1. Definition
the Chinese name of the VLAN (virtual local area network) is "virtualized LAN".
Virtual local Area network (VLAN) is a set of logical devices and users, these devices and users are not limited by the physical location, can be based on functions, departments and applications and other factors to organize them, communication with each other as if they are in the same network segment, hence the name of the virtual local area network. VLAN is a relatively new technology that works on layers 2nd and 3rd of the OSI Reference Model, where a VLAN is a broadcast domain, and communication between VLANs is done through the router on the 3rd layer. Compared with the traditional LAN technology, VLAN technology is more flexible, it has the following advantages: The mobile, add and modify of network equipment management cost is reduced, can control the broadcast activity, can improve the security of the network.
in a computer network, a two-layer network can be divided into different broadcast domains, a broadcast domain corresponding to a specific user group, by default, these different broadcast domains are isolated from each other. To communicate between different broadcast domains, you need to pass one or more routers. Such a broadcast domain is called a VLAN. 2. Several partitions on VLANs in fact, VLAN, the abbreviation of virtual local area network, is a new technology that realizes virtual workgroup by dividing the devices in the LAN logically rather than physically into a network segment. VLAN is proposed to solve the broadcast problem and security of Ethernet, it adds VLAN header on the basis of Ethernet frame, divides the user into smaller workgroup with VLAN ID, restricts the two-level mutual exchange between different working groups, and each workgroup is a virtual local area network. The benefit of a virtual local area network is that it can limit the broadcast range and be able to form virtual workgroups to dynamically manage the network.
VLAN technology allows network managers to logically divide a physical LAN into different broadcast domains, VLANs, each of which contains a set of computer workstations with the same requirements, with the same attributes as a physically formed LAN. However, because it is logically and not physically partitioned, workstations within the same VLAN need not be placed in the same physical space, i.e. these workstations do not necessarily belong to the same physical LAN segment. Neither broadcast nor unicast traffic within a VLAN is forwarded to other VLANs, and even if two computers have the same network segment, they do not have the same VLAN number, and their respective broadcast streams do not forward each other, helping to control traffic, reduce device investment, simplify network management, and improve network security.
1. Partitioning VLANs based on ports
Many VLAN vendors use the port of the switch to partition VLAN members. The ports that are set are in the same broadcast domain. For example, the 1,2,3,4,5 port of a switch is defined as a virtual network AAA, and the 6,7,8 port of the same switch makes up the virtual network BBB. This allows for communication between the ports and allows for the upgrade of the shared network. However, this partitioning mode restricts the virtual network to a single switch.
The second-generation port VLAN technology allows multiple different ports across multiple switches to divide VLANs, and several ports on different switches can form the same virtual network.
The
configuration of network members with switch ports is straightforward. So, for now, this way of partitioning VLANs based on ports is still the most common way.
2
. Divide VLANs by MAC address
This method of partitioning VLANs is divided according to the MAC address of each host, that is, the host for each MAC address configures which group it belongs to. The biggest advantage of this method of partitioning the VLAN is that when the user's physical location is moved, that is, when switching from one switch to the other, the VLAN does not have to be reconfigured, so it can be considered that the MAC address partitioning method is based on the user's VLAN, the disadvantage of this method is the initialization of the All users must be configured, if there are hundreds of or even thousands of users, the configuration is very tired. And this partitioning method also leads to a reduction in the efficiency of the switch execution, because there may be many VLAN group members on each switch port, so there is no limit
broadcast the package. In addition, for users who use laptops, their network cards may be replaced frequently, so that VLANs must be constantly configured.
3. According to the network layer
Partitioning VLANs
This method of partitioning the VLAN is based on each host's
The Network layer Address or protocol type (if multiple protocols are supported) is divided, although this partitioning method is based on the network address, such as the IP address, but it is not a route, and the network layer of the route has no relationship.
The advantage of this approach is that the user's physical location changes, does not need to reconfigure the VLAN, and can be divided according to the protocol type of VLAN, which is important for network managers, and this method does not require additional frame tags to identify the VLAN, which can reduce network traffic.
It
The disadvantage of the method is inefficient, because checking the network layer address of each packet needs to consume processing time (relative to the previous two methods), the general switch chip can automatically check the network packet Ethernet frame head, but to allow the chip to check the IP frame head, the need for higher technology, but also more time-consuming. Of course, this is related to the implementation method of each vendor.
4. According to
IP Multicast Partitioning
V
LAN
IP multicast is actually a VLAN definition, that is to say that a multicast group is a VLAN, this partitioning method extends the VLAN to the WAN, so this method has greater flexibility, but also easy to extend through the router, of course, this method is not suitable for LAN, mainly inefficient.
Definition and division of virtual local Area network
