VLAN is a technique of network switches that different computers can be divided into different networks to communicate with each other to achieve the purpose of improving security and network performance. To communicate across VLANs, you must use a router or a 3-layer switching module. The ADSL network in our city uses Cisco's Catalyst6509 three-layer switch in the access layer. Sets VLANs on the port to separate the users of the same IP segment. In this way, the security is high, but unfortunately, the game is not convenient, and the shared documents are inconvenient. It is necessary to transfer through other IP segments. So it broke through the VLAN became a top priority. My segment, IP address is 10.145.254.x, the gateway is 10.145.254.1, and the 24-bit mask is used. Because it is the same IP segment, the computer does not automatically forward data through the router, and it is intended to contact the other computer by direct communication. In a VLAN environment, ARP is not received, so direct communication is also banned. To achieve intercom, you must force your computer to send data to the router.
Let me know that the router determines whether a packet should be forwarded, which is based on its 2nd layer address and the 3 layer address. If the target MAC address of the packet is not the MAC address of the router interface, this package is not given to the router, but the 1 layer broadcast package generated by the HUB; if the target MAC address is the same as the MAC address of the router interface, but the target IP address Not the IP address of the router interface, this package should be routed; if the target MAC address and IP address match the router interface, the packet is sent to the router itself. When the computer is sending data, first judge the target and whether herself is in the same IP network segment. If you send an ARP request, query the MAC address of the other party, then the package is sent; if not in the same IP network segment, send the packet, and set the target MAC address in the header to the mac address of the router interface of the subnet. And the target IP address is a packet of the IP address of the computer that eventually receives the data. After the router receives the data, it will forward it. To force the computer to send the data sent directly to the router, you can get up from the ARP protocol or from the process of judging whether it is the same network segment. The use of ARP is as follows: 1. Use the arp -a command to view the known Mac list. Because there is only a gateway and itself in the VLAN, only the MAC address of the gateway is displayed here: Internet Address Physical Address Type 10.145.254.1 00-D0-04-14-AF-FC DYNAMIC 2, use the arp -s command to communicate with it The IP address of the computer is forcibly bundled with the MAC address of the gateway. In this way, this computer will send the data sent to the other party to the router. The other party's machine also runs this command, but the IP address is specified as this. For example, 10.145.254. Run ARP -S 10.145.254.a 00-D0-04-14-AF-FC passes through such settings, the computer also thinks yourself directly send data, and the router is a packet that needs the router. This is actually an ARP fraud technology.
The method of judging the use of the synopsis is as follows: Both parties use the route command to establish a "host route". The so-called host route is a routing project for a computer instead of an IP network segment, its target mask is 255.255.255.255. Run Route Add 10.145.255.255 10.145.255.255 10.145.255.255 10.1455.255.255 10.1455.255.255 10.1455.255.255 10.145.255.255 10.145.255.255 10.145.254.1 are running. According to the maximum matching principle of routing, the computer chooses the one in the mask when sending data, that is, the host route (32-bit mask), without thinking the other party and the same subnet (24 digits) Mask). With the above two methods, you can break through the limit of VLAN. In addition to the CS LAN Gane, other software runs normally outside the Internet Game normally.
