We know that the traditional LAN Ethernet adopts the CSMA/CD method with conflict detection. In the CSMA/CD network, nodes can use the network whenever they have data to be sent. Before a node transmits data, it performs a "listener" to check whether the network is busy. If not, the node starts to transmit data. If the network is in use, the node waits. If the two nodes do not hear anything and start to use the line at the same time, a conflict will occur. When sending data, if it uses a broadcast address, all the PCs in this network segment will receive data packets, so that if there are many PCs in this network segment, it is easy to cause a broadcast storm. Conflicts and broadcast storms are important factors affecting network performance. To solve this problem, the concept of virtual lan vlan is introduced.
A virtual network is a virtual working group established by a network switching device in the entire network. The virtual network is logically equal to the Layer 2 broadcast domain of the OSI model, and has nothing to do with the specific physical network and geographical location. A virtual workgroup can contain departments and working groups in different locations, without having to reconfigure any ports physically, thus realizing that network users are not related to their physical locations. The Virtual Network Technology divides traditional broadcast domains into independent sub-broadcast domains as needed, and limits broadcast in virtual working groups. Due to the narrowing of the broadcast domains, the proportion of bandwidth consumed by broadcast packets in the network is greatly reduced, and the network performance is significantly improved. Let's take a look at the figure below. Figure 1 shows that departments of the same nature in the two floors are divided into one VLAN, so that the accounting data will not be broadcast to the machines on the market, there will be no data conflicts with machines in the market. Therefore, VLAN effectively separates conflicting domains and broadcast domains.
We can define VLANs on a port of a vswitch. All terminals connected to this specific port are part of the virtual network, and the entire network can support multiple VLANs. VLAN uses a network firewall to minimize unnecessary data traffic and isolate transmission between VLANs and possible problems. This greatly increases network throughput and reduces network latency. In a virtual network environment, you can divide different virtual networks to control the communication between users in the same physical network segment. In this way, data confidentiality is effectively realized, and configuration is not troublesome. The network administrator can logically reconfigure the network to quickly, easily, and effectively balance load traffic, you can easily add, delete, and modify users without physically adjusting network configurations. Since VLAN has so many advantages, why don't we understand it and apply the VLAN technology to our real network management. Let's use the actual example of configuring static vlan on the ipvst1900 switch to see how to configure VLAN on the switch.
After the Super Terminal is configured and the 1900 switch is connected, the following main configuration page appears:
1user(s)nowactiveonManagementConsole. UserInterfaceMenu [M]Menus [K]CommandLine IPConfiguration EnterSelection: |
We will briefly introduce the three options shown here. [M] Menus is the main menu, mainly the initial configuration of the switch and monitoring the running status of the switch. [K] CommandLine is a command line. Like using commands in a vro to configure and monitor a vro, it mainly uses commands. IPConfiguration is an option for configuring IP addresses, subnet masks, and default network management. This is the first time the switch is connected. If you have configured IPConfiguration, this option will not be available for the next login. Because the command configuration is concise, clear, and easy to understand, we use [K] CommandLine to implement VLAN configuration.
Select [K] CommandLine to go to the command line Configuration:
EnterSelection: K press ENTER
CLIsessionwiththeswitchisopen.
ToendtheCLIsession, enter [Exit].
>
Now we enter the common user mode of the vswitch, just like a vro. In this mode, we can only view the current configuration, but cannot change the configuration, and the commands that can be used are very limited. We enter enable to enter the privileged mode:
> Enable
# Configt
Enterconfigurationcommands, oneperline. EndwithCNTL/Z
(Config )#
For security and convenience, we should name the vswitch and set the login password.
(Config) # hostname1900Switch
1900 Switch (config) # enablepasswordlevel15goodwork
1900 Switch (config )#
Note: The password must be 4-8 characters long. The vswitch password is slightly different from the vro. The vswitch uses the level to determine the password permission. Level1 is the password used to access the command line interface. That is to say, after setting the level1 password, you will be asked to enter the password next time you connect to the switch and enter K, this password is the password set by level1. Level15 is the privileged mode password that you enter after you enter the enable command. Enablepassword and enablescreet are used in the vro to distinguish between them.
Well, we have already set the name and password to ensure security. Let's set the VLAN. The VLAN settings are divided into the following two steps:
Set VLAN name
Application to Port
Set the VLAN name first. Use the vlanvlan number namevlan name. Configure in privileged configuration mode:
1900 Switch (config) # vlan2nameaccounting
1900 Switch (config) # vlan3namemarketing
We have configured two new VLANs. Why does the VLAN number start from 2? This is because, by default, all ports are not placed on VLAN1, so the configuration should start from 2. 1900 series switches can be configured with a maximum of 1024 VLANs, but only 64 switches can work at the same time. Of course, in theory, we should plan VLAN numbers based on our actual network needs. After the VLAN name is configured, we need to enter each port to set the VLAN. In a vswitch, to enter a port, for example, 4th ports, use interfaceEthernet0/4. Okay, combined with the figure above, let's make ports 2, 3, 4, and 5 belong to VLAN2, port 17---22 belongs to VLAN3. The command is the vlan-membershipstatic/dynamicVLAN number. Either static or dynamic must be selected, followed by the vlan id Just configured. Okay. Let's see the result:
1900Switch(config)#interfaceethernet0/2 1900Switch(config-if)#vlan-membershipstatic2 1900Switch(config-if)#inte0/3 1900Switch(config-if)#vlan-membershipstatic2 1900Switch(config-if)#inte0/4 1900Switch(config-if)#vlan-membershipstatic2 1900Switch(config-if)#inte0/5 1900Switch(config-if)#vlan-membershipstatic2 1900Switch(config-if)#inte0/17 1900Switch(config-if)#vlan-membershipstatic3 ………… 1900Switch(config-if)#inte0/22 1900Switch(config-if)#vlan-membershipstatic3 1900Switch(config-if)#
|
Okay. We have defined all VLANs on the port of the switch. Here, we only configure static data. We will mention dynamic data later. So far, we have configured the VLAN of the switch. How is it? It is not as complicated as you think. To verify our configuration, we use the showvlan command in privileged mode. The output is as follows:
1900Switch(config)#showvlan VLANNameStatusPorts -------------------------------------- 1defaultEnabled1,6-16,22-24,AUI,A,B 2accontingEnabled2-5 3marketingEnabled17-22 1002fddi-defaultSuspended 1003token-ring-defauSuspended 1004fddinet-defaultSuspended 1005trnet-defaultSuspended |
This is A 24-port switch with AUI and two 100 m ports A and B. We can see that our settings are working properly. What should we do if we want to save runningconfigure? Of course, no, the switch is saved automatically in real time, so we don't need to use commands to save the settings. Of course, you can also use the showvlanvlan number command to view a VLAN, such as showvlan2 and showvlan3. you can also use showvlan-membership, the change command mainly displays the static or dynamic VLAN of each port on the switch.
The above is the process of configuring a static VLAN for the switch. Let's look at the dynamic VLAN. Dynamic VLAN formation is very simple. When the port determines which VLAN it belongs to, a dynamic VLAN is formed. However, this does not mean that the layer remains unchanged. It is just a simple ing, which depends on the database created by the network administrator. After the port assigned to the dynamic VLAN is activated, the switch caches the source MAC address of the initial frame. Then, the switch sends a request to an external server called the VMPSVLAN Management Policy server, VMPS contains a text file containing the MAC address for VLAN ing. The switch downloads the file and verifies the MAC address in the file. If you find the MAC address in the file list, the switch assigns the port to the VLAN in the list. If there is no MAC address in the list, the switch will allocate the port to the default VLAN, assuming that the default VLAN has been defined ). If there is no MAC address in the list and no default VLAN is defined, the port is not activated. This is a very good way to maintain network security. On the surface, dynamic VLAN has great advantages, but it also has a fatal disadvantage, that is, it is very difficult and tedious to create a database. If there are thousands of workstations on the network, there will be a lot of input work to do. Even if someone is competent for this job, there will be many problems related to dynamic VLANs. In addition, it is time-consuming to keep the database up-to-date. So it is not often used. Here we will not explain it in detail. You can refer to the relevant CISCO documentation.
This is not as complicated as you think. We have already configured the VLAN, so another part of the VLAN cannot be ignored is the preliminary network planning. That is to say, which machines are in a VLAN, how their respective IP addresses, how subnet masks are allocated, and how VLANs communicate with each other. Only after the plan is planned can you easily save trouble in the configuration and future use and maintenance process.(