1. Introduction to VLAN function:
1. VLAN (Virtual Local Area Network) is a virtual local area network, which is a technology that logically divides a physical local area network into multiple broadcast domains. By configuring VLANs on the switch, users in the same VLAN can communicate with each other at Layer 2, while users in different VLANs are isolated by Layer 2. This can isolate the broadcast domain and improve network security.
2. VLAN technology can logically divide a physical LAN into multiple broadcast domains, that is, multiple VLANs. VLAN technology is deployed at the data link layer to isolate Layer 2 traffic. Hosts in the same VLAN share the same broadcast domain, and Layer 2 communication can be directly carried out between them. The hosts between VLANs belong to different broadcast domains and cannot directly realize Layer 2 intercommunication. In this way, broadcast messages are restricted to each corresponding VLAN, and network security is also improved.
3. Traditional switches deployed with VLANs cannot realize Layer 2 message forwarding between different VLANs, so routing technology must be introduced to realize communication between different VLANs. VLAN routing can be implemented through a Layer 2 switch and a router, or through a Layer 3 switch.
For more learning materials for network engineers, click here
2. VLAN routing application scenarios:
1. Because hosts between different VLANs cannot achieve Layer 2 communication, they must pass Layer 3 routing to forward packets from one VLAN to another.
2. The third method to solve the communication problem between VLANs is:
Configure VLANIF interfaces on the Layer 3 switch to implement inter-VLAN routing. If there are multiple VLANs on the network, you need to configure a VLANIF interface for each VLAN, and configure an IP address for each VLANIF interface. The default gateway set by the user is the IP address of the VLANIF interface in the Layer 3 switch. VLANIF is a logical interface based on VLAN.
3. VLAN routing-each VLAN has a physical connection experimental configuration:
1. Topological diagram
2. Experimental purpose:
Through configuration, communication can be carried out between the same VLAN and different VLANs under the three-layer switch
3. Configuration ideas:
1) Configure IP address and gateway for each PC
2) Configure VLANIF for the Layer 3 switch
4. Configuration process:
Step 1: Configure IP address and gateway for each PC (take PC1 as an example)
Step two, configure the three-layer switch
1) Basic switch configuration, create VLAN and add VLAN to corresponding PC port
Switch>en //Enter privileged mode
Switch#conf t //Enter global configuration mode
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#hostname S1 //Modify the device name
S1(config)#vlan 10 //Create VLAN
S1(config-vlan)#vlan 20
S1(config-vlan)#int fa0/1 //Enter interface mode
S1(config-if)#switch mode acc //Change the port mode to Access mode
S1(config-if)#switch acc vlan 10
S1(config-if)#int fa0/2
S1(config-if)#switch mode acc
S1(config-if)#switch acc vlan 10
S1(config-if)#int range fa0/3-4 //When two or more consecutive ports belong to the same VLAN, you can use this command to quickly configure
S1(config-if-range)#switch mode acc
S1(config-if-range)#switch acc vlan 20
2) Configure VLAN-based logical interface VLANIF for the switch
S1(config-if-range)#int vlan 10 //Enter vlan10
S1(config-if)#ip add 192.168.1.254 255.255.255.0
S1(config-if)#int vlan 20
S1(config-if)#ip add 192.168.2.254 255.255.255.0
Four, configuration verification:
As shown in the figure above, the communication between hosts between vlan10 and vlan20 is realized by configuring VLANIF for the three-layer switch. PC1 can access PC2 in the same VLAN (vlan10) and can also access hosts PC3 and PC4 in different VLANs (vlan20).
At this point, the inter-VLAN routing-layer three switching experiment configuration is completed. Finally, to summarize, to achieve inter-VLAN communication, three methods can be used to achieve:
1) One physical interface per vlan. However, as the number of VLANs on each switch increases, this will inevitably require a large number of router interfaces, and the number of router interfaces is extremely limited. In addition, some hosts between VLANs may not need to communicate frequently. If configured in this way, the router's interface utilization will be very low. Therefore, this solution is generally not used in practical applications to solve the communication problem between VLANs
2) Single-arm routing. Configure the link between the switch and the router as a trunk link, and create sub-interfaces on the router to support VLAN routing. You need to create sub-interfaces on the router, and logically divide the physical links connecting the router into multiple. A sub-interface represents a logical link belonging to a VLAN.
3) Three-layer exchange. Create a VLANIF interface as a gateway for each VLAN. If there are multiple VLANs on the network, you need to configure a VLANIF interface for each VLAN, and configure an IP address for each VLANIF interface. The default gateway set by the user is the IP address of the VLANIF interface in the Layer 3 switch.