This article introduces what VLANs are, why VLANs are divided, as well as various division methods and their corresponding advantages and disadvantages.
What is VLAN :
The Chinese name of VLAN (Virtual Local Area Network) is "Virtual Local Area Network". A virtual local area network (VLAN) is a logical set of devices and users that are not limited by physical location, and can be organized according to functions, departments, and applications, and communicate with each other as if they were in The same network segment, hence the name virtual local area network. VLANs work on layers 2 and 3 of the OSI reference model. A VLAN is a broadcast domain, and the communication between VLANs is accomplished through a layer 3 router. It has the following advantages: The management overhead of moving, adding and modifying network equipment is reduced; broadcasting activities can be controlled; the security of the network can be improved.
Why divide VLANs:
1. Improve security: Before VLANs are not divided, all hosts connected to the switch port are in one LAN, that is, in a broadcast domain. It is too simple to implement ARP man-in-the-middle attacks. After the VLAN is divided, the scope of ARP attacks is reduced. An ARP packet is a layer 2.5 packet and can only be transmitted in the same VLAN.
2. Improve performance: Without VLAN division, the entire switch is in one broadcast domain, and any broadcast message sent by any PC can transmit the entire WAN broadcast, which occupies a lot of bandwidth (causing broadcast storms). VLANs are divided, the size of the broadcast domain is reduced, and the reachable range of broadcast packets is reduced.
What are the methods of dividing VLANs:
1. Port-based division: This method explicitly specifies which VLAN each port belongs to.
Advantages: Simple operation.
Disadvantages: When there are many hosts, the workload is heavy; when the host port changes, the VLAN to which the port belongs needs to be changed at the same time.
2. Division based on MAC address: Division according to the MAC address of the host network card (each network card has a unique MAC address in the world). Determine the VALN to which the port belongs by checking and recording the MAC address of the network card connected to the port.
Advantage: When the physical address of the user host changes, there is no need to reconfigure the VLAN.
Disadvantages: All users need to be configured during initialization. When the number of hosts is large, the workload is large; because each port of the switch may need to save the MAC addresses of multiple hosts, the execution efficiency of the switch is reduced.
3. Division based on network protocols: VLANs are divided based on the network layer protocols used, which can be divided into IP/IPX/DECnet/AppleTalk/Banyan and other VLAN networks. This division by network layer protocol allows broadcast domains to span multiple switches, which is very attractive to network administrators who want to organize users for applications and services.
Advantages: After the physical location of the user host changes, the VLAN network to which it belongs does not need to be reconfigured; it is suitable for scenarios where users need to be organized for different applications and services.
Disadvantage: Checking the network layer address of each data packet requires processing time and is inefficient.
4. Based on IP address division: All hosts belonging to the same IP broadcast group are considered to belong to the same VLAN.
Advantages: good flexibility and scalability, can easily expand the network through the router.
Disadvantages: not suitable for local area network, inefficient.
5. Policy-based division: A division technique that comprehensively uses multiple (mentioned above) VLAN division technologies according to certain security policies according to different situations.
Advantages: This method has the ability of automatic configuration and a high degree of automation; it is very convenient to expand the network scale.
Disadvantages: Higher requirements for equipment.