to cable to switch port to switch and from any points after, the troubleshooting
        process can be a little cleaner.  With a dynamic VLAN, it adds one more unknown into the troubleshooting process.  And per the SLA that we have on the
        servers, I don't need another variable to eat up time especially if we have 1, 4 or 8 hours to resolve an intense issue.

    Now on the other side of things, I can see having allocate dynamic VLANs for users that are on the move in a company.  Where every they go in the infrastructure and plug in their laptops, they are still on their VLANs.  

    LVL 44

    Expert Comment

    Dynamic VLANS are for connecting to data centers and servers where you may have access but not know the topology of the other network -- e.g. networks for other scientific organizations in collaborating effort.

    If you know the NW and TCP/IP toplopy of the remote network you are connecting to, then use static, but you must realize, this takes correct exact setup.  If they change their IP, as UNI organizations often do, then you must also change the links to them.  Dynamic take away this need to synchronize all the time.
    LVL 14

    Expert Comment


    Its VLANs not VPNs

    Dynamic VLANs at associated create VLAN associations with MAC addresses.  If you change your IP address, you are still associated with the same VLAN because of the MAC address.  Worse yet, you will be hosed if that IP address you change to is outside of that subnetwork and still expect it to work.

    You're not exactly from this planet are you when it comes to this are you?

    LVL 57

    Expert Comment

    scrathcyboy, could you please explain how you think dynamic VLAN's are for connecting data centers an servers?  VLAN's are not for  connecting to remote networks.   How does dynamic VLAN take away the need to know the IP addresses?  What links?


    Author Comment

    Thanks everyone for the detailed comments and feedback

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Top 6 Sources for Identifying Threat Actor TTPs

    Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

    Some time ago I was asked to set up a web portal PC to put at our entrance. When customers arrive, they could see a webpage 'promoting' our company. So I tried to set up a windows 7 PC as a kiosk PC.......... I will spare you all the annoyances I…
    If your business is like most, chances are you still need to maintain a fax infrastructure for your staff. It’s hard to believe that a communication technology that was thriving in the mid-80s could still be an essential part of your team’s modern I…
    Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
    In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

    760 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    12 Experts available now in Live!

    Get 1:1 Help Now