Communication between VLANs

What are VLANs?

VLAN (Virtual LAN), translated into Chinese is " virtual local area network ". A LAN can be a network of a few home computers or an enterprise network of hundreds of computers. The LAN referred to by VLAN refers to a network divided by a router—that is, a broadcast domain.

Let's review the concept of broadcast domains first. The broadcast domain refers to the range to which the broadcast frame (the target MAC address is all 1) can be transmitted, that is, the range where direct communication is possible. Strictly speaking, not only broadcast frames, multicast frames (Multicast Frame) and target unknown unicast frames (Unknown Unicast Frame) can also travel unimpeded in the same broadcast domain.

Originally, a Layer 2 switch can only construct a single broadcast domain, but after using the VLAN function, it can divide the network into multiple broadcast domains.

Why do you need to split the broadcast domain?

That's because, if there is only one broadcast domain, it may affect the overall transmission performance of the network.

Segmentation of Broadcast Domain and Necessity of VLAN

When splitting broadcast domains, routers must generally be used. After using a router, the broadcast domain can be divided in units of network interfaces (LAN Interfaces) on the router.

However, under normal circumstances, there will not be too many network interfaces on the router, and the number of them is about 1 to 4 at most. With the popularity of broadband connections, broadband routers (or IP sharers) have become more common, but it should be noted that although they have multiple (usually about 4) network interfaces connected to the LAN side, but That is actually a switch built into the router, and it cannot split the broadcast domain.

Moreover, if a router is used to divide a broadcast domain, the number of divisions that can be divided depends entirely on the number of network interfaces of the router, making it impossible for users to freely divide a broadcast domain according to actual needs.

Compared with routers, Layer 2 switches generally have multiple network interfaces. Therefore, if it can be used to divide the broadcast domain, the flexibility of use will undoubtedly be greatly improved.

The technology used to divide the broadcast domain on the Layer 2 switch is VLAN. By using VLAN, we can freely design the composition of the broadcast domain and improve the freedom of network design.

experiment

PC1：　　　　　　　　　　　　　　　　　　　　　　　　　　　　PC2：

IP address: 192.168.1.1 IP address: 192.168.1.2

Subnet mask: 255.255.25.0 Subnet mask: 255.255.255.0

PC3：　　　　　　　　　　　　　　　　　　　　　　　　　　　　PC4：

IP address: 192.168.1.3 IP address: 192.168.1.4

Subnet mask: 255.255.255.0 Subnet mask: 255.255.255.0

SW1：

<Huawei>system-view　　//进入系统试图
[Huawei]undo info-center enable　　//关闭信息中心功能
[Huawei]sysname SW1　　//更改名字
[SW1]vlan batch 10 20　　//创建VLAN
[SW1]int e0/0/1  //进入接口
[SW1-Ethernet0/0/1]port link-type access  //设置接口模式为access
[SW1-Ethernet0/0/1]port default vlan 10  //设置允许vlan10通过
[SW1-Ethernet0/0/1]int e0/0/2
[SW1-Ethernet0/0/2]port link-type access
[SW1-Ethernet0/0/2]port default vlan 20
[SW1-Ethernet0/0/2]int e0/0/3
[SW1-Ethernet0/0/3]port link-type trunk  //设置接口模式为trunk
[SW1-Ethernet0/0/3]port trunk allow-pass vlan all  //设置允许所有vlan通过
[SW1-Ethernet0/0/3]quit
[SW1]quit
<SW1>save  //保存

SW2：

<Huawei>system-view 
[Huawei]undo info-center enable 
[Huawei]sysname SW2
[SW2]vlan batch 10 20
[SW2]int e0/0/1	
[SW2-Ethernet0/0/1]port link-type access 
[SW2-Ethernet0/0/1]port default vlan 10
[SW2-Ethernet0/0/1]int e0/0/2
[SW2-Ethernet0/0/2]port link-type access
[SW2-Ethernet0/0/2]port default vlan 20
[SW2-Ethernet0/0/2]int e0/0/3
[SW2-Ethernet0/0/3]port link-type trunk 
[SW2-Ethernet0/0/3]port trunk allow-pass vlan all 
[SW2-Ethernet0/0/3]quit
[SW2]quit
<SW2>save

Verify it by ping:

Ping PC2, PC3 on PC1