Communication between VLANs

Abstract: In large Campus Networks, VLAN technology has been widely used. In the network applications with the rapid development of multimedia technology, inter-VLAN communication has become increasingly important, however, no unified communication standards have been established so far, and the products of various manufacturers have their own strengths. In specific network planning, you need to carefully compare various products to find products suitable for your network, select a suitable communication mode for your network.

With the popularization of Switch Applications, VLAN technology is also widely used. As we all know, the main function of VLAN technology is to combine computers distributed in different geographical locations into a logical network as needed, while VLAN division can narrow the broadcast domain, to improve the network transmission speed, because computers in different VLANs cannot communicate directly, thus greatly improving the network security performance. But in fact, many networks require computers in different VLANs to communicate with each other. How to solve the problem of inter-VLAN communication is a problem we must seriously consider when planning VLANs. In the early stages of campus network development, there were only 10% ~ 20% of the information is transmitted between VLANs. However, with the rapid popularization of Multimedia Technology in Campus Networks, the amount of information transmitted between VLANs has increased many times, if the communication problem between VLANs is not solved well, the network usage and security will be seriously affected.

The communication in the LAN is completed by specifying the MAC address of the Communication target in the data frame header. In order to obtain the MAC address, the ARP Address protocol is used to parse the MAC address through broadcast packets. If the broadcast packets cannot reach the destination, the MAC address cannot be resolved, that is, direct communication is not allowed. When a computer belongs to different VLANs, it means that it belongs to different broadcast domains and naturally cannot receive broadcast packets from each other. Therefore, computers belonging to different VLANs cannot communicate with each other directly. To be able to communicate between VLANs, you need to use a higher layer in the OSI reference model-the information IP address of the network layer) for routing. Currently, the main devices that can complete the routing function in the network interconnection equipment are routers and switches at or above Layer 3.

1. Communication between VLANs through Routers

When you use a vro to implement inter-VLAN communication, there are two connection methods between the vro and the vswitch. First, connect to each vlan on the vswitch through different physical interfaces of the vro. Second, connect to each vlan of the vswitch through the logical sub-interface of the vro.

1.1 connect to each vlan on the vswitch through different physical interfaces of the vro.

The advantage of this method is that the management is simple and the disadvantage is that it is difficult to expand the network. Each time a new VLAN is added, the router port and access link on the vswitch need to be consumed, and a new network cable needs to be deployed. Vrouters generally do not have too many LAN interfaces. When creating a VLAN, the router must be upgraded to a high-end product with multiple LAN interfaces in order to correspond to the ports required by the added VLAN. This part of the cost and overhead caused by re-wiring are also required, makes this wiring method an undesirable method.

1.2 connect to each vlan of the vswitch through the logical sub-interface of the vro.

This connection method requires that both vrouters and vswitches support aggregation links, and the protocols used by both parties for aggregation links must naturally be the same. Then, define the logical sub-interfaces E1.1 and E1.2 corresponding to each vlan on the vro. Because this method is based on setting multiple logical sub-interfaces on a physical port to achieve network expansion, network expansion is easier and cost-effective, but the configuration of the router is more complex.

2. Replace vrouters with vswitches for inter-VLAN Communication

At present, there are many three-tier switches on the market. Among these switches, manufacturers integrate routing functions into switches through hardware or software. switches are mainly used in campus networks, the routing in the campus network is relatively simple, but the data exchange speed is fast. Therefore, it is an indisputable fact that vswitches are used to replace vrouters in large campus networks. There are two ways to use a vswitch instead of a vrovlan to implement inter-VLAN communication. One is to enable the routing function of the vswitch. This method can be implemented using any of the router methods described above. The second is to use the dedicated VLAN functions supported by some high-end switches to implement inter-VLAN communication. This method is described below.

Dedicated VALN divides ports into three types: Hybrid ports, isolation ports, and group ports. Only hybrid ports can be connected to routers or layer-3 switches. The VLAN corresponding to the mixed port is called the Primary VLAN. It can be mapped to the ports of all the Isolated VLANs (Isolated VLAN) mapped to the mixed port and the group VLAN

Port Communication. In addition to the Primary VLAN, the ports of the Community VLAN can also communicate with each other. Ports in Isolated VLANs can only communicate with ports in the Primary VLAN, and internal ports are Isolated from each other.

The configuration on DCRS7504 of Digital China is as follows:

DCRS7504 (config) # vlan 7

DCRS7504 (config-vlan-7) # tagged Ethernet 1/5

DCRS7504 (config-vlan-7) # pvlan type Community

DCRS7504 (config-vlan-7) # exit

DCRS7504 (config) # vlan 5

DCRS7504 (config-vlan-5) # tagged Ethernet 1/7

DCRS7504 (config-vlan-5) # pvlan type Isolated

DCRS7504 (config-vlan-5) # exit

DCRS7504 (config) # vlan 9

DCRS7504 (config-vlan-9) # untagged Ethernet 1/3

DCRS7504 (config-vlan-9) # pvlan type primary

DCRS7504 (config-vlan-9) # pvlan mapping 7 ethernet 1/5

DCRS7504 (config-vlan-9) # pvlan mapping 5 ethernet 1/7

Dedicated VLAN is widely used in man construction. A dedicated VLAN provides a layer-2 Data Communication Security connection without requiring multiple VLANs and IP subnets, all users are connected to a dedicated VLAN, so that all users can connect to the default gateway without any access to other users in the dedicated VLAN, dedicated VLAN also controls broadcast domains.

3 conclusion

In today's network planning, VLAN design is essential. Considering network security performance and transmission speed, communication between VLANs is also very important, due to the fast development and application of network products, there is no uniform standard for inter-VLAN communication. network devices produced by different manufacturers have their own strengths in the technology of Inter-VLAN communication, therefore, the specific network planning should be based on the characteristics of the network equipment and the specific network application situation to decide to adopt that method.