VLAN and Trunk (1)
Network performance is an important factor affecting business efficiency. Segmentation of large broadcast domains is one of the ways to improve network performance. A router can block a broadcast packet on an interface. However, the number of LAN interfaces of a router is limited. Its main function is to transmit data between networks rather than provide network access for terminal devices. The LAN access function is implemented by the access layer switch. Similar to a layer-3 switch, a VLAN is created on a layer-2 switch to reduce the broadcast domain. A modern switch is constructed by VLAN. To some extent, a learning switch is a learning VLAN.
Problem generation:
As shown in, when all devices on the network generate a large number of broadcasts and multicast frames in the broadcast domain, they will compete with the bandwidth of the data stream. This is composed of network management data streams, such as ARP, DHCP, and STP. As shown in, assume that PC 1 generates ARP, Windows logon, DHCP, and other requests:
After these broadcast frames reach vswitch 1, they traverse the entire network and reach all nodes until the routers. As the number of network nodes increases, the total overhead also increases until the performance of the switch is affected. This problem can be solved by isolating the data stream from the broadcast domain through VLAN disconnection.
What is VLAN:
A virtual local area network (VLAN) is a set of logical ports independent of locations. VLAN is equivalent to an independent layer-3 network. VLAN members do not need to be confined to the same switch's sequential or even ports. A general deployment is shown. The figure on the left shows that the node is connected to the vswitch and the vswitch is connected to the vro. All nodes are on the same IP address because they are connected to the same interface of the router.
The figure does not show that by default, all nodes are actually in the same VLAN. Therefore, this topology interface can be viewed as based on the same VLAN, as shown in the figure above on the right. For example, the default VLAN of a Cisco device is VLAN 1, also known as the management VLAN. By default, all ports are included in the source address table (SAT. This table is used for the switch to forward frames to the appropriate L2 port according to the target MAC address. After a VLAN is introduced, the source address table maps the port to the MAC address according to the VLAN, so that the switch can make more advanced forwarding decisions. The show mac address table and show vlan commands are displayed. All ports (FA0/1-FA0/24) are in VLAN 1.
Another common topology is that two switches are separated by one router, as shown in. In this case, each vswitch connects to a group of nodes. Each node on a vswitch shares an IP address domain with two CIDR blocks: 192.168.1.0 and 192.168.2.0.
Note that the two vswitches share the same VLAN. Data streams from non-local networks must be forwarded by routers. Vrouters do not forward layer-2 unicast, multicast, and broadcast frames. This topology logic is similar to multiple VLANs in two places: nodes under the same VLAN share a common address domain, and non-local data streams (nodes corresponding to different VLANs in multiple VLANs) need to be forwarded through the router. Add a VLAN to a vswitch and remove the other vswitch. The structure is as follows:
Each VLAN is equivalent to an independent layer-3 IP network. Therefore, when a node on 192.168.1.0 tries to communicate with a node on 192.168.2.0, different VLANs must communicate through a router, even if all devices are connected to the same vswitch. Layer-2 unicast, multicast, and broadcast data are only forwarded and routed in the same VLAN. Therefore, data generated by VLAN 1 is not seen by VLAN 2 nodes. Only the vswitch can see the VLAN, and neither the node nor the router can feel the VLAN. After adding a route decision, you can use the layer-3 function to implement more security settings, more traffic, and load balancing.
VLAN functions:
Security: Sensitive data of each group must be isolated from other parts of the network to reduce the possibility of damage to confidential information. As shown in, the faculty host on VLAN 10 is completely isolated from the data of students and visitors.
Cost saving: no expensive network upgrades are required, and the bandwidth and uplink utilization are more effective.
Performance improvement: the L2 network is divided into multiple logical Working Groups (broadcast domains) to reduce unnecessary data streams between networks and improve performance.
Narrow the broadcast domain: Reduce the number of devices in a broadcast domain. As shown in: there are six hosts on the network, but there are three broadcast domains: faculty, students, and visitors.
Improve IT management efficiency: users with similar network requirements share the same VLAN, making network management easier. When a new vswitch is added and a port VLAN is specified, all policies and steps are configured.
Simplify project and Application Management: VLANs bring together users and network devices to support different business or geographic location requirements.
Each VLAN corresponds to an IP network. Therefore, when deploying a VLAN, you must consider the implementation of the network address level.