Article directory
foreword
Go far to the world's astonishing banquet, and see the prosperity of the world
Introduction to VLAN
VLAN (Virtual Local Area Network), also known as virtual local area network, is an emerging technology that realizes virtual workgroups by logically rather than physically dividing devices in a local area network into network segments. In 1999, IEEE promulgated the 802.1Q protocol standard draft to standardize VLAN implementation.
VLAN technology allows network managers to logically divide a physical LAN into different broadcast domains (or virtual LANs, or VLANs). Each VLAN consists of a group of computer workstations that have the same needs and have the same attributes as a physically formed LAN. But because it is divided logically rather than physically, each workstation in the same VLAN does not need to be placed in the same physical space, that is, these workstations do not necessarily belong to the same physical LAN segment.
The broadcast and unicast traffic within a VLAN will not be forwarded to other VLANs. Even if two computers have the same network segment, but they do not have the same VLAN number, their respective broadcast streams will not be forwarded to each other, thus Helps control traffic, reduce equipment investment, simplify network management, and improve network security.
The role of VLAN
VLAN is proposed to solve the broadcasting problem and security of Ethernet. It adds a VLAN header on the basis of Ethernet frames, divides users into smaller workgroups with VLAN IDs, and restricts users between different workgroups to communicate with each other. Layer mutual access, each working group is a virtual local area network. The advantage of a virtual local area network is that it can limit the broadcast range, and can form a virtual working group to dynamically manage the network.
VLAN division method
There are four commonly used VLAN division methods: based on ports, based on MAC addresses, based on network layers, and based on IP multicast. The port-based VLAN port mode is established on the physical layer; the MAC mode is established on the data link layer; the network layer and IP broadcast mode are established on the third layer.
1. Divide VLANs according to ports
Many VLAN manufacturers use ports of switches to divide VLAN members. The configured ports are all in the same broadcast domain. For example, ports 1, 2, 3, 4, and 5 of a switch are defined as virtual network AAA, and ports 6, 7, and 8 of the same switch form virtual network BBB. Doing so allows communication between the ports and allows for upgrades to shared networks. However, this partitioning mode limits the virtual network to a single switch. The second-generation port VLAN technology allows multiple different ports across multiple switches to divide VLANs, and several ports on different switches can form the same virtual network. The network members are divided by switch ports, and the configuration process is simple and clear. Therefore, from the current point of view, this method of dividing VLANs based on ports is still the most commonly used method.
2. Divide VLANs based on MAC addresses
This method of dividing VLANs is based on the MAC address of each host, that is, configure which group each host with a MAC address belongs to. The biggest advantage of this method of dividing VLANs is that when the user's physical location moves, that is, when changing from one switch to other switches, the VLAN does not need to be reconfigured. Therefore, it can be considered that this division method based on the MAC address is based on the user's VLAN. The disadvantage of this method is that all users must be configured during initialization. If there are hundreds or even thousands of users, the configuration is very tiring. And the method for this division has also caused switch to carry out the reduction of efficient, because all may have the member of a lot of VLAN groups at the port of each switch, so just can't limit broadcast packet. In addition, for users who use laptops, their network cards may be replaced frequently, so VLANs must be constantly configured.
3. Divide VLANs according to the network layer
This method of dividing VLANs is divided according to the network layer address or protocol type (if multi-protocol is supported) of each host computer. Routing doesn't matter. The advantage of this method is that the physical location of the user has changed, there is no need to reconfigure the VLAN to which it belongs, and the VLAN can be divided according to the protocol type, which is very important for the network manager. In addition, this method does not require additional Frame tags are used to identify VLANs, which can reduce network traffic. The disadvantage of this method is that it is inefficient, because checking the network layer address of each data packet needs to consume processing time (compared to the previous two methods), and the general switch chip can automatically check the Ethernet frame of the data packet on the network Header, but to allow the chip to check the IP frame header requires higher technology and is more time-consuming. Of course, this is related to the implementation methods of various manufacturers.
4. Divide VLANs based on IP multicast
IP multicast is actually a definition of VLAN, that is, a multicast group is considered to be a VLAN. This method of division extends VLAN to the wide area network, so this method has greater flexibility Sex, and it is also easy to expand through routers. Of course, this method is not suitable for LAN, mainly because the efficiency is not high.
Using Cisco Packet Tracer to Realize VLAN Division Experiment
Network Topology
First open the Cisco Packet Tracer software, and connect the switches and hosts required for this experiment as follows:
Take host A as an example to configure the IP address as follows
Configuration of switch 0
Create three VLANs in the switch, and the names of the VLANs can
be chosen by yourself. Next, divide the interfaces into different VLANs and display the VLAN information as follows:
Divide the trunk ports for the ports between the switches.
Do the same in another switch 1 configuration, you can see that the ports are divided into different VLANs
Test Results
Take host A and host E as examples to test the configuration results:
host A
and host E
can be seen from the final results, host A can only ping host D, but cannot ping hosts B, C, E, and F, because host A and host D is jointly assigned in Vlan101, but not in the same Vlan as other hosts, so the data packet cannot reach
host B, only host E can be pinged, but hosts A, C, D, and F cannot be pinged. This is also because host B In Vlan102 with host E, the hosts in the same Vlan can communicate with each other, but the data packets of hosts in different Vlans will not be reachable, even if they are connected to the same switch.
postscript
If you have any questions, please leave a comment