In-depth understanding of VLAN formation principles and working principles

Many readers are not very clear about the formation and working principle of VLAN 《Cisco/H3C Switch configuration and management manualRelated content in the book.
8.1.1 understand VLAN formation and working principles
A VLAN is a logical segment of the switching network divided by function, project group, or application policy, regardless of the physical location of the user. VLANs have the same attributes as physical networks, but can be aggregated even if they are not in the same physical network segment. Any vswitch port can be configured as a VLAN interface, responsible for unicast, broadcast, and multicast packet forwarding of the entire VLAN. In VLAN configuration and usage, many readers do not really understand the VLAN formation principle, which makes it hard to understand some VLAN configurations and VLAN routing and bridging faults.

1. VLAN in the same physical switch
In fact, the key to understanding VLAN is to understand the word "virtual. "Virtual" indicates that a VLAN is a virtual or logical LAN, rather than a physical LAN. Each VLAN in a vswitch can be considered as a vswitch, as shown in Figure 8-1.

650) this. width = 650; "border =" 0 "alt =" "src =" http://img1.51cto.com/attachment/201104/203957915.jpg "/>

Figure 8-1 multiple VLANs in a physical switch

In fact, we only need to regard a VLAN as a vswitch, but it is a virtual switch. Many problems have been well understood in the past, because the vswitch has the same basic attributes as the physical switch. Different VLANs on the same physical switch can never have physical connections. Just like physical switches with logical connections, they certainly cannot communicate with each other directly, even if the members of these different VLANs are in the same IP segment. In this case, figure 8-1 shows five physical switches with no physical connection relationships.
The members in the same VLAN are the same as those in the same physical switch. in different situations, they can still be processed by the physical switch. If all the members in the same VLAN belong to the same CIDR block, there is nothing to do. It can certainly communicate with each other, just like connecting users in the same CIDR block on the same physical switch. If the members in the same VLAN are in different CIDR blocks, it is equivalent to connecting users in different CIDR blocks on a physical switch. In this case, you must use routes or gateway configurations to implement mutual communication.

2. VLANs in different physical Switches
Because the members of a VLAN are not divided based on the physical location of the members, they are usually located on different switches in the network. That is to say, a VLAN can span multiple physical switches, which is the VLAN relay Trunk) function, as shown in Figure 8-2. In this case, we should not always look at the user distribution according to the physical switch, but from the VLAN perspective. As shown in 8-2, do not treat it as two physical switches. Instead, consider it as the connection between five physical switches).

650) this. width = 650; "border =" 0 "alt =" "src =" http://www.bkjia.com/uploads/allimg/131227/03121a611-1.jpg "/>

 

Figure 8-2 same VLAN on different physical Switches

You can have the same VLAN on different switches, and the same VLAN on these physical switches is the same, which can be accessed from each other. Of course, the ports connected to the physical switch allow these VLAN packets to pass through. This is the Trunk port function described in Chapter 4th ).

Two identical VLANs cannot exist on the same physical switch, but multiple identical VLANs can exist on different switches, by default, only members of the same VLAN can directly communicate without routing and bridging). Therefore, by default, each VLAN cannot communicate directly on the same physical switch, even if they are all in the same IP segment. However, the same VLAN on different physical switches can communicate directly, as long as the connection ports between physical switches allow corresponding VLAN packets to be learned, because the same VLAN connection on different physical switches uses physical connections between physical switches.
3. Mutual access between VLANs
A VLAN is a layer-2 protocol. The VLAN is virtual, or the logical attribute determines that there is no physical layer-2 connection between these VLANs and only logical connections). Each VLAN is independent of each other, which is equivalent to an independent layer-2 switching network. Without the possibility of layer-2 mutual access, we can only solve the connection problem between them through layer-3. We know that an independent switching network needs to be connected to another independent switching network in three layers. There are two ways: one is through the gateway, and the other is through the routing. There are also two logical connections between different VLANs. The vswitch Virtual Interface SVI of each VLAN is the gateway of the corresponding VLAN member. Configure an IP address for each SVI. This IP address is the gateway IP address of the corresponding VLAN member. The basic structure of mutual access between VLAN members through SVI is 8-3. Each VLAN member must communicate with other VLAN members through the SVI of their respective VLAN member gateways. The member ports in each VLAN are generally L2 access ports that directly connect to PC users.

650) this. width = 650; "border =" 0 "alt =" "src =" http://www.bkjia.com/uploads/allimg/131227/0312193515-2.jpg "/>
Figure 8-3 logical connection between different VLANs through SVI

To achieve the connection between different VLANs through routing, we can understand that in Figure 8-2, two SVI are added with a device that provides the routing function, the router can be implemented through static routing or various routing protocols), or a layer-3 Switch with a layer-3 switching module can be implemented by enabling the IP routing function ). However, each VLAN is still presented with its own SVI, and each VLAN is still addressing with a layer-2 MAC address. Of course, it is assumed that all the Members in the same VLAN are in the same CIDR block. If these members are not in the same CIDR block, you need to configure routes like hosts connected to multiple CIDR blocks on a physical switch to implement mutual communication between members in the VLAN. The routing configuration between VLANs is described in Chapter 10th.

This article is from the "Wang da blog" blog. For more information, contact the author!