Application of VLAN Technology in Broadband Access System

1 Introduction
There are many technologies to achieve broadband access. FTTx + LAN is one of the most popular technologies at present. The so-called FTTx + LAN technology is to use a computer LAN to access end users on the basis of optical fiber to the residential area, use optical fiber to add five lines, and Ethernet Switching technology, implement "1-gigabit to residential area, 10-Gigabit to building, 10-Gigabit to home ". This broadband construction solution provides multiple broadband services based on IP technology. However, FTTx + LAN is a shared-bandwidth Ethernet technology that exposes serious deficiencies in networking, billing, security, and manageability. Telecom operators have discovered the following problems.
1. network security problems: some malicious users attack the network by modifying the IP address or MAC address, resulting in network paralysis or the failure of other users' services.
2. User Data isolation: computers in the community generally communicate less internally. To ensure data security and facilitate access control and billing, all data must be sent to a multi-layer switch on the Access Network side of ZANZoor Access Network.
3. QoS for user service quality assurance): currently, Ethernet only provides the best-effort mechanism, which is difficult to meet real-time service requirements when congestion occurs.
4. User management problems.
5. User billing and authentication problems.
In addition, there are also problems such as how to save the legal IP address of the public network, power supply of BAN equipment, and so on. This article focuses on VLAN Technology and proposes solutions for network security, data isolation, and user management.
2 VLAN Technology Introduction

The basic structure of the FTTx + LAN Solution is as follows: a Gigabit Ethernet switch ZAN is set up in a residential area). A two-layer Ethernet switch is set up in the building and connected to ZAN through the 100 Mbit/s optical port. To ensure user information security, the telecommunications department requires information isolation between the ports of the broadband access device, that is, information exchange between any two ports must be completed through the ZAN device. At present, broadband access devices using Ethernet switch chips require multi-layer VLAN Technology for isolation.
The most primitive definition of a LAN is a private network located in the same building, university, or several kilometers away. Currently, a LAN is generally defined as a single broadcast domain. That is to say, the user's broadcast information will be received by every user on the LAN, but cannot be transmitted outside the broadcast domain. Generally, the broadcast domain depends on physical connections, but the VLANVirture Local Area Networks Technology changes this. VLAN technology allows network administrators to logically divide a LAN into several different broadcast domains. This is a logical division, not a physical division. Users on the same VLAN can be distributed in different places without being concentrated together. VLAN technology has the following features.
1. the deletion, addition, and modification operations of the terminal are simplified. When a terminal is physically moved to a new location, its features can be redefined from the network management workstation. For terminals that only move in the same VLAN, it still maintains the previously defined features.
2. control communication activities. Broadcast and multicast communication are restricted within a VLAN. Only terminals belonging to the same VLAN can receive such information.
3. improved the security of working groups and networks. Dividing networks into different domains can increase security. By controlling the size and composition of VLANs, you can limit the number of users in the same broadcast domain.
Making full use of VLAN functions and flexibly designing VLAN structures can improve a series of problems arising from Ethernet sharing in FTTx + LAN broadband access technology.
3 Application of VLAN Technology in FTTx + LAN Solutions

Currently, BAN devices generally use L2 C2 Ethernet switches with multiple VLANs. The switches support large-capacity VLANs Based on the port and 802.1Q protocol. To achieve Port Data isolation, we can define all the ports of the switch as untaged ports, and each port is divided into an independent port-based VLAN. Therefore, each port automatically adds a label based on the port vlan id to packets without the 802.1Q label when receiving data packets. Because different ports belong to different VLANs, data packets cannot be directly forwarded to other ports within the L2 Switch. Communication between VLANs can only be completed after being routed through the multilayer switch on the ZAN side, this solves the BAN-side data Isolation Problem.
Because each port is assigned a different vlan id, each frame of the Ethernet tag has a different vlan id, devices on the ZAN side can use it to identify which port of the BAN-side device sends data packets, and query the binding relationship between ports, MAC addresses, and IP addresses of ZAN devices, this service enables access control, billing, and management to improve network security.
Sometimes several users on the second-layer switch on the BAN side need to form a traditional VLAN, which requires the second-layer switch to support the multi-layer VLAN, that is, each untaged port supports not only the port-based VLAN, also supports 802.1Q-based VLANs.
4. Summary
In conclusion, multi-layer VLAN technology can be used to isolate port data, improve network security, and facilitate the management of users by the Telecommunications Department. If the L2 Switch supports igmp snooping, You can implement the multicast function. The disadvantage is that the port provided to the user must be an untaged port, which will affect the development of multi-service access based on different priorities of 802.1Q in the future, so as to ensure the user's business quality; in addition, VLAN-based data isolation makes vswitch configuration and management more complex.