Cisco VLAN Explanation

Vlan explanation

I. Role

Separate the physical network of the same network segment into multiple logical networks, limiting the broadcast flooding range

Two. Implementation mechanism

1. Switch port type

Access links (access link) interface

A port that belongs to only one VLAN and forwards data frames to that VLAN only.

Receive data: When the message is received, if there is a VLAN tag, determine if the tag and receive Port Pvid is the same, the same goes into the VLAN. Not the same is discarded directly. Do not tag the message directly tag, enter the switch.

Send data: Packet with VLAN tag, remove the message VLAN tag message sent. No VLAN tag can occur.

Access Link Implementation method:

Static VLAN: A port-based VLAN that specifies which VLAN the corresponding port belongs to

Dynamic VLAN: Changes the VLAN to which the port belongs based on the clients connected to each port

MAC-based VLAN (MAC based VLAN): Determines the VLAN to which the port belongs by querying and logging the client MAC address

Subnet-based VLAN (Subnet based VLAN): Determines the VLAN to which the port belongs by querying the client's IP

User based VLAN: determines the VLAN to which the port belongs by querying the client's logged-on user account

Aggregation link (trunk link) interface

A port that can forward multiple different VLAN data frames.

Receive data: When the message is received, if a VLAN tag is entered directly into the switch, the default VLAN tag (native VLAN) is hit on the switch without VLAN tag.

Send data: The message with VLAN tag determines whether it is the same as the pvid of the port, if the same is removed after the tag is sent, if different and the interface allows the VLAN pvid through, send directly. Without VLAN tag is not possible

The way of aggregation

a.802.1q IEEE-certified Protocol for adding VLAN-aware information to data frames

Add a 4Bytes VLAN identifier between the source Mac and the type of the data frame, specifically 2 bytes of tpid (tag Protocol IDentifier) and 2 bytes of TCI (tag Control information), and regenerate the CRC check code, The original CRC check code is deleted.

The Tpid field is located in the same location as the protocol type field in the message with no VLAN tag in the Ethernet packet. The value of the tpid is fixed to 0x8100, which indicates the type of 802.1Q that the network frame hosts, which the switch uses to determine that the data frame is appended with IEEE 802.1Q-based VLAN information. The VLAN ID, in essence, is the 12-bit element in TCI. With a total of 12 bits, it is possible to identify up to 4,096 VLANs.

650) this.width=650; "src=" https://s2.51cto.com/wyfs02/M00/8E/D3/wKioL1jLsvXziU4pAABEDusOzWA147.jpg "title=" 1.jpg "alt=" Wkiol1jlsvxziu4paabedusozwa147.jpg "/>

B.ISL is a proprietary Cisco product protocol that is similar to IEEE 802.1Q for attaching VLAN information on a converged link.

The ISL protocol encapsulates the original data frame with the ISL header (ISL header) and the recalculated CRC checksum, and is also known as the Encapsulated VLAN. After using ISL the data frame asks the department to add 26 bytes of ISL header, the data frame tail adds the ISL header and the original data frame with the calculation of the 4-byte CRC checksum, the original CRC check code is retained in the source data frame.

650) this.width=650; "src=" https://s1.51cto.com/wyfs02/M01/8E/D5/wKiom1jLsyHTk8TEAABMiyNINPY891.jpg "title=" 2.jpg "alt=" Wkiom1jlsyhtk8teaabmiyninpy891.jpg "/>

Three. VLAN communication

1. Internal communication within the same VLAN

1 ports and 4 ports in the switch belong to the same VLAN, the PCA sends the MAC address of the ARP request PCB, the data frame is vlan2 on the switch 1, and forwards the ARP broadcast within the VLAN2, the data frame is removed vlan2 label, and the MAC address of B is found by 4 Port B, The ports, MAC addresses, and VLANs that are connected to the PCA and PCB are stored in the switch MAC address list.

650) this.width=650; "src=" https://s5.51cto.com/wyfs02/M01/8E/D3/wKioL1jLtDbRCCwEAABXsRkNYUA799.jpg "title=" 3.jpg "alt=" Wkiol1jltdbrccweaabxsrknyua799.jpg "/>

2. Communication between different VLANs

1 ports and 4 ports in the switch belong to Vlan2 and VLAN3, and 12 ports are trunk interfaces. The PCA uses the destination IP to match its subnet mask, confirming that it is not on the same network segment as the PCB. The PCA sends the MAC address of the ARP request ROUTERC. After receiving ARP on the Switch 1 port, the data frame is vlan2 labeled and the ARP is forwarded to all VLAN2 interfaces and trunk ports, and the MAC address of the ROUTERC is obtained through the trunk port (the router can split the VLAN TAG). ROUTERC Check the routing table found that the destination IP belongs to the VLAN3 network segment, the data information is re-encapsulated VLAN3 label information, through the trunk port to send ARP to VLAN3 network segment query, switch 12 port forwarding ARP to vlan3 all interfaces, 4 port to remove the data frame VLAN tag sent to the PCB, by comparing with the destination IP in the data packet to find B MAC address B, and the PCA and PCB connected to the port, MAC address, the owning VLAN associated with the switch MAC address list.

Note: The router needs to communicate with two VLANs at this point, and a single-arm route must be configured to host multi-VLAN traffic. (or using multiple interfaces to connect to the corresponding VLAN interface of the switch)

650) this.width=650; "src=" https://s1.51cto.com/wyfs02/M02/8E/D3/wKioL1jLtJPSEJhPAABzmuGb8Jw862.jpg "title=" 4.jpg "alt=" Wkiol1jltjpsejhpaabzmugb8jw862.jpg "/>

3. Three-layer switch VLAN communication

The three-layer switch adds a routing module based on the switching module, using only the switching module when communicating with the same VLAN. When communicating with different VLANs, the same scenario is used when connecting the router to the switch using a converged link.

To speed up the data exchange of the VLAN, the three-layer switch uses a dedicated hardware chip called the ASIC (applicationspecified Integrated Circuit) to process the exchange of data frames, which can be achieved at cable speeds on many models (Wired Speed) Exchange.

For data transfer of a large number of the same destination addresses, the three-layer switch provides a routing, subsequent switching (CEF) switching mode. That is, after the first transmission of data through a routing entry to locate the destination host, a high-speed exchange cache is built, and subsequent data is forwarded directly to the port to which the target is connected via the cache transit originating number. As a result, there is no need to relay through the internal routing module again and again, and only the cache information inside the switch is sufficient to determine which port should be forwarded. The switch handles the data frames similarly to the routers when they are relayed, such as overwriting MAC addresses, TTL in the IP header, and check sum checksum information.

Cache storage information includes:

(1) Destination IP address

(2) Source IP address

(3) Target TCP/UDP port number

(4) Source TCP/UDP port number

(5) Receive port number (switch)

(6) Forwarding port number (switch)

(7) Forwarding destination MAC address

650) this.width=650; "src=" https://s2.51cto.com/wyfs02/M02/8E/D3/wKioL1jLtO3SCmftAADDanuVFlE881.jpg "title=" 5.jpg "alt=" Wkiol1jlto3scmftaaddanuvfle881.jpg "/>

Cisco VLAN Explanation