VLAN concepts and benefits
In traditional switched Ethernet, all users are in the same broadcast domain, when a large-scale network, the number of broadcast packets to increase dramatically, when the number of broadcast packets accounted for 30% of the total network transmission efficiency will be significantly decreased. Especially when a network device fails, the network will continue to send broadcast, causing a broadcast storm, so that network traffic paralyzed. So, how to solve the problem should it?
We can use separate broadcast domains to solve this problem, there are two ways to separate broadcast domain.
Physically separated: from the physical network is divided into several small networks, broadcast isolation can then use the routing device to connect to different networks for communication.
Logical partitioning: the network is logically divided into several small virtual network, i.e. VLAN. VLAN works in the data link layer of the OSI reference model, a VLAN is a switched network, wherein all users are in the same broadcast domain, each connected to communicate through VLAN routing device.
VLAN technology,
control broadcast: Each VLAN is a separate broadcast domains, thus reducing the broadcast network bandwidth, improve network transmission efficiency, and a VLAN broadcast storm occurs without affecting other VLAN.
Enhanced Network Security: As the only exchange data between ports in the same VLAN, the port can not directly access between different VLAN, VLAN can therefore limit individual hosts to access the server resources. So, you can improve network security by dividing the VLAN.
Simplify network management: For switched Ethernet, if for some users re-distribution network, the network administrator for the physical structure of the network system of re-adjustment, or even the need for additional network equipment, this will increase the workload of network management . For network using VLAN technology, the sector according to a VLAN function, the application object group or geographic location of the user is divided into different logical network, may change without any physical connection to the network at the work station group or move between subnets. Use VLAN technology, greatly reducing the burden of network management and maintenance, reducing the cost of network maintenance.
VLAN species
1, static VLAN: Port-based VLAN static
静态 VLAN 即明确指定交换机的端口属于哪个 VLAN,这需要网络管理员手动配置。当用 户主机连接到交换机端口上时,就被分配到了对应的VLAN 中,如图所示。 这种端口和 VLAN 的映射只在本地有效,交换机之间不能共享这一信息。
2,动态VLAN:基于mac地址划分
静态VLAN的配置
1,VLAN的范围
2,配置静态VLAN的步骤
创建VLAN
方法一:VLAN数据库配置模式
Switch# vlan database 进入VLAN配置状态 Switch(vlan)# vlan 20 name test20 创建VLAN号及名称 Switch(vlan)# exit 退出 APPLY completed. Exiting……
方法二:全局配置模式(现在一般使用此种方法)
Switch# configure terminal 进入全局模式 Switch(config)# vlan 20 创建VLAN号 Switch(config-vlan)# name test20 创建VLAN名称 Switch(config-vlan)# exit 退出
删除VLAN
Switch# configure terminal Switch(config)# no vlan 20
Switch# vlan database Switch(vlan)# no vlan 20 Switch(vlan)# exit
将交换机的端口放到相应的VLAN中
例如:将端口fastethernet0/1分配到VLAN2
Switch# configure terminal 进入全局模式 Switch(config)# interface FastEthernet0/1 进入0/1接口模式 Switch(config-if)# switchport mode access 定义二层端口的模式 Switch(config-if)# switchport access vlan 2 把端口分配给某个VLAN Switch(config-if)# exit 退出
可以使用命令 Switch(config)# default interface interface-id 还原接口到默认配 置状态。
验证VLAN配置:查看VLAN信息
Switch# show vlan-switch brief
Trunk的作用
在两台交换机分别创建了不同的VLAN如何实现相同VLAN之间的通信呢
如果为每个VLAN创建一条物理链路,那么随着VLAN的数量增加,显然端口是不支持太多的占用的
类似现实生活中运送货物的例子,为了使货物在到达目的地后能被正确地区分开,通常 的做法是在货物上贴上不同的标识。那么在 VLAN 中,由于不同 VLAN 的 VLAN 号不同,实际 上可以只使用一条中继链路,将属于不同 VLAN 的数据帧打上不同的标识即可
在交换网路中,有两种链路类型接入链路,中继链路
接入链路:通常属于一个 VLAN。主机与交换机之间连接的链路就是接入链路。
中继链路:可以承载多个 VLAN。如图中的 SW1 与 SW2 之间的链路就是中继链路。 中继链路常用来将一台交换机连接到其他交换机上,或将交换机连接到路由器上
Trunk(干道、中继)的作用就是使同一个 VLAN 能够跨交换机通信。如图所示,在 VLAN 跨交换机通信的过程中,数据帧有什么变化呢?
(1)当 VLAN 30 中的主机 A 发送数据帧给主机 B 时,主机 A 发送的数据帧是普通的数据 帧。
(2)交换机 SW1 接收到数据帧,知道这个数据帧来自 VLAN 30 且要转发给 SW2,于是就 会在数据帧中打上 VLAN 30 的标识,然后发送给 SW2。
(3)SW2 接收到带有 VLAN 30 标识的数据帧后,根据目标 MAC 地址,得知数据帧是发送 给主机 B 的,就删除 VLAN 标识还原为普通的数据帧,然后转发给主机 B。
VLAN的标识的标记方法
1,ISL(Inter-Switch Link,交换机间链路)是 Cisco 私有的标识方法
2,IEEE 802.1q 是公有的标识方法,其他厂商的产品也支持这种标识方法
Trunk的配置
Switch(config)#interface {FastEthernet | GigabitEthernet} slot/port 进入接口模式配置
Switch(config-if)#switchport trunk encapsulation {isl | dot1q | negotiate} 选择封装类型
Switch(config-if)#switchport mode {dynamic {desirable | auto} | trunk} 将接口配置为Trunk
Switch(config-if)#switchport trunk allowed vlan remove vlan-id 从Trunk中删除某个VLAN
Switch(config-if)#switchport trunk allowed vlan add vlan-id 从Trunk中添加某个VLAN
Switch#show interface interface-id switchport 查看验证接口模式
Layer switching technology
using triple switching technology for inter-VLAN communications
tier exchange switching + Layer 3 forwarding =
MLS conventional multilayer switching
forward stream based
Send data to the three switches will come out when the engine in the first three data stream packet, the routing information inquiry, and then for a second floor re-encapsulation to obtain the source and destination MAC address ARP, forwarding achieved
A buffer write processing the first packet and the routing information of the re-encapsulated message, the subsequent data packet transmission will find information directly from the cache, transmitted directly to the destination host
Here on the realization of a multiple exchange routing
CEF-based MLS architecture is
based on a forward topology
Forwarding information base FIB: three-tier routing table mapping information synchronized three-tier routing table to achieve efficient hardware forwarding
Table abutting relationship: the source and destination MAC address obtained through ARP table
A host of data transmitted three routes, three routes through direct lookup two tables, forwards
Virtual Interface Overview
If the switch is already configured with two VLAN virtual interfaces, as if the virtual switch inside the gateway of the two VLAN, when the data enters from the physical interface is mapped to the virtual interface, to find their own gateway
If the interface is Trunk mode, the interface belongs to all VLAN
Three-tier exchange configuration
