123
Key words
VLAN, VLAN aggregation, PVLAN, GVRP, VTP
1 VLAN overview
VLAN (Virtual Local Area Network) is a virtual LAN, which is an emerging technique for virtual working groups to enable virtual workgroups by logically ratherning a device within a local area. IEEE issued a draft 802.1Q protocol standard for standardizing VLAN implementations in 1999.
VLAN technology allows network managers to logically divide a physical LAN into a different broadcast domain (or called virtual LAN, ie VLAN). Each VLAN contains a computer workstation with the same needs, with physical LANs that are physically formed. The same properties. But because it is logically rather than physically divided, the workstations in the same VLAN do not have to be placed in the same physical space, ie these workstations do not necessarily belong to the same physical LAN network segment. Broadcasting and unicast traffic within a VLAN will not be forwarded to other VLANs, thereby helping to control traffic, reduce equipment investment, simplify network management, and improve network security.
VLAN is an agreement to solve the broadcast problem and security of Ethernet. It adds VLAN heads based on Ethernet frames, divides users into smaller working groups with VLAN IDs, restricts different working groups. User Layers exchange, each working group is a virtual local area network. The advantage of a virtual local area network can limit the range of broadcasts and can form a virtual working group and dynamic management network.
The implementation method of the VLAN on the switch can be roughly divided into 4 categories:
1. Port-based VLAN
This method of dividing the VLAN is divided according to the port of the Ethernet switch, such as the 1-4 port of Quidway S3526 is VLAN 10, 5 ~ 17 for VLAN 20, 18 ~ 24 is VLAN 30, of course, these ports belonging to the same VLAN Can be discontinuous, how to configure, by administrator, if there are multiple switches, for example, can specify 1 to 6 ports of the switch 1 to the same VLAN, that is, the same VLAN can span several Ethernet Switch, based on the port division is the most extensive method of the current definition VLAN, IEEE 802.1Q specifies the international standards of VLANs based on ports of the Ethernet switch.
The advantage of this method of dividing is that it is very simple when defining the VLAN member, as long as all ports are defined, it is possible. Its disadvantage is that if the user of VLAN A leaves the original port, it is necessary to redefine it to a port of a new switch.
2, based on MAC address division VLAN
This method of dividing the VLAN is based on the MAC address of each host, that is, all the hosts of each MAC address are configured which groups. The maximum advantage of this method of dividing the VLAN is that when the user is moved, that is, when the switch is moved from one switch, the VLAN does not need to be reconfigured, so this can be considered that the division method according to the MAC address is based on the user's VLAN. The disadvantage of this method is to initialize, all users must configure, if there are hundreds of or even thousands of users, the configuration is very tired. Moreover, this method also results in a reduction in the efficiency of the switch, because there may be a number of members of the VLAN group in the port of each switch, so that the broadcast package cannot be restricted. In addition, for users who use laptops, their network cards may be replaced frequently, so that VLANs must be configured.
3, based on network layer division VLAN
This method of dividing the VLAN is based on the network layer address or protocol type of each host (if supported multi-protocol)
Divided, although this division method is based on network addresses, such as IP addresses, but it is not routing, and has no relationship with the network layer. Although it looks at each packet's IP address, but because it is not routing, there is no RIP, OSPF and other routing protocols, but according to the spanning tree algorithm, the advantage of this method is that the physical location of the user changes, not Reconfigure the locked VLAN, and can be divided according to the protocol type, which is important for network managers, and this method does not require additional frame tags to identify VLANs, which can reduce network traffic.
The disadvantage of this method is that the efficiency is low, because the network layer address of each packet is required to consume time-consuming time (relative to the front two methods), the general switch chip can automatically check the Ethernet of the network on the network. Head, but let the chip check the IP frame header, require higher technology, while more time. Of course, this is related to the implementation of various vendors.
4, divided according to IP multicasting VLAN
The IP multicast is actually a definition of a VLAN, that is, a multicast group is a VLAN, which expands the VLAN to a wide area network, so this method has greater flexibility, and it is also easy to pass the router. Of course, this method is not suitable for local area networks, mainly efficient.
In view of the current trend of current industry VLAN development, considering the advantages and disadvantages of various VLAN division, in order to maximize the user's demand during specific use, the Quidway S series is reduced in the VLAN. The switch is divided into a VLAN according to the port.
123
