[CyberSecurityLearning 15] VLAN Technology and Trunk

Others 2021-03-21 09:11:51 views: null

table of Contents

1. Virtual Local Area Network VLAN (Virtual Local Area Network)

1. Broadcast/broadcast domain

2. The harm of broadcasting:

3. How to control the broadcast? ?

4. VLAN overview and advantages

5. One VLAN = one broadcast domain = one network segment, VLAN is a Layer 2 technology

6. Types of VLAN:

7. Static VLAN command:

​1) Create VLAN:

2) View the VLAN table:

3) Add different ports to different VLANs:

Two, trunk

1. Trunk/relay link, public link

2. Trunk label:

3. Switch port link type:

4. Configure the trunk command:

1. Virtual Local Area Network VLAN (Virtual Local Area Network)

review:

ARP protocol can only work on the same network segment (why? Because routers do not forward arp packets)
Why ARP packets can only work on the internal network and cannot go out (because you have to figure out that this network segment must pass through the router, and the router forwards The basis of the data is the routing table, and the routing table checks where you are going? Arp cannot tell you where you are going. Only IP packets can tell the router that I want to be in the group, so ARP packets can never get out of the LAN, so arp attacks only Can attack the intranet)

1. Broadcast/broadcast domain

Broadcast: The data frame with the broadcast address as the destination address.
Broadcast domain: The network can receive the same broadcast set of all nodes (that is, the broadcast range). The
smaller the broadcast domain, the better

2. The harm of broadcasting:

Increasing the burden on the network/terminal (PC), spreading viruses, and security

3. How to control the broadcast? ?

Control broadcast = isolated broadcast domain
router isolated broadcast (physically isolated broadcast)

Disadvantages of router isolation broadcast: high cost and inflexibility

The new technology VLAN is used to control the broadcast
VLAN technology is implemented on the switch (management switch should be bought), and the broadcast domain is divided by logical isolation (VLAN is a technology, no need to add new equipment)

Analogy: It is equivalent to bringing a headset with good sound insulation . Although in a room, only people with the same frequency band can communicate with each other.
Everyone is logically isolated, and they have not left the room physically. The headset is removed and there is still a local area network. . Since it is a logical isolation, it can be changed arbitrarily,
as long as the frequency band is changed.

There is also a VLAN ID in VLAN (equivalent to the frequency band of the headset in the above example). The
VLAN technology is to logically isolate a physical LAN into several virtual LANs.
Different VLAN IDs cannot communicate. The purpose of creating VLAN IDs is Create a "band"

What is VLAN for? Control the broadcast, logically isolate the broadcast domain.

VLAN is a two-layer technology, does not require the intervention of ip address, it is the relationship between port and VLAN

4. VLAN overview and advantages

5. One VLAN = one broadcast domain = one network segment, VLAN is a Layer 2 technology

6. Types of VLAN:

①Static VLAN (80 to 90% of companies are using static VLAN, and 10% are using dynamic)
* Manual configuration
* VLAN based on port division

②Dynamic VLAN

*Manual configuration
* VLAN based on MAC address//Use 802.1x port authentication, divide VLAN based on account

7. Static VLAN command:


1) Create VLAN:

conf t
vlan ID,ID,ID-ID [Each ID represents a virtual local area network, the comma represents discontinuous creation, and the bar represents continuous creation] There is no order for the ID behind vlan
[name custom name] --- "[ ] Stands for optional, name is the
exit for people

2) View the VLAN table:

show vlan brief

3) Add different ports to different VLANs:

int f0/x (interface configuration mode)
switchport access vlan ID (add the switch port to a VLAN)
exit

Verify it: do show vlan brief

Ping PC2 on PC1 and found that although they are on the same network segment, they cannot communicate

When vlan is not configured, the default is in vlan1

 

After the switch receives a frame, the first step is to look at the vlan table

Vlan must be manually configured on each switch

F0/10 and F0/9 are not divided into vlan

PC1 and PC4 even in the same VLAN can not communicate (the fundamental reason is that there is a case of cross-switch )

How to deal with it?

Method 1. Connect a line between the switches, put the interfaces connected by this line to vlan10, and then connect a line between the switches, put the interfaces connected by this line to vlan20 (trouble)

Method 2. The two interfaces connected to the switch are set to not belong to any vlan (not belong to vlan1, 10, 20), and become public ports (the technical term is called trunk port, English: trunk [other ports that do not belong to trunk port are called connection Incoming port ]). At this time, all VLANs are allowed to pass from me.
Now that the switch on the right receives two frames through the public link, how can I tell which virtual world this data frame belongs to?
The switch makes a "label" on the frame to distinguish different VLANs . This label is called a VLAN label (see the figure below). The switch adds the "label", and the other switch removes the "label" [must be equipped with trunk before Recognize this label]

Question: After we configured trunk on the two switches, we realized the communication between different VLANs, right?
Trunk only solves the problem of communication between the same VLANs when crossing switches

Two, trunk

1. Trunk/relay link, public link

Function: Allow all vlan data to pass through the trunk link
Method: distinguish the data of different vlans by adding tags on the data frame

2. Trunk label:

1) ISL tag : Cisco proprietary, the tag size is 30 bytes (26+4) [No damage to your frame, just add 20byte before your frame and 4byte after the frame]
2) 802.1q tag : Public protocol, supported by all manufacturers, the label size is 4 bytes. Belong to internal label (divide your frame into two, add a label inside).

When the switches of two manufacturers also want to be equipped with trunk, it is fine. The label should use 802.1q label.

3. Switch port link type:

1) Access port: also known as access port, generally used to connect to PC, can only belong to a certain vlan, and can only transmit data of one vlan
2) Relay port: also called trunk port, generally used to connect to others The switch, which is a public port, allows all vlan data to pass through!

4. Configure the trunk command:

Configure a port as a trunk (both ports connected to the public link must be configured)

  int f0/x
    [switchport trunk encapsulation dot1q/isl ] (encapsulation: encapsulation) [] means optional
    switchport mode trunk (access by default)
    exit

Task: Analyze the working principle of the switch by yourself (after configuring vlan and trunk)

Guess you like

Origin blog.csdn.net/Waffle666/article/details/113528557
Recommended
Ranking
A quick primer on numpy basics
Two sister tease python project
Java | Multiple keywords in the replacement content are returned to the front end in red style
C ++: references
The string leetcood 1018 is a binary prefix divisible by 5
Flutter 布局组件
Java combat spingboot-redis
PMP pre-exam sprint and wrong questions sorting
ActiveMq C# Message Features: Delayed and Timed Message Delivery
DSP28377S_ copy a program from the RAM to FLASH portion DETAILS
Daily
More
2024-05-16(23)
2024-05-15(5)
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)

Code World

© 2018 codetd.com