Medium and small LAN switch VLAN network configuration

Medium and small LAN switch VLAN network configuration

The technical standard IEEE 802.1Q related to VLAN was formally promulgated and implemented by the IEEE committee as early as June 1999, and the earliest VLNA technology was proposed as early as 1996 (Cisco). With the development over the past few years, VLAN technology has been widely supported and widely used in large and small enterprise networks, becoming the most popular Ethernet LAN technology. In this article, we will introduce one of the most common technical applications of the machine-VLAN technology, and briefly introduce the configuration method for the network configuration of small and medium LAN VLANs by example.

1. The basic Chinese name of VLAN (Virtual Local Area Network) is "Virtual Local Area Network". Please note that it is not "VPN" (Virtual Private Network). VLAN is an emerging data technology that logically divides LAN devices (note that they are not physically divided) into individual network segments, thereby implementing virtual workgroups. This emerging technology is mainly used in switches and devices, but mainstream applications are still in switches. But not all switches have this function, only the switches above the third layer of VLAN have this function. This can be seen by looking at the manual of the corresponding switch.

In 1999, IEEE promulgated the draft 802.1Q standard to standardize VLAN implementation. The emergence of VLAN technology allows administrators to logically divide different users in the same physical local area network into different broadcast domains according to actual application requirements. Each VLAN contains a group of computer workstations with the same needs, and the physical formed LAN Have the same attributes. Because it is divided logically, not physically, each workstation in the same VLAN is not limited to the same physical range, that is, these workstations can be on different physical LAN network segments. It can be seen from the characteristics of VLANs that neither broadcast nor unicast traffic within a VLAN will be forwarded to other VLANs, thereby helping to control traffic, reduce equipment investment, simplify network management, and improve network performance.

The development of switching technology has also accelerated the application of new switching technology (VLAN). By dividing the enterprise network into virtual network VLAN segments, network management and network can be strengthened and unnecessary data broadcasting can be controlled. In a shared network, a physical network segment is a broadcast domain. In a switched network, the broadcast domain may be a virtual network segment composed of a set of randomly selected layer 2 network addresses (MAC addresses). In this way, the division of working groups in the network can break through the geographical location restrictions in the shared network, and is completely divided according to management functions. This grouping model based on workflow greatly improves the management functions of network planning and reorganization. Workstations in the same VLAN, no matter which switch they are actually connected to, the communication between them is as if they were on separate switches. The broadcast in the same VLAN can only be heard by the members of the VLAN, and will not be transmitted to other VLANs, so that the generation of unnecessary broadcast storms can be well controlled. At the same time, if not, different VLANs cannot communicate with each other, which increases the security between different departments in the enterprise network. Network administrators can comprehensively manage information exchange between different management units within the enterprise by configuring routing between VLANs. The switch divides VLANs according to the MAC addresses of user workstations. Therefore, the user can freely move his office in the enterprise network. No matter where he accesses the switching network, he can communicate with other users in the VLAN freely.

The VLAN network can be composed of mixed network type devices, such as: 10M Ethernet, 100M Ethernet, token network, FDDI, CDDI, etc., can be workstations, hubs, network backbones, etc.

In addition to dividing the network into multiple broadcast domains, VLAN can effectively control the occurrence of broadcast storms and make the topology of the network very flexible, it can also be used to control the network between different departments and different sites. Visit each other.

VLAN is a kind of solution to solve the problem of Ethernet broadcasting and security. It adds a VLAN header on the basis of Ethernet frames, uses VLAN ID to divide users into smaller work groups, and restricts the work between different work groups. Users exchange visits, and each working group is a virtual local area network. The advantage of virtual local area network is that it can limit the broadcast range, and can form a virtual working group to dynamically manage the network.

Second, the division method of VLAN The realization method of VLAN on the switch can be roughly divided into six categories:

1. Port-based VLAN

This is the most commonly used VLAN division method, and the most widely used and most effective. Currently, most VLAN protocol switches provide this VLAN configuration method. This method of dividing VLANs is based on the switching ports of the Ethernet switch. It divides the physical ports on the VLAN switch and the PVC (permanent virtual circuit) ports inside the VLAN switch into several groups, and each group constitutes a virtual The network is equivalent to an independent VLAN switch.

When different departments need to visit each other, they can forward it through a router and cooperate with port filtering based on MAC addresses. Set the MAC address set that can be passed on the corresponding port of the switch, routing switch or router closest to the site on the access path of a site. In this way, it is possible to prevent illegal intruders from stealing IP addresses from inside and invading from other accessible points.

We can see from this division method itself that the advantage of this division method is that it is very simple to define VLAN members, as long as all ports are defined as corresponding VLAN groups. Suitable for any size network. Its disadvantage is that if a user leaves the original port and arrives at a port of a new switch, it must be redefined.

2. Divide VLAN based on MAC address

This method of dividing VLANs is based on the MAC address of each host, that is, each host with a MAC address is configured to which group he belongs to. The mechanism it implements is that each network card corresponds to a unique MAC address. VLAN switch tracking Address belonging to VLAN MAC. This type of VLAN allows network users to automatically retain the membership of the VLAN to which they belong when moving from one physical location to another.

It can be seen from this division mechanism that the biggest advantage of this VLAN division method is that when the user's physical location moves, that is, when changing from one switch to other switches, the VLAN does not need to be reconfigured because it is based on the user, and Not a switch-based port. The disadvantage of this method is that all users must be configured during initialization. If there are hundreds or even thousands of users, the configuration is very tiring, so this division method is usually suitable for small local area networks. Moreover, this division method also leads to a reduction in the execution efficiency of the switch, because there may be many members of the VLAN group on each switch port, and the MAC addresses of many users are saved, which is not easy to query. In addition, for users who use laptop computers, their network cards may be replaced frequently, so VLAN must be configured frequently.

3. Divide VLAN based on network layer protocol

VLANs are divided according to network layer protocols, and can be divided into VLAN networks such as IP, IPX, DECnet, AppleTalk, and Banyan. This kind of VLAN composed of network layer protocols can make the broadcast domain span multiple VLAN switches. This is very attractive for network administrators who want to organize users for specific applications and services. Moreover, users can move freely within the network, but their VLAN membership remains unchanged.

The advantage of this method is that the physical location of the user has changed, there is no need to reconfigure the VLAN to which it belongs, and the VLAN can be divided according to the protocol type, which is very important for the network administrator. Also, this method does not require additional Frame tags to identify VLANs, which can reduce network traffic. The disadvantage of this method is its low efficiency, because it takes processing time to check the network layer address of each packet (compared to the previous two methods), the general switch chip can automatically check the Ethernet frame of the packet on the network Header, but to allow the chip to check the IP frame header, it requires higher technology and is also more time-consuming. Of course, this is related to the implementation methods of various manufacturers.

4. Divide VLANs according to IP multicast

IP multicast is actually a definition of VLAN, which means that an IP multicast group is a VLAN. This division method expands the VLAN to the WAN, so this method has more flexibility, and it is also easy to expand through the router. It is mainly suitable for LAN users who are not in the same geographic range to form a VLAN, which is not suitable for LANs. Is not efficient.

5. Divide VLANs by strategy

The policy-based VLAN can implement multiple allocation methods, including VLAN switch ports, MAC addresses, IP addresses, and network layer protocols. The network administrator can decide which type of VLAN to choose according to his own management mode and the needs of his unit.

6. Divide VLANs according to user definition and non-user authorization

Dividing VLANs based on user definitions and non-user authorization means that in order to adapt to a particular VLAN network, VLANs are defined and designed according to the specific requirements of specific network users, and non-VLAN group users can access VLANs, but user passwords need to be provided. You can join a VLAN only after being certified by VLAN management.

Third, the advantages of VLAN Any new technology to be widely supported and applied, there must be some key advantages, VLAN technology is also the same, its advantages are mainly reflected in the following aspects:

1. Increase the flexibility of network connection With the help of VLAN technology, different locations, different networks and different users can be combined to form a virtual network environment, just as convenient, flexible and effective as using a local LAN. VLAN can reduce the management cost of moving or changing the geographic location of the workstation. Especially after some companies whose business conditions change frequently use VLAN, this part of management cost is greatly reduced.

2. The broadcast VLAN on the control network can provide an established mechanism to prevent excessive broadcast on the switched network. Using VLAN, you can assign a switching port or user to a specific VLAN group. The VLAN group can be in a switching network or span multiple switches. Broadcasts in a VLAN will not be sent outside the VLAN. Similarly, adjacent ports will not receive broadcasts from other VLANs. This can reduce broadcast traffic, release bandwidth to user applications, and reduce the generation of broadcasts.

3. Increase the security of the network Because a VLAN is a separate broadcast domain, the VLANs are isolated from each other, which greatly improves the utilization rate of the network and ensures the security and confidentiality of the network. People often transmit some confidential and critical data on the LAN. Confidential data should provide security means such as access control. An effective and easy method is to segment the network into several different broadcast groups. The network administrator limits the number of users in the VLAN and prohibits unauthorized access to applications in the VLAN. Switched ports can be grouped based on application type and access privileges. Restricted applications and resources are generally placed in a security VLAN.

Our company is specialized in supplying Refrigerant Charging Scale.We have three different kinds of scales including the normal one,the large flow programmable charging scale and wireless charging scale.It applies to wide range of applications, like installation and maintenance of household air conditioner,automobile air conditioner,refrigerator,cold room and other industries which need to charging refrigerant precisely.Our parts have been exported to over 50 countries all over the world and are always got good comment by customers.

Refrigerant Charging Scale

Refrigerant Charging Scale,Electronic Type Refrigerant Charging Scale,Digital Electronic Refrigerant Charging Scale,Refrigerant Scale

ZHEJIANG ICE LOONG ENVIRONMENTAL SCI-TECH CO.,LTD. , https://www.ice-loong.com