Table of contents
2.3, the main advantages of VLAN:
2.3.1, VLAN split broadcast domain
2.4.1, VLAN application on multiple switches
2.4.2, VLAN communication between switches
2.5, VLAN encapsulation protocol
2.6.1, static VLAN based on port division
1. Concept
1.1, LAN interconnection
- A local area network refers to a computer group composed of multiple computers interconnected in a certain area. Generally within a radius of several kilometers; LAN can realize file management and application software sharing. Features such as printer sharing, workgroup scheduling, e-mail and fax communication services, and the LAN is closed.
1.1.1, the advantages of LAN
- Privacy and security needs exist: LANs are separated by physical boundaries that can control access and protect sensitive data. This is especially important for businesses and organizations to ensure their internal networks are protected.
- Resource management and bandwidth control: LANs allow organizations to centrally manage and allocate network resources such as shared files, printers, and servers. In addition, the LAN can manage network traffic by implementing bandwidth control policies to ensure that each user gets a fair bandwidth allocation.
- Performance and latency control: LANs typically have higher transmission speeds and lower latency, which is critical for real-time applications and tasks that require fast response. Data exchange within the local area network can achieve better performance and response time.
1.1.2, Disadvantages of LAN
- Limited range: A LAN only works within a certain physical range, usually a building or a geographic area. If terminals in different geographic locations need to be connected, it needs to be implemented through a Wide Area Network (Wide Area Network, WAN).
- Scale and management complexity: When the LAN scales up, management and maintenance become more complicated. Issues such as IP address allocation, network topology design, and routing configuration need to be considered to ensure the normal operation of the network.
- Risk of single point of failure: LANs are usually connected by switches. If a switch fails, the entire LAN may not work properly. Therefore, to increase reliability, redundant devices and backup connections are usually introduced in the network.
1.2, Wireless LAN
- Wireless local area network is the product of the combination of computer network and wireless communication technology. From a professional point of view, WLAN uses an effective method of wireless multiple access channels to support communication between computers, and provides the possibility for communication mobility, personalization and multimedia applications. In layman's terms, WLAN is to provide the functions of Ethernet or token network without using traditional cables.
- Usually, the transmission medium of computer networking mainly relies on copper cables or optical cables to form a wired local area network. However, wired networks are limited by wiring in some occasions: wiring and rerouting require a large amount of engineering; lines are easily damaged; nodes in the network cannot be moved.
- When it is necessary to connect distant nodes, the wiring construction of laying dedicated communication lines is difficult, expensive, and time-consuming, forming a serious bottleneck for the rapidly expanding networking demand. Wireless local area network is to solve the above problems of wired network.
Two, VLAN
2.1, what is VLAN
- A Virtual LAN (Virtual Local Area Network) is a logical group of users connected on a physical device regardless of physical location
- It is a technology that divides a physical network into multiple logically independent virtual networks. Each VLAN can have different network characteristics and security policies, and the communication between them is managed through switches.
2.2, the role of VLAN
- The switch splits the collision domain, but cannot split the broadcast domain
- With the increase in the number of switch ports, broadcasts in the network increase, reducing the efficiency of the network
- In order to split the broadcast domain, VLAN is introduced
2.3, the main advantages of VLAN:
- Network segmentation: VLAN can divide a physical network into multiple logical networks, so that different departments, projects or user groups can independently manage and control their own networks. This improves the manageability and security of the network.
- Security: VLANs can implement isolation and security policy control, and communication between different VLANs needs to be approved by routers or layer-3 switches. This makes it harder for devices in a VLAN to be attacked or unauthorized from other VLANs.
- Enhanced performance: Through VLAN division, bandwidth allocation and flow control can be performed according to different application requirements, thereby improving network performance and response time.
- Flexible network expansion: VLAN can be flexibly adjusted and expanded according to organizational changes and needs without changing the physical topology, reducing the dependence on physical wiring.
2.3.1, VLAN split broadcast domain
- An important function of VLAN is to divide the broadcast domain into multiple independent parts, thereby limiting the broadcast range, reducing broadcast storms on the network, and improving network efficiency and reliability.
-
2.4, the application of VLAN
2.4.1, VLAN application on multiple switches
- Applying VLANs on multiple switches can realize functions such as network expansion, interconnection between VLANs, switch stacking, and creation of extended domains. This provides flexibility and scalability for network segmentation and management in complex network environments.
- Expansion of network scale: Multiple switches can divide the entire network into different VLANs through VLAN technology. Through logical division, it can support flexible deployment and management of large-scale networks.
- VLAN extension across switches: When a VLAN needs to cover multiple switches, a trunk link (such as 802.1Q protocol) can be used to connect the switches, and the communication between VLANs can be carried out through the trunk port. In this way, VLAN extension across switches can be realized and VLAN consistency can be maintained.
- Interconnection between VLANs: Configuring the same VLAN on multiple switches can realize the interconnection between these VLANs. By configuring the trunk port to allow VLAN data transmission between switches, devices can communicate between different VLANs through different switches.
- Switch stacking: Some advanced switches support the stacking function, and multiple switches can be combined into a logical unit and share the same control plane. In this way, VLAN configuration can be managed uniformly in the entire switch stack, which simplifies configuration and management work.
- Extended domain of VLAN: Sometimes, a VLAN requirement exceeds the capacity limit of a single switch. In this case, you can use multiple switches and configure the same VLAN ID, and connect them to form an extended domain. In this way, devices can communicate within the same VLAN through different switches.
2.4.2, VLAN communication between switches
- How to implement VLAN communication between switches?
- Add a link for each VLAN
- Switch-access mode --- divide vlan
- Switch-trunk mode --- allow all through
-
- Only one link is used, so how to identify data from multiple VLANs?
-
2.4.3, VLAN identification
- The switch tags each data frame destined for other switches with a VLAN ID
-
2.5, VLAN encapsulation protocol
- Encapsulation type for relaying on Ethernet
- IEEE 802.1Q
- Working principle and frame format of IEEE802.1Q 3-2
- IEEE 802.1Q defines the VLAN (Virtual Local Area Network) encapsulation format, which encapsulates frames by adding an additional VLAN tag. This tag contains VLAN ID information, which is used to identify the VLAN to which the frame belongs.
- Specifically, when an Ethernet frame needs to be transmitted in the network, if the VLAN function is enabled, the switch or router will insert a 4-byte VLAN tag at the head of the frame to encapsulate the original frame. In this way, the device at the receiving end can identify the VLAN to which the frame belongs according to the VLAN tag, and perform corresponding processing and forwarding.
- Using IEEE 802.1Q encapsulation can realize the division and isolation of VLAN, improve the utilization rate of network bandwidth, and enhance the flexibility and security of the network. It is a common encapsulation type for relaying on Ethernet
-
- Understand the data processing process of the switch
-
2.6, the type of VLAN
- Static VLAN based on port division
- Divide ports based on VLAN
- Static VLAN based on MAC
2.6.1, static VLAN based on port division
- Static VLAN based on port division (Static VLAN) is a VLAN management method configured on the switch, which implements VLAN division by associating the ports of the switch with specific VLANs.
- In static VLAN, the administrator manually configures which VLAN each port belongs to. Common configuration steps include:
- Create VLAN: First, the administrator needs to create the required VLAN on the switch, and assign a unique identification number (VLAN ID) to each VLAN.
- Port Segmentation: Administrators then need to associate each switch port with the corresponding VLAN. In this way, ports configured in the same VLAN can communicate directly, and ports in different VLANs are isolated by default.
- Optional configuration: administrators can also configure other attributes for each VLAN as required, such as the name of the VLAN, the IP address of the VLAN interface (SVI), etc.
- Static VLAN is suitable for fixed and infrequently changing division of network topology and device connections, and does not require frequent adjustment of VLAN membership. Simple configuration and efficient performance, but lack of flexibility and automatic adjustment capabilities.
It should be noted that the division of static VLANs is based on ports, so when the device connection or topology changes, the relevant configuration needs to be manually updated to maintain correct VLAN division.
