VLAN (Virtual Local Area Networkd)
A VLAN is a logical network divided on a physical network. This network corresponds to the L2 network of the OSI model.
VLAN division is not restricted by the actual physical location of network ports;
A VLAN has the same attributes as a common physical network;
Layer-2 unicast, broadcast, and multicast frames are forwarded and spread in one VLAN, instead of directly accessing other VLANs.
After receiving the broadcast frame, the switch forwards it to only other ports in the same vlan.
Due to the separation of broadcast domains, VLAN can control broadcast storms within a VLAN. After VLAN Division, as the broadcast domain shrinks, the proportion of bandwidth consumed by broadcast packets in the network is greatly reduced, and the network performance is significantly improved;
Data transmission between different VLANs is implemented through the layer-3 (Network Layer) routing. Therefore, the VLAN technology can be used to build a secure and reliable network based on the data link layer and network layer switching equipment;
At the same time, because the VLAN is logical rather than physical, you can avoid geographic location restrictions when planning the network.
VLAN division method
Port-Based VLAN)
Protocol-Based VLAN)
MAC-Layer Grouping)
Network-Layer Grouping)
IP Multicast group-based VLAN (IP Multicast Grouping)
Policy-Based VLAN)
Port-Based Static VLAN
Port-Based Static VLAN is the simplest and most effective way to divide Virtual LAN. It is actually a collection of some switch ports. The Network Administrator only needs to manage and configure the switch ports, regardless of the device connected to the vswitch port. This VLAN division method is based on the port of the Ethernet switch. It is the most widely defined VLAN method in the industry. 802.1Q sets the international standard for VLAN division.
The implementation of a port-based VLAN involves two steps:
1. Enable VLAN first (identified by vlan id );
2. Then, specify the switch port to the corresponding VLAN;
Isolated broadcast domains
The Port-based VLAN (Port VLAN) Logically divides the vswitch according to the vlan id specified by the Port. The broadcast domain is limited to the Port set of the same VLAN. Different VLANs cannot communicate directly. After using multiple switches to configure VLANs separately, you can use the Trunk (Trunk channel) method to achieve cross-switch VLAN internal connectivity. The Trunk port of the switch is not affiliated with a VLAN, instead, frames of all VLANs can be carried.
This cross-switch VLAN technology uses frame Filtering in the early days, while the current international standards require frame labeling. The logical structure of network management can be completely independent from the actual physical connection, greatly improving the flexibility of networking.
What is Trunk
The so-called Trunk is used to connect different switches to ensure that members of the same VLAN established across multiple switches can communicate with each other, the port used for interconnection between vswitches is called the Trunk port. The term Trunk indicates a Trunk line or Trunk line. However, it is generally not translated and is directly used in the original text.
Note: Unlike the General switch cascade, the Trunk is based on the OSI Layer 2.
Configure the relay mode on the ports that are interconnected between vswitches or between vswitches and vrouters (the Trunk port is a relay port, and the Trunk must be set when different VLAN information is transmitted on the same port ), this enables data frames belonging to different VLANs to be transmitted through this relay link.
There are two types of frames:
* ISL: Inter-Switch Link, which is a protocol unique to Cisco switches;
* IEEE 802.1Q: it is an international standard protocol and is supported by almost all network equipment manufacturers;
By default, the Trunk forwards data of all VLANs on the switch.