What is a VLAN? How do I divide VLANs? How do I implement VLANs? What are the benefits of VLANs? VLAN possible three-layer switching technology (reprint)

1. What is a VLAN?

VLAN is a virtual local area network, which means that the sites in the networks do not rigidly adhere to the physical location, but can flexibly add a network technology in different logical subnets as needed.
Virtual local area network based on switched Ethernet in switched Ethernet, the VLAN technology can be used to divide the physical networks connected by switches into multiple logical subnets. This means that a broadcast packet sent by a site in a virtual local area network will only be forwarded to a site that belongs to the same VLAN.
In switched Ethernet, each site can belong to a different virtual local area network. The sites that make up the virtual local area network are not rigidly attached to the physical location, they can either be hooked up to the same switch, or they can be hooked up to different switches. The virtual LAN technology makes the topology of the network very flexible, for example, users on different floors or different departments can join different virtual LANs as needed.

2. Why do I need to divide VLANs?
There are three main considerations for dividing virtual LANs:
The first is based on network performance considerations. For large networks, now commonly used Windows NetBEUI is the broadcast protocol, when the network size is very large, the online broadcast information will be many, will make network performance deterioration, and even form a broadcast storm, causing network congestion. What about that? You can reduce the transmission of broadcast packets throughout the network by dividing many virtual LANs, because the broadcast information will not cross the VLAN, the broadcast can be limited to the scope of each virtual network, the term is to reduce the broadcast domain, improve the network transmission efficiency, thereby improving network performance.
The second is security-based considerations. Because the virtual network can not communicate directly, but must be forwarded through the router, for advanced security control to provide the possibility, enhance the security of the network. In large-scale networks, such as large group companies, financial department, procurement department and customer department, the data between them is confidential, only provide interface data between each other, other data is confidential. We can isolate different departments by dividing the virtual LANs.
The third is based on organizational structure considerations. The same Department of personnel scattered in different physical locations, such as the group's financial department in the subsidiaries have branches, but all belong to the Finance Department management, although the data are to be confidential, but when the need for unified settlement, you can cross-region (that is, cross-switch) in the same virtual LAN, to achieve data security and sharing. The use of virtual local area network has the following advantages: Suppress the broadcast storm on the network, increase the security of the network, centralized management control.

3. How do I implement VLANs?

There are three ways to realize virtual LAN based on switched Ethernet: Virtual local area network based on port, virtual local area network based on MAC address (network card's hardware address) and virtual local area network based on IP address.
(1) Port-based virtual local area network (built on the physical layer)

• The advantage: The Port-based virtual local area network is the most practical virtual local area network, it maintains the most common commonly used virtual local Area Network Member definition method, the configuration is also quite straightforward, on the local area network the site has the same network address, the different virtual local area network communication needs through the router.
• Insufficient: Flexibility is not good. For example, when a network site moves from one port to another, if the new port does not belong to the same virtual LAN as the old port, the user must reconfigure the network address for that site, otherwise the site will not be able to communicate with the network.

In a port-based virtual local area network, each switch port can belong to one or more virtual LAN groups, which is more appropriate for connecting to the server.

(2) Virtual local Area network based on MAC address (built on the data link layer)

• Advantage: In the MAC address-based virtual local area network, the switch to the site's MAC address and switch port tracking, in the new site when the network to a virtual local area network, regardless of how the site moves in the net, because its MAC address remains unchanged, Therefore, the user does not need to reconfigure the network address.
• Insufficient: When the site is in the network, it is necessary to perform a complex manual configuration of the switch to determine which virtual LAN the site belongs to.

(3) virtual LAN based on IP address (built on the network layer)

• Benefits: In the IP address of the virtual local area network, the new site in the network without too much configuration, the switch according to the network address of each site automatically divided into different virtual LAN.
• Insufficient: In the three kinds of virtual local area network implementation technology, the IP address-based virtual local area network is the most intelligent, and it is the most complicated to realize.

* The commonly used partitioning method is to combine ports and IP addresses to divide VLANs, some ports to be a VLAN, and to configure IP addresses for that VLAN, then the computer in that VLAN is the gateway and the other VLANs cannot be on the same subnet as the VLAN.

(4) VLAN partitioning based on IP multicast (built on the network layer)

• Benefit: IP Multicast is actually a VLAN definition, that is to say that a multicast group is a VLAN, this partitioning method extends the VLAN to the WAN, so this method has greater flexibility, and it is easy to extend through the router.
• Insufficient: This method is not suitable for local area network, mainly is not high efficiency.

(5) rule-based VLAN
This is the most flexible method of VLAN partitioning, with the ability to automatically configure, to connect the relevant users into one, the logical division is called "Relational network." The network administrator only needs to determine the rules (or attributes) that divide the VLAN in the NMS, so when a site joins the network, it will be "perceived" and included in the correct VLAN itself. At the same time, the movement and change of the site can be automatically identified and tracked. In this way, the entire network can easily extend the network size through routers. Some products also support hosts on one port belonging to different VLANs, which is especially important in environments where the switch and the shared hub coexist. When the VLAN is automatically configured, the software in the switch automatically checks the IP source address of the broadcast information that enters the switch port, and the software automatically assigns the port to a VLAN mapped by an IP subnet.

　　

What if two switches have computers with the same VLAN? We can solve this by VLAN trunk.
If the machine in the VLAN1 of Switch 1 wants to access the machine in the VLAN1 of Switch 2, we can set the cascade port of the two switches to trunk port, so that when the switch sends the packet from the Cascade, it will make a tag (tag) in the packet. To enable other switches to identify which VLAN the packet belongs to, so that when the other switch receives such a packet, the packet is forwarded only to the VLAN specified in the token, which completes the VLAN internal data transfer across the switch. VLAN Trunk currently has two standards, ISL and 802.1q, the former is Cisco proprietary technology, the latter is the international Standard of IEEE, in addition to Cisco both support, other vendors only support the latter.

4. Advantages of using VLANs
(1) Control broadcast storm

A VLAN is a logical broadcast domain that, through the creation of VLANs, isolates broadcasts, narrows the broadcast range, and can control the generation of broadcast storms.

(2) Improve the overall security of the network

By the principle of VLAN partitioning such as routing access list and MAC address assignment, we can control user access and logical segment size, divide different user groups into different VLANs, and improve the overall performance and security of switched networks. For example, the key departments and other departments through the VLAN isolation, even if the same network can ensure that they do not communicate with each other, to ensure that important departments of data security, or according to different departments, personnel, location of the VLAN, assigned to different permissions to manage.

(3) Simple and intuitive network management

For switched Ethernet, if some users re-network segment allocation, network administrators need to re-adjust the physical structure of network systems, and even need to append network equipment, increase the workload of network management. For networks with VLAN technology, a VLAN can be divided into a logical network segment based on departmental functions, groups of objects, or applications. You can move workstations between workgroups or subnets arbitrarily without altering the physical connection of the network. The use of virtual network technology greatly reduces the burden of network management and maintenance work, and reduces the cost of network maintenance. In a switched network, VLANs provide an elastic combination of network segments and mechanisms.

5. Supplementary Knowledge points

Three-layer switching technology
Traditional routers have the functions of routing and forwarding, firewalls, and isolated broadcasts in the network, and in a network divided by VLAN, the communication between different network segments logically divided is still forwarded through routers. Because on the LAN, the traffic between different VLANs is very large, so that if the router to each packet is routed once, along with the increasing amount of data on the network, the router will be overwhelmed, the router will become the bottleneck of the entire network operation.
In this case, there is a third layer of switching technology, which is the technology of combining routing technology with switching technology. Layer three switch after the first Data flow routing, will produce a MAC address and IP address mapping table, when the same data flow through, will be based on this table directly from the two layer through rather than re-route, thus eliminating the router to make Routing and network delay, improve the efficiency of packet forwarding, Eliminates network bottleneck problems that routers can create. It can be seen that the three-layer switch integrates routing and switching, and it realizes the routing within the switch and improves the overall performance of the network.
In the gigabit network with three-layer switch as its core, VLAN technology can be used to divide the virtual network in order to ensure the convenience and security of different functional departments and the stability of the whole network operation. VLAN subnets are isolated from broadcast storms, security is implemented for some important departments, and when the physical location of a department changes, simply set up the switch, you can achieve network reorganization, very convenient, fast, while saving costs.

What is a VLAN? How do I divide VLANs? How do I implement VLANs? What are the benefits of VLANs? VLAN possible three-layer switching technology (reprint)