Application of router bridging in VLAN Technology Division

This article mainly introduces the application of the router bridging technology in VLAN Technology Division, and details the Protocol compatibility issues, transparent bridging and solutions. I hope this article will help you.

Compatibility with proprietary protocols in Router bridging technology

However, we encountered some problems when preparing to implement the VLAN plan. We know that VLAN in a virtual LAN is an independent physical network that can be logically divided. It is generally considered to be equivalent to a layer-2 broadcast domain. Data frames in a vswitch cannot be forwarded between two VLANs. To implement communication between VLANs, you must connect the vswitch to a layer-3 device (such as a router or layer-3 Switch) for routing. Generally, a physical port belongs to only one VLAN. In this way, the number of VLANs must be the same as the number of physical ports used by the vro Ethernet and the number of ports used by the vswitch for Cascade. This will result in a large number of port waste, it also greatly limits the scalability and division flexibility of VLANs. To solve this problem, you can use the "Tagging" technology to transmit multiple VLAN data streams on a physical port, that is, Tag each data frame on this port) used to mark the VLAN to which the frame belongs. The system uses its vlan id (vlan id) to determine the data Frame Forwarding. Therefore, network devices must support the Tagging encapsulation protocol.

The technical problem encountered in this instance is that the Catalyst 1924 switch and the SuperStack 1100 switch support different VLAN tagging encapsulation protocols: the Catalyst 1924 can encapsulate the Cisco proprietary ISL protocol, superStack 1100 can only encapsulate IEEE 802.1Q. These two protocols are incompatible. These two vswitches cannot transmit multiple VLAN data streams at the same time through a cascade port, which will inevitably cause a waste of ports and limit the flexibility of VLAN division.

Fortunately, this Organization also has a Cisco 3640 router, which contains two ethernet ports, and the Cisco 3640 IOS version supports the above two VLAN tagging encapsulation protocols, at this time, you can use the transparent bridging function of the router. Before introducing the solution, we will briefly describe the transparent bridging feature of the Cisco router.

Vro bridging technology-transparent bridging of Cisco Routers

In a Cisco router, its IOS software supports transparent bridging Based on Ethernet, FDDI Optical Fiber Network, and serial links.

Cisco routers provide Integrated Routing and Bridging (IRB) functions. When IRB is configured, protocol data streams that are not routable can be switched over ports configured as the same bridge group, protocol data streams that can be routed are routed between other routing ports or different bridge groups.

The concept of a Bridge Group is mentioned here ). To implement bridge switching between different ports, these ports must be added to the same bridge group. Theoretically, all ports in the same bridge group belong to the same layer-2 broadcast domain, regardless of whether the port type is Wan port or Ethernet port, whether the port is a physical port or a logical port (for example, an X.25 sub-port or an Ethernet VLAN sub-port ). The Cisco router automatically generates a Virtual Interface for each configured bridge Group, which is called Beidge-Group Virtual Interface (BVI ), routing can be implemented between different BVI or between BVI and other ports. The following describes the main concepts of BVI and the configuration tasks of IRB.

The E0, E1, and E2 ports are bridging ports and are in the same Bridge Group Bridge-Group 1. Therefore, the vro automatically generates a logical Virtual Interface BVI 1, port E3 is the routing port. In terms of working principle, the router configured in this figure is equivalent to such a network connection, A vswitch consisting of E0, E1, E2, and an uplink port is connected to a vro consisting of BVI 1 and E3 through the BVI 1 interface, obviously, E0, E1, and E2 are in the same broadcast domain.

Router bridging technology solution

With the related concepts of IRB, we can solve the problems mentioned above. In the actual solution, first, VLAN is assigned to the Catalyst 1924 and SuperStack 1100 switches, and ISL and IEEE 802.1Q label protocols are enabled on their uplink ports, respectively, connect them to the two ethernet ports of the Cisco 3640 router respectively. Here, the Bx port of the Catalyst 1924 and the 26 port of the SuperStack 1100 are used as the uplink ports. After the physical cable connection is completed, the main task is to configure the Cisco 3640 router. For example, two VLANs, VLAN 1 and VLAN 2, correspond to the sales department and Finance Department respectively. The network structure is shown in the figure below.

To enable Ethernet ports to transmit different VLAN data streams at the same time, the Tagging protocol should be encapsulated in the sub-port. For example, on the port connecting Cisco 3640 to Catalyst 1924, corresponding VLAN 1 should use the following configuration command:

Interface fastethernet 0/0. 1

Encapsulation isl 1

Similarly, sub-port configuration is also required for the port connected to SuperStack 1100, but the encapsulation protocol must be changed to IEEE 802.1Q. The command is as follows:

Interface fastethernet 0/1. 1

Encapsulation dot1q 1

With VLAN sub-ports, as long as the sub-ports of the same VLAN are added to the same bridge group, VLAN communication between the Catalyst 1924 and SuperStack 1100 can be realized. Here, if fastethernet 0/0 is set. 1 and fastethernet 0/1. 1 is in bridge-group 1, so VLAN 1 of Catalyst 1924 and VLAN 1 of SuperStack 1100 are logically merged into a VLAN.

Finally, you can configure an IP address for the BVI interface of the bridge group and add some ACL list settings to implement a secure route between VLAN 1 and VLAN 2.

When configuring servers and workstation on the network, the computer default gateway of VLAN 1 financial department should be set to the IP address of interface BVI 1 in router configuration, that is, 192.168.1.254. Similarly, the computer default gateway of VLAN 2 sales department should be set to the address of interface BVI 2, that is, 192.168.2.254.