1. Overview and advantages of VLAN
1.vlan introduction
VLAN (Virtual Local Area Network) is a communication technology that logically divides a physical LAN (Local Area Network) into multiple broadcast domains. Hosts within a Vlan can communicate directly, but Vlans cannot communicate directly, thus limiting broadcast messages to one Vlan.
There are two ways to split a broadcast domain:
①Physical segmentation: Divide subnets, and different subnets cannot communicate with each other.
② Logical segmentation: VLAN division, different VLANs cannot communicate with each other.
2.The purpose and advantages of vlan
Purpose
When the number of hosts is large, problems such as serious conflicts, flooding of broadcasts, significant performance degradation, and even network unavailability will occur.
Advantage
1. Divide broadcast domains
2. Improve security
3. Simplified network management
2. Types of VLANs
① Static VLAN
Static VLAN allocation based on ports
②Dynamic VLAN
Dynamic VLAN classification based on MAC address
3. Basic concepts of VLAN
1.vlan tag
To enable the device to distinguish packets of different VLANs, a field identifying the VLAN information needs to be added to the packet. The IEEE802.1Q protocol stipulates that after the destination MAC address and source MAC address fields of the Ethernet data frame, and before the protocol type, Add a 4-byte VLAN tag (also called VLAN tag, Tag for short) to identify VLAN information.
Field explanation:
TPID: Indicates the data frame type
Priority: Indicates the 802.1Q priority of the data frame
CFI: Indicates whether the MAC address is encapsulated in a standard format in different transmission media, for compatibility with Ethernet and Token Ring networks
VID: VLAN ID, indicating the number of the VLAN to which the data frame belongs
Note: The device uses the VID in the VLAN tag to identify the VLAN to which the data frame belongs. Broadcast frames are forwarded within the same VLAN, which limits the broadcast domain to one VLAN.
2. VLAN tags of commonly used devices for sending and receiving data frames
2.1 In a VLAN switching network, Ethernet frames mainly have the following two formats:
Tagged frame (Tagged frame): A frame with a 4-byte VLAN tag added.
Untagged frame: Original frame without a 4-byte VLAN tag.
2.2 Link type and interface type
The data frames processed internally by the device all carry VLAN tags, and some devices on the network can only send and receive Untagged frames. To interact with these devices, the interface needs to be able to identify Untagged frames and add and remove VLAN tags to the frames when sending and receiving them. .
Users belonging to the same VLAN in the network may be connected to different devices, and there may be more than one VLAN across devices. If interworking between users is required, the interfaces between devices need to be able to identify and send data from multiple VLANs at the same time. frame.
In order to adapt to different connections and networking, the device defines three interface types: Access interface, Trunk interface, and Hybrid interface, as well as two link types: Access Link and Trunk Link.
①Link type
According to the number of VLANs that need to be carried in the link, Ethernet links are divided into:
access link
The access link refers to the data frame that can carry a VLAN and is used to connect the device and the user terminal. Normally, the user terminal does not need to know which VLAN it belongs to, nor can it identify frames with tags, so in the access link The frames transmitted on the road are all Untagged frames.
arterial link
Trunk links can carry data frames from multiple different VLANs and are used for interconnection between devices. In order to ensure that other network devices can correctly identify the VLAN information of data frames, all data frames transmitted on trunk links must be tagged.
②Interface type
access interface
Access mode is generally used to connect to the interface of a computer or router. Function: When the data is exchanged, the VLAN label is added, and when the data exits the switch, the VLAN label is removed.
trunk interface
A trunk link is generally used to connect switches. Its function is: it allows frames from multiple VLANs to pass through with tags, but it allows frames from one VLAN to be sent out from this type of interface without tags.
hybrid interface
Huawei proprietary protocol, the default interface type on Huawei switch interfaces
3.Default route
The default VLAN is also called PVID. The data frames processed by the device are all tagged. When the device receives an untagged frame, it needs to add a tag to the frame. What tag is added is determined by the default Vlan on the interface.
When the interface sends and receives data frames, the tag is added or removed.
For an access interface, the default VLAN is the VLAN it allows to pass through. Modifying the default VLAN can change the VLAN that the interface allows to pass through.
For trunk interfaces and hybrid interfaces, one interface can allow multiple VLANs to pass through, but there can only be one default VLAN. The default VLAN and allowed VLAN of the interface need to be configured separately and do not affect each other.
