I have been learning virtual local area networks in recent days, and now I will share the gains of these days.
Let's first quote the definition of virtual local area network on Baidu.
A virtual local area network (VLAN) is a logical set of devices and users that are not limited by physical location , and can be organized according to functions, departments, and applications, and communicate with each other as if they were inThe same network segment, hence the name virtual local area network. VLAN is a relatively new technology, which works onlayers 2 and 3 of theOSI reference model . A VLAN is a broadcast domain , and the communication between VLANs is done through a layer 3router.
With a LAN, why do you need a virtual LAN? , when thinking about this problem, let's take an example.
A company has two floors, the first floor has sales department 1 and technical department 1, and the second floor has sales department 2 and technical department 2. The same departments form a local area network. For example, sales department 1 and sales department 2 form a local area network, and technical department 1 and technical department 2 form a local area network. Some people must say that it is enough to divide the subnet, is it feasible?
Let's first consider the case of dividing only subnets. The topology diagram is as follows:
It seems that this picture is suitable, but there is actually a certain problem. It has the problem of the same broadcast domain. What does that mean.
We first took the host whose pc2 address of sales department 1 on the first floor is 192.168.1.2 to ping the host Pc3 of technical department 1, and found that our pings were indeed different because they were not in the same subnet. As shown in the figure:
Let's ping the host pc4192.168.1.3 of sales department 2 again, and we find that we can indeed ping.
This seems to meet our requirements.
Let's click on the simulation mode of the Cisco Simulator to see how the data is transferred.
We still use the sales department host 1192.168.1.1 to ping the sales department host 2192.168.1.3 to see what happened through the simulator.
We first use the arp -d command to clear the routing table of all hosts. You can also choose to shut down and restart the host, and the routing table will be lost. In this way, the hosts do not know the mac addresses of other hosts. Every time the host communicates, the arp protocol is called first to obtain the mac address of the destination host, and then the data packet is sent. You only need to enter arp -d once for each host. You don't need to enter it three times like I did. If you are not sure, you can enter the arp -a command to view the routing table information. If the query result is empty, it means that the routing table should not be emptied.
Now start pinging the host pc4.
The first step: pc2 starts to prepare to send data ICMP packets. It turns out that the host pc2 does not know the mac address of the other party. What should I do? So stop sending ICMP packets, and start calling its own ARP protocol to ask who is the destination host 192.168.1.3 and what is the mac address of the destination host. The ARP protocol is sent by broadcasting, that is, all hosts will receive this data packet. The ARP packet ARP says that my address is 192.168.1.2, and the mac address is..., I want to know the mac address of the host with the ip address 192.168.1.3.
The packets are in the box on the right.
Step 2: pc2 sends the ARP packet to the switch switch1.
Step 3: The switch starts to forward packets.
Did you notice that the technical department 1 on the first floor and the sales department 1 are not in the same subnet, and actually received the ARP data packets forwarded by the switch.
This is where the problem lies.
The host pc3 said to the host pc2: I am not in the same department as you, why do you still have to send it to me, occupying network resources in vain.
So how to prevent the switch from sending broadcast packets indiscriminately, just let the sales department 2 receive them, and don't let the technical department also receive the broadcast packets.
This uses the virtual machine local area network technology Vlan.
Step 1: We click the switch switch1 and enter the configuration options. We add a virtual LAN with Vlan number 10 and name Vlan10 in the Wlan database, and then add a virtual LAN with Vlan number 20 and name Vlan20.
Then create Vlan10 and Vlan20 in the switch switch2, and do the same operation as siwtch1.
点击交换机中的FastEthernet0/1,就是连接主机pc2的接口,我们将Vlan传输模式设置为Access,(Access模式只允许一种虚拟局域网传输就是只传输vlan10或则vlan20的数据)只能传输一种,不能同时传输两种。接着选中我们创建的vlan10虚拟局域网。这就代表着端口只传输vlan10的数据,不能直接传输vlan20虚拟局域网内主机的数据。
接着将端口0/2设置为Access和vlan20.
这样交换机switch1就划分了两个虚拟局域网vlan10和vlan。
然后也在swithc2上划分相同的虚拟局域网vlan10和vlan20。
接着将交换机之间的端口设置为Trun模式。这是交换机之间可以传输vlan10和vlan20两种虚拟局域网数据了。
然后按照上面的步骤,将交换机由于主机相连的端口设置为10或则20。如下图所示,主机的ip地址子网掩码设置,如图所示:
终于好了,我们销售部和技术部划分成了两个虚拟局域网vlan10和vlan20。
再ping主机pc4之前,我们还是先将各个主机的路由表arp清空。还是在各主机上输入arp -d命令。每个主机都要输入。
好了,我们现在再来看看主机pc2 ping主机pc4的过程。
是不是发现我们的问题解决了,上面的广播数据包没有发送到技术部,只发给了技术部2。
这就是虚拟局域网的好处。它就是用来分割广播域的,所有的广播数据都不会被其他虚拟局域网所接收到。这就是虚拟局域网的好处,既可以跨越地理位置又能分割广播域。
不同虚拟局域网一般是不同通信的,即使是在同一个子网下也不行。