Shulou(Shulou.com)06/01 Report--

This article mainly introduces "what are the division methods of VLAN". In the daily operation, I believe that many people have doubts about the division of VLAN. The editor consulted all kinds of materials and sorted out simple and easy-to-use operation methods. I hope it will be helpful for you to answer the doubts about "what is the division of VLAN?" Next, please follow the editor to study!

One: what is VLAN

Broadcasting plays a very important role in the network, such as discovering new equipment, adjusting network path, IP address leasing and so on. Many network protocols use broadcast. However, with the increase of the number of computers in the network, the number of broadcast packets will increase sharply. When the number of broadcast packets accounts for 30% of the total communication, the transmission efficiency of the network will decrease significantly. Therefore, when the number of computers in the local area network reaches a certain number, the network is usually separated by dividing the VLAN (virtual local area network). A large broadcast domain is divided into several small broadcast domains to reduce the damage that may be caused by broadcasting.

How to separate large broadcast domains? The simplest solution is physical separation, in which a complete network is physically separated into two or more subnetworks and then connected to each other by a routing device capable of isolating broadcasts. In addition to the method of dealing with physical separation, logical separation is adopted on the switch to divide a large local area network into several small virtual subnets, namely VLAN, so that each subnet becomes an independent broadcast domain, and the communication between subnets must be through layer 3 devices.

Second: the division of VLAN

1. Port-based VLAN

Port-based VLAN is the most commonly used partition VLAN method, which is supported by almost all switches. It means that the network administrator uses the network management software or directly sets up the switch to assign some ports to a certain VLAN directly and forcibly. Unless the network administrator resets, these ports will always belong to the VLAN. This partition is also known as static VLAN.

Access interface: the interface used on the switch to connect to the user host, which can only connect to the access link (Access Link).

Trunk interface: the interface on a switch that is used to connect to other switches. It can only connect to the main road link (Trunk Link).

In addition, there is another interface called Hybrid interface, which is the interface on the switch that can connect not only the user host, but also other switches. The Hybrid interface can connect both access links and trunk links.

two。 VLAN based on MAC

It refers to dividing VLAN according to MAC address with the help of intelligent management software. This division method is generally used when only one terminal is connected to each switch port. The port uses the MAC address, logical address or protocol type of the network packet to determine the subordinate of its VLAN and divides the port into different VLAN. MAC-based VLAN is also known as dynamic VLAN. Because the MAC address is unique in the world, the security of the VLAN partition method is also high.

3. VLAN based on IP

It refers to the VLAN divided according to the IP address. The switch belongs to the second field of OSI, so the ordinary switch can not recognize the network layer message in the frame, but with the emergence of the third layer switch, it combines the switching function of the second layer with the routing function of the third layer, so that the switch can also recognize the network layer message, and the IP address in the message can be used to define the VLAN.

4. VLAN based on Multicast

As a point-to-multipoint communication, multicast is one of the effective ways to save network bandwidth. In multimedia applications, when the multimedia signal of one node needs to be transmitted to multiple nodes, whether it is repeated point-to-point communication or broadcast, the network bandwidth will be seriously wasted, and only multicast is the best choice. Multicast enables one or more senders to send frames to the group address rather than to a single host. Among them, recipients who want to participate in a particular group need to send an IGMP "join message" with a group address to the nearest router, and then the router uses multicast routing protocols such as DVMRP, PIM, and so on, to establish a distribution tree from the source to all recipients. The receiver can dynamically join or leave a multicast group at any time. Applications that support IP multicast include audio / video conferencing, "push" technologies (such as stock quotes, sports scores, messages) and virtual reality games. VLAN based on multicast dynamically defines the ports that need to communicate at the same time into a VLAN, and solves the problem of point-to-multipoint communication by broadcasting in VLAN.

Third: the significance of VLAN

1. Reduce the cost of managing movement and change

With VLAN, when you need to move a computer from one subnet to another, you only need to redefine the VLAN member on the switch. Especially when using MAC address to dynamically divide VLAN, when the user moves the computer from one switch port to another, because the MAC address of his network card does not change, the switch can automatically track the MAC address of the terminal and automatically bring it into the defined VLAN.

two。 Control broadcast

As all broadcasts are only carried out in this VLAN and no longer spread to other VLAN, properly dividing the campus network into several smaller VLAN will greatly reduce the occupation of network bandwidth by broadcasting, thus improve the efficiency of network transmission, and effectively avoid the emergence of broadcast storms and the spread of the whole network.

3. Support for multimedia technology and efficient multicast control

Multicast technology is an effective means to support multimedia applications. Using multicast groups to dynamically define VLAN in the switch, and automatically copying multicast messages to terminals in the same VLAN, the real-time performance of multimedia data transmission is greatly improved, the bandwidth is used more effectively, and the possibility of network congestion is reduced.

4. Enhance security

Because switches can only exchange data between ports within the same VLAN, ports of different VLAN cannot directly access each other. At the same time, the VLAN allowed to access can be set in the Trunk (relay), so as to restrict unauthorized VLAN access and ensure that the VLAN is only accessed by authorized users. Therefore, by dividing the VLAN, we can effectively improve the network security and prevent some unauthorized users from accessing sensitive data.

5. Automation of network supervision and management

Because all kinds of communication information between VLAN and within VLAN can be viewed through network management software, and this information is very useful for determining network topology and routing, as well as setting the location of servers. By dividing the VLAN, network management can be made simpler, easier, and more effective.

4: the equipment needed to realize VLAN

1. The central switch must support VLAN and have layer 3 switching capabilities. Because the communication between VLAN can only be realized with the help of three-layer devices, if there are no three-layer devices, the division of VLAN will lose its original meaning. The reason is simple: our goal is not to block communication, but to try to make it faster and more secure. If we want to achieve non-blocking line-speed transmission between VLAN, we must use the integrated bridge and road because of the three-layer switch, but not the transmission router. Otherwise, the transmission between VLAN will become a bottleneck restricting the efficiency of the network.

two。 If you want to divide two or more VLAN on a switch, the switch must also support VLAN partitioning. If there is only one VLAN on the switch, the VLAN can be divided on the port of the layer 3 switch or the cascaded switch. However, if you want to divide more than two VLAN on the switch, the switch must be network manageable and must support VLAN.

3. All switches in the network that are divided into VLAN must support the same VLAN and trunking protocols, namely IEEE 802.1Q and 802.3ad network protocols. Otherwise, the leapfrogging of VLAN between different switches will not be possible.

4. The same brand of switch should be used as far as possible to ensure the compatibility of products and technology, and the same network management software can be used to realize the unified management of network equipment and simplify the network configuration operation. Although different manufacturers implement the same international standards and protocols, they also adopt a large number of unique protocols and technologies (such as Cisco's ISL). Therefore, many difficulties will be encountered when implementing VLAN trunking between switches, resulting in many inexplicable communication failures. Therefore, for large and medium-sized campus networks, for the convenience of management in the future, we should try to purchase products of the same brand.

At this point, the study of "what are the ways of dividing VLAN" is over. I hope to be able to solve your doubts. The collocation of theory and practice can better help you learn, go and try it! If you want to continue to learn more related knowledge, please continue to follow the website, the editor will continue to work hard to bring you more practical articles!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.