What Is VLAN and How to Divide it?

As the network engineer, we should know the definition of VLAN: a close understanding of the VLAN firstly. Wana to study or pass IT certification exam fast? SPOTO will be the best choice.

VLAN is the abbreviation of English Virtual Local Area Network, also called virtual local area network. It is an emerging technology that realizes virtual workgroup by logically, rather than physically dividing, devices in the local area network into network segments. To divide VLANs, you must purchase a network device that supports VLAN functionality.

Second, the role of dividing the VLAN: dividing the VLAN network

VLANs are proposed to solve the broadcast problem and security of Ethernet. Broadcast and unicast traffic inside a VLAN will not be forwarded to other VLANs. Even if two computers on the same network segment are not in the same VLAN, their respective broadcast streams will not be forwarded to each other. Dividing VLANs helps control traffic, reduce equipment investment, simplify network management, and increase network security. Because VLANs isolate broadcast storms and isolate traffic between different VLANs, communication between different VLANs must rely on routers or Layer 3 switches.

Third, the division of VLAN:

There are four ways to divide VLANs, each of which has its own length. When dividing a VLAN into a network, you must choose a suitable partitioning method based on the actual situation of the network.

1. According to the port division VLAN: Many network vendors use the ports of the switch to divide VLAN members. As the name suggests, port-based VLANs define certain ports of a switch as a single VLAN. The first generation of VLAN technology only supports VLANs on multiple ports of the same switch. The second generation of VLAN technology allows VLANs to be divided across multiple ports of multiple switches. Several ports on different switches can form the same VLAN.

The advantage of dividing the VLAN according to the port is simple and straightforward, and the management is also very convenient. The disadvantage is that the maintenance is relatively cumbersome. However, VLAN division based on ports is the most commonly used VLAN division method.

2. VLAN according to MAC address: Each network card has a unique physical address, that is, a MAC address. The number of computers can be divided into the same VLAN according to the MAC address of the network card. The biggest advantage of this method is that when the physical location of the user moves, that is, when switching from one switch to another, the VLAN does not need to be reconfigured; the disadvantage is that all users must be configured when a VLAN is initialized, and the burden of the network management is compared. weight.

3. Divide VLANs according to the network layer: This method of dividing VLANs is based on the network layer address or protocol type of each host (if multi-protocol is supported), rather than according to route division. Note: This VLAN division is suitable for wide area networks and is not suitable for local area networks.

 4. VLANs are classified according to IP multicast: IP multicast is actually a VLAN definition. That is, a multicast group is considered to be a VLAN. This division method extends the VLAN to the WAN and is not suitable for the LAN, because the scale of the enterprise network has not yet reached such a large scale.

Obviously, all VLAN technologies are not completely suitable for enterprise networks. After having a comprehensive understanding of VLANs, the network management system should be able to make accurate judgments on whether or not to divide VLANs according to the network environment in which they are located.

Fourth, what kind of network needs to be divided into VLANs?

It is true that dividing VLANs can reduce the generation of broadcast storms and improve network communication efficiency. However, network management must also be clear. Unreasonable VLANs also affect network transmission performance. To this end, the network management must first clear whether the network is necessary to divide the VLAN before formulating the VLAN division network transformation plan. To determine whether a network needs to be divided into VLANs, it must be based on some parameters of the network operation. Several network parameters that have reference value for dividing VLANs are:

1. Network traffic: Generally, the network that needs to be divided into VLANs is because the network traffic is relatively large. For this reason, network traffic becomes an important network parameter for dividing VLANs. If the transmission performance of the enterprise network is very poor, you can use Sniffer and other software to check the network traffic, especially the broadcast traffic. If the network traffic is very large, the network must be divided into VLANs, otherwise there is no need to divide VLANs.

In addition, when viewing network traffic, it is necessary to take into account the effects of non-objective factors such as viruses. Once a client in the network is infected with a worm, the network traffic will also become larger.

2. Network scale: The network scale is proportional to the network traffic size. The more network clients, the larger the network traffic will be. The network size also becomes a network parameter that needs to be divided into VLANs. Experienced network management can estimate network traffic based on the network size of the enterprise. The enterprise's Internet application is nothing more than e-mail, web browsing and other business applications. The traffic of each machine is only about 300Kbps during normal operation, so that the total traffic of the network can be estimated. According to experience, there is no need to divide VLANs for enterprise networks with less than 100 clients, because the entire network traffic is not too large, and dividing VLANs can only reduce network transmission efficiency.

3. Security requirements: Dividing VLANs can improve the security of enterprise networks. Security requirements are also a reference condition for dividing VLANs. Many enterprises have higher security requirements for the network, because some secrets of the marketing department and the finance department do not want to be browsed by ordinary employees. In this case, enterprises must divide VLANs to strengthen the data of various departments of the enterprise.

By quantifying the three parameters of your network, you can determine whether your Internet cafe needs to divide VLANs. When dividing VLANs, there are also certain techniques. A good VLAN division mode will improve the transmission quality of the network.

Fifth, choose the appropriate VLAN division mode

Many network administrators only know that dividing VLANs can improve network transmission performance. It is not known that an unreasonable VLAN division mode will reduce the transmission performance of the network. Due to the different network environments of enterprises, the VLANs that are most suitable for their use are also divided. Below, the author combined with examples to explain in detail what kind of VLAN division mode is used by the enterprise network is more reasonable.

Enterprise network environment: There are 43 clients in the network, 35 of which are desktops and 8 laptops. The network traffic is not too large. Because the financial department has some sensitive data that it does not want to be seen by ordinary employees, in order to improve the security of the network, the network administrator decides to divide the VLAN into the network and block the communication between the ordinary employees and the employees of the finance department.

Enterprise application requirements: As can be seen from the above description, the enterprise divides VLANs to improve security and improve network transmission performance is not the main purpose. Because the number of clients in this enterprise is small, notebooks have strong mobility. In daily office, managers usually need to move notebooks to conference rooms to meet the needs of mobile office. In this case, the mode of dividing the VLAN according to the port is not suitable for the enterprise, and the most suitable VLAN division mode is based on the MAC address.

For enterprises, the most suitable VLAN division mode is to divide the VLAN according to the port and divide the VLAN according to the MAC address. For enterprise networks with a small number of clients and often requiring mobile work, VLANs are the best partitioning mode based on MAC addresses. For enterprise networks with a large number of clients and no mobile work, VLANs can be divided according to ports. In short, choose a suitable VLAN division mode according to network requirements.

Concluding remarks: Dividing VLANs seems to be a commonplace topic, but in practice, few people can use VLAN management as a management tool. More importantly, some enterprises do not need to divide VLANs into networks. As a result, network management has divided VLANs for them, resulting in reduced network communication efficiency. However, reasonable VLAN division can improve network transmission efficiency, and do not regard VLAN division as a solution speed. A slow recipe.