The full name of VLAN is "Virtual LAN", which means "virtual LAN" in Chinese. It is a logical segmentation of network users connected to the second layer switch port. It is not restricted by the physical location of the network user and is based on the user's physical location. Network segmentation is required. VLANs can be grouped based on network users' location, role, department, or based on the applications and protocols used by network users. The switch-based virtual LAN can solve the conflict domain, broadcast domain, and bandwidth problems for the LAN.
The operating environment of this tutorial: Windows 7 system, Dell G3 computer.
What is VLAN?
VLAN (Virtual LAN), translated into Chinese as "Virtual LAN", is a logical segmentation of network users connected to the second layer switch port and is not subject to the control of network users. Network segmentation based on user needs based on physical location constraints. A VLAN can be implemented on a switch or across switches. VLANs can be grouped based on network users' location, role, department, or based on the applications and protocols used by network users. The switch-based virtual LAN can solve the conflict domain, broadcast domain, and bandwidth problems for the LAN.
In traditional shared media Ethernet and switched Ethernet, all users are in the same broadcast domain, which will cause network performance to decrease and waste valuable bandwidth; and the control of broadcast storms and Network security can only be implemented on layer 3 routers.
VLAN is equivalent to the broadcast domain of the second layer of the OSI reference model, which can control broadcast storms within a VLAN. After dividing the VLAN, due to the reduction of the broadcast domain, the proportion of bandwidth consumed by broadcast packets in the network Greatly reduced, network performance has been significantly improved. Data transmission between different VLANs is realized through the routing of the third layer (network layer). Therefore, using VLAN technology and combining the switching equipment of the data link layer and network layer can build a safe and reliable network. Network administrators control network users' access to network resources by controlling each port of the switch. At the same time, the combination of VLAN and Layer 3 and Layer 4 switching can provide better security measures for the network.
In addition, VLAN has the characteristics of flexibility and scalability, which facilitates network maintenance and management. These two characteristics are the two basic goals that modern LAN design must achieve. Effective use of virtual LAN in the LAN Technology can improve the efficiency of network operations.
Advantages
Broadcast storm prevention
Limit broadcasts on the network and divide the network into multiple VLANs to reduce the number of devices participating in broadcast storms. VLAN segmentation prevents broadcast storms from spreading throughout the network. VLAN can provide a mechanism to establish a firewall to prevent excessive broadcasts on the switched network. Using VLAN, a switch port or user can be assigned to a specific VLAN group. The VLAN group can be in a switching network or span multiple switches. Broadcasts in a VLAN will not be sent outside the VLAN. Likewise, adjacent ports will not receive broadcasts generated by other VLANs. This can reduce broadcast traffic, release bandwidth for user applications, and reduce the generation of broadcasts.
Security
Enhanced LAN security User groups containing sensitive data can be isolated from the rest of the network , thereby reducing the possibility of leaking confidential information. Packets in different VLANs are isolated from each other during transmission, that is, users in one VLAN cannot communicate directly with users in other VLANs. If different VLANs want to communicate, they need to go through Layer 3 equipment such as routers or Layer 3 switches.
Cost reduction
Reduced need for costly network upgrades, improved utilization of existing bandwidth and uplinks higher, thereby saving costs.
Performance improvement
Dividing the second layer plane network into multiple logical work groups (broadcast domains) can Reduce unnecessary traffic on your network and improve performance.
Improve personnel work efficiency
VLAN brings convenience to network management because users with similar network needs will share the same VLAN.
Simplify project management or application management
VLANs aggregate users and network devices to support business needs or geographical needs. Through the division of functions, project management or handling of special applications becomes very convenient, such as an e-learning development platform that can easily manage teachers. In addition, it is easy to determine the scope of impact of upgrading network services.
Increases the flexibility of network connections
With the help of VLAN technology, different locations, different networks, and different users can be combined to form a virtual network environment, which is as convenient, flexible, and effective as using local VLAN. VLAN can reduce the management cost of moving or changing the geographical location of workstations. Especially after some companies with frequent changes in business conditions use VLAN, this part of the management cost is greatly reduced.
Division basis
Divide VLAN by port
Many VLAN manufacturers use switch ports to divide VLAN members. The set ports are all in the same broadcast domain. For example, ports 1, 2, 3, 4, and 5 of a switch are defined as virtual network AAA, and ports 6, 7, and 8 of the same switch form virtual network BBB. This allows communication between ports and allows shared network upgrades. However, this partitioning model limits the virtual network to one switch.
The second-generation port VLAN technology allows multiple different ports across multiple switches to be divided into VLANs. Several ports on different switches can form the same virtual network.
The network members are divided by switch ports, and the configuration process is simple and clear. Therefore, from the current point of view, this method of dividing VLANs based on ports is still the most commonly used method.
Divide VLAN by MAC address
This method of dividing VLAN is based on the MAC address of each host, that is, configuring the host for each MAC address. which group it belongs to. The biggest advantage of this method of dividing VLAN is that when the user's physical location moves, that is, when changing from one switch to another switch, the VLAN does not need to be reconfigured. Therefore, this method of dividing based on MAC address can be considered to be based on the user's VLAN. The disadvantage of this method is that all users must be configured during initialization. If there are hundreds or even thousands of users, the configuration is very tiring. Moreover, this division method also leads to a reduction in switch execution efficiency, because there may be many members of the VLAN group on each switch port, so broadcast packets cannot be restricted. In addition, for users who use laptop computers, their network cards may be changed frequently, so VLAN must be configured continuously.
Divided by network layer
This method of dividing VLAN is divided according to the network layer address or protocol type (if multi-protocol is supported) of each host. Although This division method is based on network addresses, such as IP addresses, but it is not routing and has nothing to do with routing at the network layer.
The advantage of this method is that when the user's physical location changes, there is no need to reconfigure the VLAN to which it belongs, and VLANs can be divided according to protocol types, which is very important for network managers. Also, this This method does not require additional frame tags to identify VLANs, which can reduce network traffic.
The disadvantage of this method is low efficiency, because checking the network layer address of each data packet requires processing time (compared to the previous two methods). General switch chips can automatically check the network layer address. The Ethernet frame header of the data packet, but allowing the chip to check the IP frame header requires higher technology and is more time-consuming. Of course, this is related to the implementation methods of each manufacturer.
Divided by IP multicast
IP multicast is actually a definition of VLAN, that is, a multicast group is considered to be a VLAN. This method of division The VLAN is expanded to the WAN, so this method has greater flexibility and is easy to expand through the router. Of course, this method is not suitable for LAN, mainly because it is not efficient.
Rule-based VLAN
is also called policy-based VLAN. This is the most flexible VLAN division method. It has the ability of automatic configuration and can connect related users into one. It is called a "relationship network" in terms of logical division. The network administrator only needs to determine the rules (or attributes) for dividing VLANs in the network management software. Then when a site joins the network, it will be "perceived" and automatically included in the correct VLAN. At the same time, moves and changes to the site can also be automatically identified and tracked.
Using this method, the entire network can easily expand the network scale through routers. Some products also support hosts on a port belonging to different VLANs, which is particularly important in an environment where switches and shared hubs coexist. When automatically configuring a VLAN, the software in the switch automatically checks the IP source address of the broadcast information entering the switch port, and then the software automatically assigns the port to a VLAN mapped from the IP subnet.
Dividing based on user definition and non-user authorization
Dividing VLAN based on user definition and non-user authorization means that in order to adapt to special VLAN networks, according to the specific network Define and design VLAN according to the user's special requirements, and allow non-VLAN group users to access the VLAN, but they need to provide the user password and can only join a VLAN after being authenticated by the VLAN management.
Among the above methods of dividing VLAN, the port-based VLAN port method is established on the physical layer; the MAC method is established on the data link layer; the network layer and IP broadcast method are established on the third layer.
For more related knowledge, please visit theFAQcolumn!
The above is the detailed content of what is vlan. For more information, please follow other related articles on the PHP Chinese website!
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
