Shulou(Shulou.com)06/01 Report--

Virtual local area network VLAN

I. the concept and advantages of VLAN

1. The concept and advantages of VLAN

In traditional switched Ethernet, all users are using a broadcast domain. When the network is large, the number of broadcast packets will increase sharply, and when the number of broadcast packets accounts for 30% of the total, the transmission efficiency of the network will decrease significantly. Especially when a network equipment fails, the network will keep sending broadcasts, which leads to a broadcast storm and paralyzes the network communication.

We can solve this problem by separating broadcast domains, and there are two ways to separate broadcast domains:

① physical separation: physically divides the network into several small networks, and then uses routers that can isolate broadcasts to connect different networks to communicate.

② logic separation: the network is logically divided into several small virtual networks, namely VLAN (virtual local area network, virtual local area network). VLAN works at the data link layer of the OSI reference model. A VLAN is a switched network in which all users are in the same broadcast domain and each VLAN communicates through routing devices.

VLAN is flexible and scalable, and the use of VLAN technology has the following benefits:

①, control broadcast

Each VLAN is an independent broadcast domain, which reduces the dedicated network bandwidth for broadcasting and improves

Network transmission efficiency, and the emergence of a VLAN broadcast storm will not affect other VLAN.

②, enhance network security

Because data can only be exchanged between ports in the same VLAN, and there is no direct access between ports of different VLAN, VLAN can restrict individual hosts from accessing resources such as servers, so the security of the network can be improved by dividing VLAN.

③, simplify network management

If some users are re-assigned to the network segment, it is necessary to adjust the physical structure of the network system, or even add equipment, which will increase the workload of network management. For the network using VLAN technology, a VLAN can be divided into a network according to departments, object groups or users in different geographical locations, and workstations can be moved arbitrarily between workgroups without changing the physical connection of the network, which reduces the burden of network management and maintenance and reduces the cost of network maintenance.

2. Types of VLAN

2.1static VLAN

Static VLAN, also known as port-based VLAN, is the most common way to implement VLAN.

Specify which VLAN the port of the switch belongs to, which needs to be manually configured for the administrator

This mapping between port and VLAN is only valid locally, and this message cannot be shared between switches.

Interest.

2.2. Dynamic VLAN

Dynamic VLAN defines membership based on the mac address of the end-user device. When a device connects to a switch port, the switch must query one of its databases to establish VLAN membership. Therefore, the network administrator must first assign the user's MAC address to a VLAN in the database of the VLAN membership Policy Server (VMPS,VLAN membership policy server).

For cisco switches, dynamic VLAN is established and managed by network management tools such as ciscoworks22000 or ciscoworks for switched internetworks (CWSI). Dynamic VLAN has more flexibility and mobility for end users, but requires more administrative overhead.

3. Configuration of static VLAN

3.1Ranges of VLAN

Cisco switches can support up to 4096 VLAN, and different models of switches support

The number of VLAN is also different.

ID range of VLAN

Range

Use

0 、 4095

Keep

System use only

Users cannot view and use these VLAN

one

Normal

Cisco default VLAN

Users can use the VLAN, but cannot delete it

2mm 1001

Normal

VLAN for Ethernet

Users can create, use, and delete these VLAN

1002 million 1005

Normal

Cisco default VLAN for FDDI and token Ring

Users cannot delete these VLAN

1006-1024

Keep

System use only

Users cannot view and use these VLAN

102504094

Expansion

For Ethernet VLAN only

3.2.The basic configuration of VLAN

There are two modes to create VLAN, one is database mode, the other is global configuration mode.

VLAN database mode, which only supports the VLAN normal range (1x1005).

VLAN global configuration mode, which not only supports VLAN normal range, but also can configure the number of VLAN

An extended range of VLAN that cannot be configured in library mode.

II. VLAN Trunk

1. Overview of Trunk

1.1.The function of Trunk

In a switched network, there are two types of links:

Access link: usually belongs to a VLAN. The link between the host and the switch is the access link.

Trunk link: can carry communication between multiple VLAN, usually between switch and switch, and between switch and router.

1) the data sent by host A when host An in VLAN30 sends a data frame to host B.

Frames are ordinary data frames.

2) the switch SW1 receives the data frame and knows that the data frame is from VLAN30 and needs to be forwarded

Give it to SW2, so it will label the data frame as VLAN30 and send it to SW2.

3) after SW2 receives the data frame with the VLAN30 tag, according to the destination MAC address

Knowing that the data frame is sent to host B, the VLAN flag will be deleted and restored to a normal number.

According to the frame, and then forward it to the master

Machine B.

1.2.Logo of VLAN

VLAN identification can be done in several ways. Each identification method uses a different frame identification mechanism. There are two encapsulation types that can be used to relay over Ethernet.

1), ISL (inter-switch link, inter-switch link): is a proprietary marking method for cisco

ISL simply encapsulates the frame and does not modify the contents of the frame. Tail CRC (cyclic redundancy check).

2), IEEE 802.1q: public tagging method, which is also supported by the products of other manufacturers. 802.1q uses an internal tagging mechanism. The relay device inserts a four-byte tag into the data frame and recalculates the FCS.

The tag headers of these four bytes contain the following:

The ① 2-byte tagging protocol identifier (TPID) contains a fixed value of 0x8100, which indicates that the frame is tagged with 802.1q.

The ② 2-byte tag control information (TCI) contains the following elements

⑴ 3-bit user priority (priority): 802.1q does not apply to this field.

⑵ 1-bit canonical format identifier (CFI): the common term CFI Ethernet and token Ring. In Ethernet, the value of CFI is usually set to 0.

⑶ 12-bit VLAN Identifier (VLAN ID): this field uniquely identifies the VLAN to which the frame belongs. VLAN ID can uniquely identify 4096 VLAN, but VLAN 0 and VLAN 4905 are reserved.

1.3 、 Native VLAN

On Cisco catast switches, the default native VLAN is VLAN 1, but it can be configured. The data frame of Native VLAN is untagged in the trunk link. For trunk ports between two devices, the same native VLAN configuration is required on both sides of the link.

1.4.Mod and negotiation of Trunk

The configuration of isl and IEEE802.1q depends on the IOS of the cisco switch, and you can specify that the trunk link uses ISL encapsulation, 802.1q encapsulation, or autonegotiation encapsulation type.

Autonegotiation is managed by DTP (dynamic Relay Protocol). DTP protocol is proprietary to cisco and supports both ISl and 802.1q trunk autonegotiation. However, it can only be used for the trunk link between switches, not the same as the trunk link between switch and router. The Cisco catalyst switch port defaults to turning on DTP negotiation.

3. EthernetChannel (Port aggregation)

EthernetChannel increases link bandwidth by bundling multiple Ethernet links and runs a mechanism. Multiple Ethernet ports are bundled to a logical link, and Ethernet channels can be bundled with up to 8 physical links. The physical link can be twisted pair or optical fiber.

Requirements for Ethernet channels:

1) the ports participating in the bundling must belong to the same VLAN or be configured as trunk ports.

2) the port is the ultimate mode, and all ports in the channel should be configured for the same trunk mode at both ends of the link. All ports need to support the same VLAN range license, and if the VLAN license range is not consistent, the port is not an Ethernet channel.

3) all ports participating in the bundling must have the same physical parameters, the same speed and full / half duplex mode.

IV. After-class experiment

Experimental environment:

The company has expanded three new departments, namely, finance, sales and administration. The network segment needs to be divided according to each department, and the network plan is as follows:

PC1 and PC3 are the Finance Department, belonging to VLAN2, with the name caiwu

PC2 and PC5 are the sales department, belonging to VLAN3, with the name xiaoshou

PC4 and PC6 are the administrative department, belonging to VLAN4, the name xingzheng

In order to facilitate management, you need to configure the remote management address for the three switches. The IP address is VLAN 1, which is 192.168.100.1, respectively.

And because of the large amount of data, increase the transmission speed and ensure the stability of the link.

Lab Topology:

Experimental configuration

SW1#conf t\\ enter global configuration mode

SW1 (config) # int vlan 1\\ enter VLAN 1

SW1 (config-if) # ip add 192.168.100.1 255.255.255.0\\ configure IP address

SW1 (config-if) # no sh\\ enable the interface

SW1 (config-if) # end\\ returns privileged mode

SW1#vlan da\\ enter VLAN database mode

SW1 (vlan) # vlan 2 name caiwu\\ create VLAN 2 name is caiwu

SW1 (vlan) # vlan 3 name xiaoshou

SW1 (vlan) # vlan 4 name xiengzheng

SW1 (vlan) # exit

SW1#conf t

SW1 (config) # int f0swap 1\\ enter the f0lap1 interface

SW1 (config-if) # sw ac vlan 2\\ add the interface to vlan 2

SW1 (config-if) # no sh

SW1 (config-if) # int f0bin2

SW1 (config-if) # sw ac vlan 3

SW1 (config-if) # no sh

SW1 (config-if) # exit

SW1 (config) # line vty 0 4\\ enter vty

SW1 (config-line) # password cisco\\ configure password

SW1 (config-line) # login\\ allow login

SW1 (config-line) # exit

SW1 (config) # enable password cisco123\\ set privileged password

SW1 (config) # int r f0swap 5-6\\ enter interfaces 5 and 6

SW1 (config-if-range) # channel-group 1 mode on\\ create an Ethernet channel with channel number 1

SW1 (config-if-range) # no sh

SW2#conf t

SW2 (config) # int vlan 1

SW2 (config-if) # ip add 192.168.100.2 255.255.255.0

SW2 (config-if) # no sh

SW2 (config-if) # end

SW2#vlan da

SW2 (vlan) # vlan 2 name caiwu

SW2 (vlan) # vlan 3 name xiaoshou

SW2 (vlan) # vlan 4 name xingzheng

SW2 (vlan) # exit

SW2#conf t

SW2 (config) # int f0bin1

SW2 (config-if) # sw ac vlan 2

SW2 (config-if) # no sh

SW2 (config) # int f0bin2

SW2 (config-if) # sw ac vlan 3

SW2 (config-if) # no sh

SW2 (vlan) # exit

SW2 (config) # line vty 0 4

SW2 (config-line) # password cisco

SW2 (config-line) # login

SW2 (config-line) # exit

SW2 (config) # enable password cisco123

SW2 (config) # int r f0lap 5-6

SW2 (config-if-range) # channel-group 1 mo on

SW2 (config-if-range) # no sh

SW2 (config-if-range) # exit

SW2 (config) # int r f0swap 7-8\\ enter interfaces 7 and 8

SW2 (config-if-range) # channel-group 2 mo on\\ create an Ethernet channel with channel number 2

SW2 (config-if-range) # no sh

SW3#conf t

SW3 (config) # int vlan 1

SW3 (config-if) # ip add 192.168.100.3 255.255.255.0

SW3 (config-if) # no sh

SW3 (config-if) # end

SW3#vlan da

SW3 (vlan) # vlan 2 name caiwu

SW3 (vlan) # vlan 3 name xiaoshou

SW3 (vlan) # vlan 4 name xingzheng

SW3 (vlan) # exit

SW3 (config) # int f0bin1

SW3 (config-if) # sw ac vlan 3

SW3 (config-if) # no sh

SW3 (config-if) # int f0bin2

SW3 (config-if) # sw

SW3 (config-if) # sw ac vlan 4

SW3 (config-if) # no sh

SW3 (config-if) # exit

SW3 (config) # line vty 0 4

SW3 (config-line) # password cisco

SW3 (config-line) # login

SW3 (config-line) # exit

SW3 (config) # enable password cisco123

SW3 (config) # int r f0lap 7-8

SW3 (config-if-range) # channel-group 2 mo on

SW3 (config-if-range) # no sh

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.