When I participated in the network engineering construction of some companies, I found that most of the company's choice of switches is still in the past, regardless of the enterprise intranet division based on subnets of different departments, generally, you only need to connect all the computers with a 10-ge switch.
This requires dedicated enterprise-level traditional routers, such as CISCO 2600 series access routers, to access frame relay before ADSL and other broadband technologies are popularized), digital data network DDN), x.25, etc. To deploy VLANs, enterprises must use switches with VLAN Division functions to work with traditional routers and use traditional routers as the routes for inter-VLAN communication. Therefore, small enterprises cannot afford expensive traditional routers, this is understandable. However, after the popularization of broadband technology, general enterprises will choose ADSL or man, unless they are very traditional industry enterprises, such as the banking industry still adopt DDN. At the same time, the gateway device used for access is not the only one undertaken by the traditional router, but a wide variety of broadband access devices, such as broadband routers and VPN firewalls. Three-layer switches that use VLAN routing instead of traditional routers have emerged. hardware-based route forwarding is more efficient and faster than software-based route forwarding of traditional routers.
Now enterprises have a better choice to deploy VLANs, that is, layer-3 switches can work with layer-2 access switches with VLAN functions. With the increasing number of three-tier switch manufacturers and the rich market supply, the price of the three-tier switch will soon become more common, especially the popularization of the Gigabit three-tier switch in the high-end market, promote the popularization of layer-3 M switches to the low-end and Middle-end markets, and reduce the price to the acceptable level for medium and small enterprises. Therefore, here we will further discuss the topic "layer-3 Exchange, you can also. Layer-3 switching in core network deployment is no longer a new topic for SMEs.
Benefits of VLAN subnet division
VLANVirtual Local Area Network (VLAN) refers to logically dividing a physical LAN into different small logical subnets. Each logical subnet is a separate broadcast domain. Simply put, it is to divide a large physical LAN into several small Virtual LAN VLANs through software on the switch ). The communication principle of a vswitch is to discover the destination MAC address through "broadcast", so as to create a MAC address table in the MAC database inside the vswitch, and broadcast cannot span different network segments. By dividing VLAN subnets, the broadcast domain can be reduced to avoid the possibility of serious consequences of Data collision in a large physical LAN, and to avoid broadcast storms. Improve the switching efficiency of the switching network and ensure the network stability. To improve network security, the LAN is divided into different subnet segments by VLAN division, so direct communication is not allowed. Necessary communications must be implemented through routes. Therefore, you can configure an access list on a vro or a layer-3 Switch to perform cross-subnet Access authorization, thus improving the security of Intranet access. Convenient Network Management: enterprise networks are divided by VLAN technology. a vlan can be divided into logical network segments by department, project team, or server group. The workstation can be moved between subnets without changing the physical connection of the network. VLAN provides an elastic combination of network segments and institutions. VLAN technology solves the problem of network management and can automate network supervision and management, so as to monitor networks more effectively.
Because the broadcast produced by each subnet is limited to a small Virtual LAN. When different VLANs in a LAN communicate with each other, because they are in different IP subnet segments, they cannot communicate directly as they were in a large LAN. Therefore, they need to be routed for forwarding, in this case, you need to add a route device to implement the routing function.
Layer-3 Switching Technology
VLAN and route are twins. a vlan must have a route.
Before a layer-3 Switch exists, communication between VLANs requires expensive traditional routers to work together. In enterprise networks, communication between different VLAN subnets occurs frequently, and routers are software-based route selection operations, which is less efficient. If the router needs to route each packet once, that is to say, "Every forwarding, every route", as the amount of data to be routed increases, traditional routers will be overwhelmed, and thus become the bottleneck of Inter-VLAN communication.
Layer-3 switches combine layer-2 switching technology in network communication with layer-3 routing or layer-3 forwarding technology, and achieve line rate switching through ASIC Technology, this greatly improves the packet forwarding capability of device data and eliminates forwarding bottlenecks. At the same time, network resources can be fully utilized through VLAN division, efficient multicast control, stream policy management, access control, and other functions to meet the application requirements of various users. After a layer-3 switch routes the first data stream, a ing table of MAC addresses and IP addresses is generated. When the same data stream passes through again, layer-2 switches are directly exchanged Based on the ing table, that is, "one route, multiple switches", which greatly improves the efficiency of packet forwarding and the overall performance of VLAN networks.
With a layer-3 Switch, when enterprises divide VLAN subnets, the cost on devices is much more economical, and the inter-VLAN data routing and forwarding performance is more efficient.
Three-tier switch deployment instance for Small Enterprises
From the above two sections, we know the importance and necessity of VLAN subnet division for an enterprise lan. The necessary supporting project for VLAN division is to deploy a layer-3 switch. At present, the three-tier switch market is developing and its brand is doubled, but the price is still somewhat high. For example, the M three-tier switch is generally around-yuan, but some are still low-priced, such: d-Link DES-3326SR price 4000 yuan, which makes us less than 100 small enterprises can also deploy efficient and secure VLAN network.
In this case, we chose this very economical layer-3 Switch and deployed a D-Link DES-3326SR layer-3 switch at the core of the network, the access layer is composed of several D-Link DES-3226S M stackable L2 switches ,.
DES-3326SR is a stackable multi-layer router switch that integrates two-layer line rate switching and three-layer IP packet routing and quality of service QoS in a single chassis. It provides 24 10/100 Mbps ports, an extended slot for fast Ethernet, Gigabit modules, stacking, 8 Gbps switching architecture, 8 k mac address table, 2 K route table, 6.6Mpps layer-3 packet forwarding rate, 16 mb ram cache. Supports redundant backup power supply, which can be stacked together by means of high-speed stacked cables. A maximum of 13 units can be stacked. 8 10/100 Mbps ports are allowed to provide aggregated bandwidth.
Through network segmentation, workstations that support IEEE 802.1Q VLAN Tagging can be grouped into different VLANs. This switch also supports GVRP to automatically publish VLAN configuration information.
Supports RIP-1, RIP-2, OSPF, DVMRP, and PIM Dense mode multicast routing protocols.
The 802.1x Feature Based on the port and MAC address enables the user to authenticate each access request. Multi-layer Access Control List ACL ). Support for priority queue and IP multicast IGMP snooping), and Quality of Service (QoS). This ensures that latency-sensitive applications such as video conferencing are successfully completed.
Supports 802.1p priority queue control. Layer 2 to Layer 4 information can be used to set priority for data packets. Listen to IGMP and control the broadcast. The switch dynamically configures the port so that the IP multicast data is forwarded only to the ports related to the multicast host.
SNMPv.1, v.2c, and v.3 network management. Provides RMON monitoring and SYSLOG for effective central management. The switch also provides command line interface CLI) and Web-based GUI.
Subnet planning and network topology
VLAN division should be combined with IP planning so that a VLAN interface IP address is the subnet segment of a department, and a VLAN interface IP address is a sub-gateway. VLAN should be divided by department. The host IP addresses of the same department are allocated to a subnet Based on VLAN interface IP addresses and belong to the same VLAN. This not only benefits security, but also facilitates the management and monitoring of network administrators. Note: The Gateways of clients in each VLAN correspond to the interface IP addresses of each VLAN.
In this enterprise network, four VLAN subnets are planned to correspond to four important departments. The author believes that this is also the most common Department structure of small enterprises, namely:
VLAN10-General Administration Office; VLAN20-Sales Department; VLAN30-Finance Department; VLAN40-data center network center ). After VLAN division, you must configure a "Virtual Interface IP Address" for each VLAN ". VLAN10——192.168.10.1 VLAN20——192.168.20.1 VLAN30——192.168.30.1 VLAN40——192.168.40.1 VLAN and route Configuration |
1. VLAN configuration process of DES-3326SR layer-3 Switch:
1) create a VLAN
DES-3326SR # Config vlan default delete 1-24? Delete the Port 1-24 ''contained in the default VLAN (default'' DES-3326SR # Create vlan vlan10 tag 10? Create a VLAN named vlan10 and mark the VID as 10 DES-3326SR # Create vlan vlan20 tag 20? Create a VLAN named vlan20 and mark the VID as 20 DES-3326SR # Create vlan vlan30 tag 30? Create a VLAN named vlan10 and mark the VID as 30 DES-3326SR # Create vlan vlan40 tag 40? Create a VLAN named vlan10 and mark the VID as 40 |
2) Add ports to each VLAN
DES-3326SR # Config vlan vlan10 add untag 1-6? Add Port 1-6 to VLAN10 DES-3326SR # Config vlan vlan20 add untag 7-12? Add Port 1-6 to VLAN20 DES-3326SR # Config vlan vlan30 add untag 13-18? Add Port 1-6 to VLAN30 DES-3326SR # Config vlan vlan40 add untag 19-24? Add Port 1-6 to VLAN40 |
3) create a VLAN interface IP Address
DES-3326SR # Create ipif if10 192.168.10.1/24 VLAN10 state enabled? Create an interface if10 to assign VLAN subnet VLAN10 and specify the IP address of the interface as 192.168.10.1/24. Enabled activates this interface after it is created.
Set other interface IP addresses in the same way:
DES-3326SR#Create ipif if20 192.168.20.1/24 VLAN20 state enabled DES-3326SR#Create ipif if30 192.168.30.1/24 VLAN30 state enabled DES-3326SR#Create ipif if40 192.168.40.1/24 VLAN40 state enabled |
4) routing
When configuring the layer-3 function of a layer-3 Switch, if it is only a single layer-3 switch, you only need to configure the virtual interfaces of each VLAN, no routing protocol is configured. Because the virtual interface on a layer-3 Switch appears as a direct route in the switch, static routing or dynamic routing protocol configuration is not required.
2. the VLAN configuration process of DES-3226S L2 Switch:
1) create a VLAN
DES-3226S#Config vlan default delete 1 -24 ? Delete the Port 1-24 ''contained in the default VLAN (default'' DES-3226S # Create vlan vlan10 tag 10 ? Create a VLAN named vlan10 and mark the VID as 10 |
2) Add ports to each VLAN
DES-3226S # Config vlan vlan10 add untag 1-24? Add Port 1-24 to VLAN10
Similarly, configure other DES-3226S L2 switches. After the completion, you can connect the L2 Switch of each VLAN to the port of the corresponding vlan of the DES-3326SR L3 switch.
Summary:
This article introduces how to plan VLAN subnets for Small Enterprise Networks and implement efficient VLAN layer-3 switching when the cost is limited based on the economic principle of deploying VLANs in small enterprises. Although the price of a m layer-3 switch is a little high, and the Gigabit layer-3 switch is more expensive, you can find an economical layer-3 switch that meets the needs of small enterprises. This makes it possible for small enterprises to deploy core layer-3 exchanges. We also firmly believe that with the expansion of production capacity, three-tier switches for the middle and low end will be widely used. This will allow us to plan VLAN subnets and layer-3 routes, providing an efficient and secure network for enterprises.