About several types of manageable switch VLANs

In fact, the VLAN, virtual local area network, is a new technology that enables virtual teams to be realized by logically dividing the devices in a LAN into segments, rather than physically. VLAN is to solve the problem of Ethernet broadcast and security, it is based on Ethernet frame to increase the VLAN head, with VLAN ID to the user divided into smaller workgroup, limit the different groups of users two levels of mutual visits, each workgroup is a virtual local area network. The advantage of the virtual LAN is that it can limit the broadcast scope and can form virtual workgroup and manage the network dynamically.

VLAN technology allows network administrators to logically divide a physical LAN into different broadcast domains, VLAN, each containing a set of computer workstations with the same requirements, with the same attributes as a physically formed LAN. But because it is logically rather than physically divided, workstations within the same VLAN need not be placed in the same physical space, that is, these workstations do not necessarily belong to the same physical LAN segment. Broadcast and unicast traffic within a VLAN is not forwarded to other VLANs. Even if the two computers have the same network segment, but they do not have the same VLAN number, their respective broadcast stream will not be forwarded to each other, thereby helping to control traffic, reduce equipment investment, simplify network management, improve network security.

1. According to the port to divide the VLAN

Many VLAN vendors use the switch's ports to divide VLAN members. The ports that are set are in the same broadcast domain. For example, the 1,2,3,4,5 port of a switch is defined as the virtual network AAA, and the 6,7,8 port of the same switch makes up the virtual network BBB. This allows for communication between ports and allows for the upgrade of shared networks. However, this partitioning pattern restricts the virtual network to a single switch.

Second-generation Port VLAN technology allows multiple different ports across multiple switches to divide VLANs, and several ports on different switches can form the same virtual network.

The configuration process is simple and straightforward, with the switch port dividing the network members. So for now, this way of dividing the VLAN according to the port is still the most common way.

2. According to the MAC address Division VLAN0

This method of dividing the VLAN is based on the MAC address of each host, that is, the host of each MAC address is configured which group it belongs to. The biggest advantage of this method of dividing VLAN is that the VLAN is not reconfigured when the user's physical location is moved, that is, switching from one switch to another, so it is considered that this method based on the MAC address is based on the user's VLAN, the disadvantage of which is that when initializing, All users must be configured, if there are hundreds of or even thousands of users, the configuration is very tired. And this partitioning method also leads to a reduction in the efficiency of switch execution, because there may be a number of members of the VLAN group on the ports of each switch, so that broadcast packets cannot be restricted. In addition, for users who use laptops, their network cards may often be replaced, so the VLAN must be constantly configured.

3. Divide the VLAN according to the network layer

This method of dividing VLANs is based on the network layer address of each host or protocol type (if multiple protocols are supported), although this partitioning method is based on the network address, such as the IP address, but it is not a route, it has nothing to do with the routing of the Network layer.

The advantage of this approach is that the physical location of the user has changed, there is no need to reconfigure the VLAN to which it belongs, and the VLAN can be partitioned according to the protocol type, which is important to network administrators, and this method does not require additional frame tags to identify the VLAN, which reduces traffic on the network.

The disadvantage of this approach is that it is inefficient because checking the network-layer address of each packet consumes processing time (as opposed to the previous two methods), general switch chips can automatically check the network packet Ethernet frame head, but to allow the chip to check the IP frame head, requires a higher technology, but also more time-consuming. Of course, this is related to the implementation methods of each vendor.

4. Divide VLAN according to IP multicast

IP multicast is actually the definition of a VLAN, that is to say that a multicast group is a VLAN, this method of dividing the VLAN extended to the WAN, so this method has greater flexibility, but also easy to extend through the router, of course, this method is not suitable for LAN, mainly inefficient.