This paper analyzes the set of VLAN division methods for multiple vswitches. VLAN implementation methods on vswitches can be roughly divided into six categories: VLAN division methods for vswitches Based on port division and VLAN division methods for MAC address vswitches.
◆ VLAN division of vswitches Based on port Division
This is the most commonly used VLAN division method. It is also the most widely used and effective method. Currently, most VLAN-based switches provide this VLAN division method. This type of switch VLAN is divided according to the switch port of the Ethernet switch. It divides the physical ports on the VLAN switch and the PVC permanent virtual circuit inside the VLAN switch) ports into several groups, each network is constructed into a virtual network, which is equivalent to an independent VLAN switch.
When different departments need to access each other, they can forward through the vro and use port filtering based on the MAC address. Set the MAC address set that can be used to access a site on the vswitch, route switch, or corresponding port of the router closest to the site. This prevents illegal intruders from stealing IP addresses from other access points.
From this division method, we can see that the advantage of this division method is that it is very simple to define VLAN members, as long as all ports are defined as corresponding VLAN groups. Suitable for networks of any size. Its disadvantage is that if a user leaves the original port and reaches a port of a new switch, it must be redefined.
◆ VLAN division method based on MAC address Switch
VLAN division is based on the MAC address of each host, that is, the group of hosts with each MAC address is configured, the mechanism is that each Nic corresponds to a unique MAC address, and VLAN switches track the addresses belonging to VLANMAC. When a network user moves from one physical location to another physical location, this VLAN automatically retains its membership identity.
From this division mechanism, we can see that the biggest advantage of this VLAN division method is that when a user moves from a switch to another switch, the VLAN does not need to be reconfigured, because it is based on the user rather than the switch port. The disadvantage of this method is that during initialization, all users must configure it. If there are hundreds or even thousands of users, the configuration is very tiring, therefore, this division method is usually applicable to small LAN.
In addition, this division method also reduces the switch execution efficiency, because each switch port may have many members in VLAN groups, saving the MAC addresses of many users, it is not easy to query. In addition, for users who use laptops, their NICs may change frequently, so that VLANs must be configured frequently.
◆ VLAN Division Method Based on Network Layer Protocol Switch
VLAN is divided by network layer protocol and can be divided into IP, IPX, DECnet, AppleTalk, and Banyan VLAN networks. A VLAN composed of Network-layer protocols enables the broadcast domain to span multiple VLAN switches. This is very attractive for network administrators who want to organize users for specific applications and services. In addition, users can move freely within the network, but their VLAN membership remains unchanged.
The advantage of this method is that the user's physical location has changed, and there is no need to reconfigure the corresponding VLAN, and VLAN can be divided according to the protocol type, which is very important for network managers, this method does not require additional frame tags to identify VLANs, which can reduce network traffic.
The disadvantage of this method is low efficiency because it takes processing time to check the network layer address of each packet (compared with the previous two methods ), generally, the switch chip can automatically check the Ethernet rst header of packets on the network. However, a higher technology is required to enable the chip to check the IP frame header, which is more time-consuming. Of course, this is related to the implementation methods of various vendors.
◆ VLAN division method based on IP multicast Switch
IP multicast is also a VLAN definition, that is, an IP multicast group is considered as a VLAN. This method expands VLANs to the WAN. Therefore, this method is more flexible and easy to expand through routers. It is mainly suitable for a VLAN in a LAN user group that is not in the same geographical range, it is not suitable for LAN, mainly because of low efficiency.
◆ VLAN division by policy
A policy-based VLAN can be used to implement multiple allocation methods, including VLAN switch ports, MAC addresses, IP addresses, and network layer protocols. Network administrators can decide which type of VLAN to choose based on their management mode and the requirements of the Organization.
◆ VLAN division by user-defined and non-user authorization
VLAN division based on user-defined and non-user authorization refers to defining and designing VLANs to adapt to special VLAN networks according to specific requirements of network users, in addition, non-VLAN users can access VLANs. However, a user password must be provided to add a VLAN only after VLAN management authentication is obtained.