Describes the optimal performance of a vswitch in VLAN application configuration.

This article introduces the optimal performance of a vswitch in VLAN application configuration. The content of this article is as follows: filtering service function, Layer 2 network layer switch, Layer 3 network layer switch, data frame inbound, VLAN tag, below are some examples of different forms of switch VLAN applications.

Filter service features:

The filter service is used to set boundaries to restrict Frame Forwarding between members of different switch VLAN applications and between different protocols that use a single MAC address and a group of MAC addresses. Frame filtering depends on certain rules. Based on these rules, the switch determines whether to forward or discard the corresponding frames.

Early 802.1d standard 1993), defines the basic filtering service, the switch must broadcast all the group MAC address packets to all ports. The new 802.1d standard 1998) defines the extension filtering service, which can also filter packets of group MAC addresses, and filter out all multicast address packets for the vswitch's outer port.

If no static or dynamic filter conditions are set, the vswitch uses the default filter conditions. The extended filtering service uses GMRP (Group Multicast registry Protocol) to control dynamic Group forwarding and Group filtering of vswitches by generating or deleting a Group or Group member.

Vswitches and workstations use GMRP to declare whether they are willing to receive frames from a group of MAC addresses. GMRP transmits such group information between vswitches on the Internet, so that vswitches can update their filtering information to implement extended service functions. A vswitch has the filtering service and extended filtering service without any configuration.

Because the old vswitches, hubs, and routers do not support dynamic multicast address filtering, the corresponding ports connected to them need to be configured with extended filtering. The switch filters Frames Based on the filter database. The switch can maintain the filter database through dynamic learning and manual configuration. The vswitch checks and filters the database and determines whether the packet of a MAC address or VLAN Application ID of a vswitch should be forwarded to a port based on the following conditions:
◆ Default address
◆ Static filtering information typed by the Administrator
◆ The single-host address that needs to be learned dynamically by viewing the data packet source address
◆ Dynamic or static switch VLAN applications
◆ Filter information or VLAN member information through dynamic multicast managed by GMRP

L2 link layer) Switch VLAN applications:

The second layer supports port-based VLANs and MAC address-based VLANs. A port-based VLAN can quickly divide conflicting domains on a single switch. a mac address-based VLAN can support mobile applications on a laptop.

Layer-3 network layer) Switch VLAN application:

VLAN applications of layer-3 switches can be divided as follows:
◆ IP subnet address
◆ Network protocol
◆ Multicast address

The VLAN application of the layer-3 switch can be manually configured or automatically generated by the switch. After the vswitch analyzes the packets, it automatically configures the vlan application of the vswitch and updates the VLAN members. The layer-3 switch can work in a network environment where IP addresses are allocated in DHCP (Dynamic Host Control Protocol.

The switch can automatically discover IP addresses and dynamically generate VLAN Based on IP subnet. When a new IP address is assigned through DHCP, the layer-3 switch can quickly locate the address. Layer-3 switches update their VLAN member groups through IGMP, GMRP, ARP, and packet detection technologies. Through the Web-based network management interface, you can set the scope of automatic learning: Automatic learning can be completely unrestricted, partially restricted, or completely forbidden.

How does a layer-3 Switch handle VLANs:

The VLAN application of the switch improves the network performance by limiting the transmission and filtering. The layer-3 Switch updates the VLAN member table through listening and makes forwarding or filtering decisions based on the packet header member information. The following describes how a vswitch processes VLANs.

Data frame inbound:

Vswitches are classified based on the vlan id (VID) of the inbound data frame. One type is unlabeled, and the other is same. The vswitch determines whether to forward or discard a data packet based on the VID. At the same time, the vswitch can assign a VID to a frame without or with a priority mark.

VLAN tag:

If a data frame is not labeled with a VID, the switch assigns a VID to it and inserts the VID into its frame header. This process is called VLAN labeling. In this process, the switch processes packet forwarding and fills in the VLAN or priority field of the data frame. The administrator can set the priority level to select the VLAN type and select the VID value. The default setting of a vswitch is to paste the IP subnet information, then the network protocol, then the MAC address, and then the inbound port of the data frame.
◆ Filter: This process verifies whether the destination address and source address are in the same VLAN.
◆ Forwarding: Based on the VLAN database information, the switch can either forward or discard a data frame.
◆ Learning: The switch checks the source address and VLAN classification information of data frames and records them in the forwarding repository.

Below are some examples of different forms of switch VLAN applications:

◆ Some confidential documents of the engineering department must be kept confidential. Solution: Put the Engineering Department user in his or her own MAC address-based VLAN. Only the user is allowed to access this VLAN. No other user can listen to the user's content, because the user's content will not be forwarded to other network segments. In addition, there is a safer way to allocate a dedicated port to this user and generate a port-based VLAN for him.

◆ Laptop users in the Sales Department often need to perform dial-up access from other countries. Solution: generate a VLAN Based on the IP subnet and use the IP address to represent the user. In this way, you can access the network wherever you are.

◆ The company has installed a video training server to prevent users from occupying too much bandwidth during video access. Solution: generate a VLAN for the multicast address.

◆ The company's president needs to be able to access VLAN of other departments such as finance and sales. Solution: make the company's president a member of VLAN of other departments.