VLAN technology:
VLAN has the following advantages:
1 control network broadcast storm
2 Ensure network security
3 simplify network management
1, VLAN overview
VLAN (Virtual Local Area Network) is a virtual LAN, which is an emerging technique for virtual working groups to enable virtual workgroups by logically ratherning a device within a local area. IEEE promulgated in 1999
A draft 802.1Q protocol standard for qualancing the VLAN implementation.
VLAN (Virtual LAN) is a logical segment of the network user connected to the second layer switch port, which is not subject to the physical location limit of the network user according to user needs. A VLAN can be implemented in a switch or crossover. VLAN can be based on the bit of the network user
Set, role, departments, or groups according to the applications and protocols used by the network user. The switch-based virtual local area network can solve conflict domains, broadcast domains, and bandwidth problems for local area networks.
VLAN technology allows network managers to logically divide a physical LAN into a different broadcast domain (or called virtual LAN, ie VLAN). Each VLAN contains a computer workstation with the same needs, with physical LANs that are physically formed. The same properties. But because it is logical
Archive is not physically divided, so the workstations in the same VLAN do not have to be placed in the same physical space, ie these workstations do not necessarily belong to the same physical LAN network segment. Broadcasting and unicast traffic within a VLAN will not be forwarded to other VLANs, helping to control
Drainage, reduce equipment investment, simplify network management, and improve network security.
VLAN is an agreement to solve the broadcast problem and security of Ethernet. It adds VLAN heads based on Ethernet frames, divides users into smaller working groups with VLAN IDs, restricts different working groups. User Layers exchange, each working group is a virtual local area network.
The advantage of a virtual local area network can limit the range of broadcasts and can form a virtual working group and dynamic management network.
The implementation method of the VLAN on the switch can be roughly divided into 4 categories:
1. Port-based VLAN
This method of dividing the VLAN is to divide according to the port of the Ethernet switch, such as 1 of Quidway S3526.
4 port is VLAN 10, 5
17 is VLAN 20,18
24 is VLAN 30, of course, these ports that belong to the same VLAN can be discontinuous, how to configure, managed by administrators, if there are multiple switches, for example, can specify the switch 1 1
6 ports and switches 2
4 The port is the same VLAN, that is, the same VLAN can span several Ethernet switches. According to the port division is the most extensive method of the VLAN, IEEE 802.1Q specifies the international standards of VLANs based on ports of the Ethernet switch.
The advantage of this method of dividing is that it is very simple when defining the VLAN member, as long as all ports are defined, it is possible. Its disadvantage is that if the user of VLAN A leaves the original port, it is necessary to redefine it to a new switch.
2, based on MAC address division VLAN
This method of dividing the VLAN is based on the MAC address of each host, that is, all the hosts of each MAC address are configured which groups. The maximum advantage of this method of dividing the VLAN is that when the user physical location is moved, the VLAN is changed from one switch to other switches.
No need to reconfigure, so this can be considered that the division method according to the MAC address is based on the user's VLAN. When this method is initialized, all users must configure, if there are hundreds of or even thousands of users. The configuration is very tired. And this method of dividing is also guided
The switch execution efficiency is reduced, because there may be a number of members of many VLAN groups in the port of each switch so that the broadcast package cannot be restricted. In addition, for users who use laptops, their network cards may be replaced frequently, so that VLANs must be configured. 3, based on network layer division VLAN
This method of dividing the VLAN is based on the network layer address or protocol type of each host (if supported multi-protocol), although this division method is based on network addresses, such as IP addresses, but it is not routed, with network layers Routing has no relationships. Although it looks to the IP address of each packet,
But because it is not a routing, there is no RIP, OSPF, etc., but the bridge exchange according to the generated tree algorithm.
The advantage of this method is that the user's physical location changes, and does not need to reconfigure the locked VLAN, and can be divided according to the protocol type, which is important for network managers, and this method does not need to be added. Frame label to identify VLANs, which reduces network communication
the amount.
The disadvantage of this method is that the efficiency is low, because the network layer address of each packet is required to consume time-consuming time (relative to the front two methods), the general switch chip can automatically check the Ethernet of the network on the network. Head, but let the chip check the IP frame head, need higher technology, the same
It is also more time. Of course, this is related to the implementation of various vendors.
4, divided according to IP multicasting VLAN
The IP multicast is actually a definition of a VLAN, that is, a multicast group is a VLAN, which expands the VLAN to a wide area network, so this method has greater flexibility, and it is also easy to pass the router. Of course, this method is not suitable for local area networks
Mainly the efficiency is not high.
In view of the current trend of current industry VLAN development, considering the advantages and disadvantages of various VLAN division, in order to maximize the user's demand during specific use, the Quidway S series is reduced in the VLAN. Switch adopts port according to port
To divide the method of VLAN.
