VLAN Basics 1_Overall Introduction

Enterprise 2023-09-18 22:32:09 views: null

Table of contents

1.VLAN overview

2.VLAN frame format

3.VLAN port type

4.Default VLAN

5. VLAN tagging and de-tagging

6.VLAN division method

1.VLAN overview

VLAN (Virtual LAN) is a technology that logically divides network devices into multiple virtual networks from a single physical network. VLAN can group devices in the network so that only devices in the same group can communicate with each other, which enhances network security, flexibility, and management efficiency.

The implementation of VLAN requires a switch or router that supports it, because VLAN is divided through the ports of the switch or router. Using VLAN, administrators can set different network policies for different groups. For example, VLAN 100 can be the group of the financial department, and VLAN 200 can be the group of the marketing department. Different groups are isolated from each other and will not interfere with each other. It also facilitates network management.

The main advantages of VLAN are as follows:

  • Improve network security: VLAN can isolate sensitive network traffic into specific VLANs to prevent network attacks and illegal access.
  • Improve network performance: VLAN can reduce broadcast storms and improve network throughput and operating efficiency.
  • Improve network flexibility and manageability: VLAN can manage the device as a whole as needed to simplify the management and maintenance process.

 Figure 1 LAN and virtual LAN

2.VLAN frame format

 Figure 2 VLAN frame format

The VLAN tag occupies 12 bytes,

TPID: Tag Protocol Identifier, 2 bytes, used to identify the VLAN type of the frame, usually 0x8100 indicating the standard IEEE 802.1Q VLAN.

PRI: Priority, 3 bits, used for QoS/CoS (Quality of Service/Class of Service).

CFI: Canonical Format Indicator, 1 bit, used to identify whether the MAC address is in the canonical form, generally set to 0.

VID: VLAN ID (VLAN identification), 12 bits, ranging from 0 to 4095, where 0 and 4095 have special meanings, indicating untagged and global VLAN respectively.

3.VLAN port type

The implementation of VLAN requires the use of network devices such as switches and routers, which have different ports.

Here are some common VLAN ports:

  • Access Port: This port is used to connect devices and can only belong to one VLAN. When a data packet is sent out from this port, the data packet will be sent directly to the VLAN to which the port belongs, and other VLANs will not receive the data packet.
  • Trunk Port: This port is used to connect network devices such as switches and routers, and can transmit data packets from multiple VLANs at the same time. Packets transmitted on this port are tagged so that the receiving port knows which VLAN the packet belongs to.
  • Hybrid Port: This port can belong to multiple VLANs and can be used as an Access Port and a Trunk Port at the same time. Generally used to connect devices that require multiple VLANs, such as servers.

4.Default VLAN

The default VLAN refers to the default VLAN ID of the switch. The default VLAN ID is usually 1. All types of VLAN ports need to set the VLAN ID. The default VLAN ID of different types of VLAN ports has different uses.

The default VLAN ID refers to the VLAN number to which an unconfigured port on a switch or router belongs by default. When a port is connected to a switch and configured not to join any VLAN, it becomes part of the VLAN represented by the default VLAN ID. The default VLAN ID is usually set to 1 because it is the earliest VLAN number defined in the IEEE 802.1Q protocol and is also the default setting of many switches. However, in some cases, the default VLAN ID may be configured to a different value.

The default VLAN ID plays an important role in the network. It provides an easy way for new devices to join the network without complex VLAN configuration. When a device is plugged into a switch's port, it can immediately start sending and receiving data without any additional setup.

However, the default VLAN ID may also cause network security issues. If the network administrator does not properly configure ports that are not assigned VLANs, attackers can use these ports to access sensitive information on the network. Therefore, network administrators should regularly check the default VLAN ID configuration in the network and make necessary changes as needed.

5. VLAN tagging and de-tagging

Before understanding VLAN tagging and de-tagging, we must know the principles of how switches handle VLANs.

in principle:

1. Frames entering the switch must carry VLAN tags.

2. Frames leaving the switch may or may not have VLAN tags.

When many articles and books discuss VLAN tagging and de-tagging, they all discuss it from the perspective of VLAN ports. In this way, we usually fall into a mindset. It is very complicated to understand VLAN from the perspective of VLAN ports.

If we understand VLAN tagging and de-tagging from the perspective of a switch processing VLAN, it will be easier for us to master it.

First, we understand the first principle: 1. Frames entering the switch must carry VLAN tags.

From the first principle, we can know that the data entering the switch from any VLAN port must be tagged with a VLAN tag. If the original frame does not have a VLAN tag, we must add a VLAN tag. If the original frame has a VLAN tag, we have to determine whether the frame is allowed to pass.

We can understand the principle of port receiving VLAN through the following table:

Table 1 How different VLAN ports receive data frames

Next, let’s understand the second principle: 2. Frames leaving the switch may or may not have VLAN tags. 

If the exchanged frames are connected to the host, because the host usually does not process frames with VLAN tags, any VLAN port that wants to connect to the host needs to remove the VLAN tag. If the outgoing frame is connected to a switch or router, it needs to carry a VLAN tag. At this time, the VLAN port cannot remove the VLAN tag.

We can understand the principle of port sending VLAN through the following table:

 Table 2 How different VLAN ports send data frames

According to the different characteristics of different VLAN ports, the usage scenarios of VLAN ports have been fixed.

  • Access ports are usually used by switches to connect to hosts.
  • Trunk ports are commonly used for connections between switches and switches, and switches and routers.
  • Hybrid ports can be used for connections between switches and hosts, switches and switches, and switches and routers.

6.VLAN division method

There are mainly the following methods for VLAN division:

Port mode: Divide VLAN according to the switch port, that is, assign a VLAN number to each port.

MAC address method: VLANs are divided according to the MAC address of the device. The same MAC address belongs to the same VLAN.

IP subnet mode: VLANs are divided according to IP addresses. Devices in the same subnet belong to the same VLAN, and devices in different subnets are divided into different VLANs.

Protocol mode: VLANs are divided according to the protocol type to which the data frame belongs.

Other ways: Some other ways to divide VLANs.

Guess you like

Origin blog.csdn.net/weixin_28673511/article/details/131240362
Recommended
Ranking
[Algorithm] greedy _ program scheduling issues
Spring 控制反转(IOC)
Data structure-6.6 figure
Indicates that the class or member method has abstract properties
Huawei v5 server installed Linux operating system
Postgresql source code analysis - creating ordinary tables
Chapter 10 Evaluation Classification Results
Cloud service Ubuntu 20.04 version uses Nginx to deploy static web pages
Java Exercise 17.1
Solve the problem that git cannot automatically push submission in IDEA Push failed: Failed with error: Could not read from remote repository.
Daily
More
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)

Code World

© 2018 codetd.com