Detailed explanation of VLAN Technology and its practical application in Enterprises

Source: Internet
Author: User

There are many things worth learning about VLAN technology. Here we mainly introduce VLAN Technology and its practical application in enterprises. VLAN Virtual LAN (VLAN) refers to the logical segmentation of network users connected to the second layer switch port, and segment networks according to user requirements without the limitation of physical locations of network users. A VLAN can be implemented in one vswitch or across vswitches. VLAN technology can be grouped based on the location, role, department, or application programs and protocols used by network users. The VPC Based on vswitch can solve the conflict domain, broadcast domain, and bandwidth problems for the LAN.

In traditional shared media Ethernet and switched Ethernet, all users in the same broadcast domain will cause a reduction in network performance and a waste of valuable bandwidth; in addition, the control of broadcast storms and network security can only be implemented on the layer-3 router. VLAN is equivalent to the L2 broadcast domain of the OSI reference model. It can control broadcast storms within a VLAN. After VLAN division, due to the narrowing of the broadcast domain, the proportion of bandwidth consumed by broadcast packets in the network is greatly reduced, and the network performance is significantly improved. Data transmission between different VLANs is achieved through the layer-3 network layer) routing. Therefore, the VLAN technology, combined with the data link layer and network layer switching equipment, can be used to build a secure and reliable network. Network administrators control network users' access to network resources by controlling each port of the switch. At the same time, the combination of VLAN and layer-3 switch can provide better security measures for the network. With the increasing improvement of VLAN technology, more and more VLAN technology is applied in switching Ethernet, which has become a method for flexible network segmentation and network security improvement.

VLAN Division

VLAN division is very important. When designing and constructing VLANs to implement VLAN technology applications, we must first determine how to divide VLANs, that is, what standards should be used to organize VLAN members. The following describes five common partitioning methods. Different partitioning methods represent different VLAN implementation types.

VLAN division by port

Define some ports in the vswitch as a separate area to form a VLAN. Computers in the same VLAN belong to the same CIDR block. Communication between different VLANs must be performed through routers. The advantage of port-based VLAN is that it is very convenient to configure, as long as the relevant settings on the switch can be done, suitable for a relatively fixed network environment. The disadvantage is that it is not flexible enough. When a computer needs to move from one port to another, and the new port does not belong to the same VLAN as the old port, You need to modify the VLAN settings of the port, or re-configure the network address on the user's computer to add it to the new VLAN. Otherwise, the computer will not be able to communicate over the network.

Port-based partitioning is the simplest and most commonly used method. In this way, the physical network segments belonging to different switch ports are divided into one VLAN technology, and different ports are allocated to the corresponding VLAN Based on VLAN identifiers through network management software. For example, Ports 1, 2, 6, and 7 of A vswitch are defined as vlan a. Ports 3, 4, and 5 of the same vswitch constitute VLAN 8. In this way, communication between ports is allowed and shared network upgrades are allowed. Unfortunately, this division mode limits the virtual network to one vswitch.

The second-generation port VLAN technology allows VLAN division across multiple different ports of multiple switches. Several ports on different switches can form the same VLAN. All sites allocated to each CIDR Block of the same VLAN are in the same broadcast domain and can communicate directly. The communication between different VLAN locations is through a router or a layer-3 switch.

Vswitch ports are used to divide VLANs. The configuration process is simple and clear. So far, this is still the most common method, but this method does not allow many VLANs to share a physical network segment or switch port. If a user moves from the VLAN where a port is located to the VLAN where another port is located, the network administrator needs to reconfigure it, which is unimaginable for networks with many mobile users.
 

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.