Introduction to Virtual Local Area Network VLAN

Others 2021-01-22 13:14:23 views: null

Virtual Local Area Network VLAN

VLAN

Virtual LANs are currently developing rapidly. The world's major major network vendors have implemented the VLAN protocol in their switch equipment. As the name suggests, VLAN is a virtual local area network. The definition of VLAN members can be divided into 4 types:

1. Divide VLAN according to port

This method of dividing VLANs is based on the ports of the Ethernet switch. For example, ports 1-4 of s2403 are VLAN A, 5-17 are VLAN B, and 18-24 are VLAN C. Of course, these ports belong to the same VLAN. It can be discontinuous. How to configure is up to the administrator to decide. If there are multiple switches, for example, you can specify the switch. Port 1-6 of switch 1 and port 1-4 of switch 2 are the same VLAN, that is, the same VLAN can span several For Ethernet switches, dividing according to ports is currently the most common method for defining VLANs. The IEEE 802.1q protocol specifies how to divide VLANs according to the ports of the switch.

The advantage of this method of division is that it is very simple to define VLAN members, as long as all ports are defined.

Its disadvantage is that if the user of VLAN A leaves the original port and arrives at a certain port of a new switch, it must be redefined.

2. Divide VLAN according to MAC address

This method of dividing VLANs is based on the MAC address of each host.

The biggest advantage of this method of dividing VLANs is that when the user's physical location moves, that is, when changing from one switch to another, the VLAN does not need to be reconfigured. Therefore, it can be considered that this division method based on MAC addresses is based on user VLAN.

The disadvantage of this method is that during initialization, all users must be configured. If there are hundreds or even thousands of users, the configuration is very tiring. Moreover, this division method also leads to a reduction in the efficiency of the switch, because there may be many members of the VLAN group on each switch port, so that broadcast packets cannot be restricted. In addition, for users who use laptop computers, their network cards may be replaced frequently, so VLANs must be continuously configured.

3. Divide VLAN according to the network layer

This method of dividing VLANs is based on each host's network layer address or protocol type (if multiple protocols are supported).
Although this division method may be based on network addresses, such as IP addresses, it is not a route and should not be confused with network layer routing. Although it checks the IP address of each data packet, it is not a route, so there is no routing protocol such as RIP or OSPF, but bridge switching based on the spanning tree algorithm.

The advantage of this method is that the user's physical location is changed, he does not need to reconfigure the VLAN he belongs to, and VLANs can be divided according to the protocol type, which is very important for network managers; also, this method does not require additional The frame tag is used to identify the VLAN, which can reduce network traffic.

The disadvantage of this method is efficiency, because checking the network layer address of each data packet is very time-consuming (compared to the previous two methods). The general switch chip can automatically check the Ethernet frame header of the data packet on the network, but To enable the chip to check the IP frame header, higher technology is required, and it is also more time-consuming. Of course, this is also related to the implementation methods of various manufacturers.

4. IP multicast as VLAN

IP multicast is actually a definition of VLAN, that is, a multicast group is considered to be a VLAN. This division method expands the VLAN to the wide area network.

Therefore, the advantage of this method is that it has greater flexibility and is easy to expand through routers.

The disadvantage is that this method is not suitable for LANs, mainly because of its low efficiency. For LAN multicast, there is a Layer 2 multicast protocol GMRP.

VLAN advantages

1. Reduce the cost of movement and change

The so-called dynamic management network, that is, when a user moves from one location to another, his network attributes do not need to be reconfigured, but are completed dynamically. This dynamic management network gives network managers and users Both have brought great benefits. A user, no matter where he goes, can access the network without any modification. This prospect is very bright. Of course, not all VLAN definition methods can do this.

2. Virtual working group

The most ambitious goal of VLAN is to establish a virtual working group model. For example, in a campus network, the same department as if on the same LAN, it is easy to access each other, exchange information, at the same time, all broadcast packets It is also restricted to the virtual LAN without affecting the people of other VLANs. If a person changes from one office location to another while he is still in the department, then his configuration does not need to be changed. At the same time, if a person Although the office location has not changed, he changed a department, so he only needs to configure it from the network administrator. The goal of this function is to establish a dynamic organizational environment. Of course, this is only a lofty goal. To achieve it, some other support including management is needed.

3. Restrict broadcast packages

According to the algorithm of the 802.1D transparent bridge, if a data packet cannot be routed, the switch will send the data packet to all other ports. This is the forwarding of the bridge's broadcast mode. This result is undoubtedly extremely Large waste of bandwidth. If VLAN is configured, then when a data packet is not routed, the switch will only send this data packet to all other ports belonging to the VLAN instead of all the ports of the switch. Data packets are restricted to one VLAN. To a certain extent, bandwidth can be saved.

4. Security

Because after VLAN is configured, data packets of one VLAN will not be sent to another VLAN. In this way, users of other VLANs cannot receive any data packets of this VLAN on the network, thus ensuring that the information of this VLAN will not be People in other VLANs eavesdropped to realize the confidentiality of information.

Guess you like

Origin blog.csdn.net/Lucien010230/article/details/111939112
Recommended
Domestic cloud input method - only Huawei has no cloud data upload security issues
Open Source Daily | Industrial open source project OGG 1.0; Sister, do you want to configure Firefox with me? Apple AI is far behind? Fedora 40
Ranking
Deploy Tomcat (Web) services Comments
jquery: event mechanism bind() on()
The simple and easy-to-understand basic encapsulation module makes Web testing easier!
Oracle Database on Linux solutions Chinese garbled
Talk about the REST API of Eureka Server
Instructions for companies applying for ISO certification
Spring mvc framework adds encryption/decryption of messages
Transport layer protocol-introduction of TCP protocol and the process of three-way handshake and four-time disconnection, and the difference with UDP protocol
MockMvc and Mockito - java.lang.AssertionError: JSON path "$" Expected: a collection with size <2> but: collection size was <0>
Redis cluster creation
Daily
More
2024-04-24(30)
2024-04-23(30)
2024-04-22(5)
2024-04-21(0)
2024-04-20(6)
2024-04-19(5)
2024-04-18(0)
2024-04-17(31)
2024-04-16(23)
2024-04-15(5)

Code World

© 2018 codetd.com