Join Telegram Study Group ▷
SPOTO is committed to providing with all kinds of IT certification study materials and best Service, with Professional and Outstanding Teams to help members fast Obtain IT certifications involving Cisco, CISSP, Huawei, AWS, study materials, practice tests and online training courses with thousands of candidates.
Virtual Local Area Network (VLAN) is an emerging technology that implements virtual workgroups by logically, rather than physically, dividing devices in a local area network into network segments. The IEEE issued a draft of the 802.1Q protocol standard to standardize VLAN implementation in 1999.
VLAN technology allows network managers to logically divide a physical LAN into different broadcast domains (or virtual LANs, or VLANs). Each VLAN contains a set of computer workstations with the same requirements and has a physically formed LAN. The same attributes. However, since it is logically and not physically divided, each workstation in the same VLAN does not have to be placed in the same physical space, that is, the workstations do not necessarily belong to the same physical LAN segment. Broadcast and unicast traffic inside a VLAN is not forwarded to other VLANs, which helps control traffic, reduce equipment investment, simplify network management, and improve network security.
VLAN is a protocol proposed to solve the broadcast problem and security of Ethernet. It adds a VLAN header based on Ethernet frames and divides users into smaller working groups by VLAN ID, which limits the difference between different working groups. The user's second-tier mutual visit, each workgroup is a virtual local area network. The benefits of virtual local area networks are that they can limit the broadcast range and form virtual workgroups to dynamically manage the network.
The implementation method of VLANs on the switch can be roughly divided into four categories:
1, based on port-based VLAN
This method of dividing VLANs is based on the ports of the Ethernet switch. For example, ports 1 to 4 of the Quidway S3526 are VLANs 10, 5 to 17 are VLANs 20, and 18 to 24 are VLANs 30. Of course, these ports belong to the same VLAN. It can be discontinuous. How to configure it depends on the administrator. If there are multiple switches, for example, you can specify that ports 1~6 of switch 1 and ports 1~4 of switch 2 are the same VLAN, that is, the same VLAN can span several Ethernet ports. Switches, according to port partitioning, are currently the most widely defined method of defining VLANs. IEEE 802.1Q specifies international standards for VLANs based on ports of Ethernet switches.
The advantage of this method of partitioning is that it is very simple to define VLAN members, just define all ports as defined. Its disadvantage is that if the user of VLAN A leaves the original port and reaches a port of a new switch, it must be redefined.
2, based on the MAC address to divide the VLAN
This method of dividing VLANs is divided according to the MAC address of each host, that is, the host for each MAC address is configured with which group it belongs to. The biggest advantage of this VLAN-based method is that when the user's physical location moves, that is, when switching from one switch to another, the VLAN does not need to be reconfigured. Therefore, it can be considered that the method of dividing the MAC address is based on the user's VLAN. The disadvantage of this method is that all users must be configured during initialization. If there are hundreds or even thousands of users, the configuration is very tired. Moreover, this method of partitioning also leads to a reduction in the efficiency of the switch execution, because there may be many members of a VLAN group on each switch's port so that the broadcast packet cannot be restricted. In addition, for users who use laptops, their network cards may be replaced frequently, so VLANs must be constantly configured.
3, based on the network layer to divide the VLAN
This method of dividing VLANs is divided according to the network layer address or protocol type of each host (if multi-protocol is supported), although this division method is based on a network address, such as an IP address, but it is not a route, and a network layer Routing has nothing to do with it. Although it looks at the IP address of each packet because it is not a route, there is no routing protocol such as RIP or OSPF, but bridge switching according to the spanning tree algorithm.
The advantage of this method is that the user's physical location changes, there is no need to reconfigure the VLAN to which it belongs, and VLANs can be divided according to the protocol type, which is important for the network administrator. Also, this method does not require additional Frame tags are used to identify VLANs, which reduces network traffic.
The disadvantage of this method is that it is inefficient because checking the network layer address of each packet requires processing time (relative to the previous two methods), and the general switch chip can automatically check the Ethernet of the data packet on the network. Head, but to make the chip check the IP header, it requires a higher technology and is more time-consuming. Of course, this is related to the implementation methods of various vendors.
4. Divide VLANs according to IP multicast
IP multicast is actually a VLAN definition, that is, a multicast group is a VLAN. This method of partitioning expands the VLAN to the WAN, so this method has more flexibility and is also easy to pass through the router. To expand, of course, this method is not suitable for LAN, mainly because it is not efficient.
In view of the current trend of VLAN development in the industry, considering the advantages and disadvantages of various VLAN division methods, in order to meet the needs of users in the specific use process to the greatest extent, and to reduce the workload of users in the specific use and maintenance of VLANs, Quidway S series The switch uses a method of dividing VLANs according to ports.
