VLAN Technology Principle and Its Application in Campus Network

The rapid development of the current exchange technology has also accelerated the application speed of the VLAN-Virtual Local Area Network (VLAN-Virtual Local Area Network) technology, especially on the current campus Network. By dividing campus networks into virtual subnets (VLANs), network management and network security can be enhanced to control unnecessary data broadcasts. Data broadcasting plays a very important role in the network. With the increase in the number of computers in the campus network, the number of broadcast packages will also increase dramatically as VOD is widely used in classroom teaching, when the number of broadcast packets accounts for 30% of the total, the network transmission efficiency will be significantly reduced. In particular, when a network device fails, it will continuously send broadcasts to the network, resulting in a network storm and paralyzing network communication. When the number of computers on the campus network exceeds 200, measures must be taken to separate the network and divide a large broadcast domain into several small broadcast domains.

There are two ways to separate broadcast domains. One is physical separation. A complete network is physically divided into two or more parts, and then connected to each other through a network device that can isolate the broadcast. The second is logical separation. A large network is divided into several small virtual subnets, namely VLAN. Each virtual subnet is connected by a routing device for communication.

I. Advantages of VLAN Technology

1. Reduce the management cost of mobile and change

In school, because of frequent changes made by teaching staff, when one computer is transferred from one subnet to another, if VLAN is used, the job of migration is to re-define the VLAN on the switch, in particular, when the MAC address of the NIC is used to divide the VLAN, the switch can automatically track the MAC address of the terminal and assign it to the defined VLAN. for network management, you can easily complete the changes. If you use physical means to divide subnets, this migration consumes considerable effort and time.

2. Control Broadcast

Because different VLANs are an independent broadcast domain, broadcast can only be performed in the local VLAN, which greatly reduces the bandwidth occupation of the broadcast and improves the bandwidth transmission efficiency, it can effectively avoid the emergence of broadcast storms.

3. Enhanced Network Security

Because a switch can only exchange data between ports in the same VLAN, ports in different VLANs cannot be accessed directly. Therefore, VLAN division can improve network security.

4. Automation of network Supervision and Management

The network administrator can use the network management software to query the classification information of packets that communicate between VLANs and In-VLAN communication, as well as the classification information of application data packets, this information can be used to determine the optimal configuration of the routing system and frequently accessed servers. VLAN Division makes network management easier and more effective.

Ii. VLAN implementation

1. A port-based VLAN defines several ports in a vswitch as a VLAN. Computers in the same VLAN have the same network address, the layer-3 routing protocol is required for communication between different VLANs. When migrating a network node to a network node, if the old and new ports are not in the same VLAN, you must reset the port. When different grades and departments access each other, you can use the router to forward them and use the port filter of the MAC address to prevent illegal intrusion and IP address theft.

2. MAC address-based VLAN. Once the VLAN is divided, no matter how the node moves on the network, it does not need to be reconfigured because the MAC address remains unchanged. However, if a node is added, You need to perform complex configurations on the switch to determine which VLAN the node belongs.

3. IP address-based VLAN. When a node is added, too many configurations are not required. The switch automatically divides it into different VLANs Based on the IP address. In this case, VLAN intelligence is the highest, making it the most complicated. Once the VLAN is left, the original IP address is unavailable, which prevents unauthorized users from unauthorized use of resources by modifying the IP address.

3. VLAN configuration

For different switches, VLAN configurations are different. Not all switches support VLAN and VLAN. Some switches only support port-based VLANs, MAC address-based VLAN is not supported. We will introduce the VLAN configuration in conjunction with our school's campus network equipment.

There are a total of 650 campus network nodes in our school. The central switch uses Avaya Cajun P580 and all floor switches use Avaya Cajun P334T 48 Port switches. The Telecom broadband is connected to the campus network through the CISCO 2621 router. The school divides seven VLANs by grade and department, thus effectively controlling the generation of network storms and improving the efficiency of network transmission and network security.
It is easy to use port-based VLAN division for the Avaya Cajun P580 layer-3 Central switch and the P334T switch. This switch supports management on the WEB and CLI interfaces, in particular, WEB interface management is intuitive and convenient, but it is not as powerful as CLI. Because the P580 is a central switch, the P334T switch between each floor is connected to the P580 through a Gigabit Optical Fiber. Therefore, VLAN division is based on direct port division on the P580, set the optical fiber port connected to the P334T switch to the trunk line, so that multiple VLANs can be defined on the Cajun P334T switch at the same time, finally, layer-3 routing protocol is configured on the P580 to implement communication between VLANs.

Log on to P580 and enter the configuration mode to set the VLAN:

1. Create a VLAN: set vlan _id name vlan_name

2. Select the interface to be configured: interface vlan ID

3. Configure the ip address and subnet mask of the VLAN: ip address ip_address subsnet_mask

4. Set layer-3 route Association for inter-VLAN communication: ip vlan ID

5. Save settings: copy run config

The gigabit optical fiber interface connecting the P580 and P334T sets the trunk to achieve the interconnection between switches. The P580 settings:

1. Binding ieee-802.1q inter-VLAN communication protocol: set port trunking-format module No./port number ieee-802.1q

2. set the trunk: set port vlan-binding-mothod module number/port number bingd-to-all

Similarly, set the port Trunk for the connection between P334T and P580 to the configuration mode:

1. set port trunking-fromat module No./port number ieee-802.1q

2. set port vlan-binding-method module No./port number bind-to-all

In this way, after the switch is connected, you can divide the vlan on the P334T. Go to the P334T configuration mode, and run the command line: set port vlan vlan_id module number/port number to divide the port into the corresponding VLAN.

Iv. Conclusion

The Application of VLAN technology makes the division of network working groups break through the geographic location restrictions, but is completely divided according to the management function. This workflow-based grouping mode is suitable for the division of Teaching Departments on campus networks. With the continuous expansion and development of campus networks, VLAN technology is widely used on campus networks.