Introduction to the classic guide for purchasing VLAN Switches

Many users do not know how to buy VLAN switches. The most fundamental factor is to choose a cost-effective product that suits their needs. As enterprises pay more attention to information security, more and more enterprises begin to consider deploying Virtual LAN in the enterprise, in order to put confidential departments of some enterprises, for example, the R & D department's network is isolated through the Virtual LAN to ensure data security.

I. How VLAN works

The working method of VLAN enables us to select one of the main standards of VLAN switches. Currently, VLAN switches work in two ways: static port configuration, that is, when we manage a virtual LAN, you can set several ports of a VLAN switch to a LAN, and set another port to another virtual LAN. After the vswitch is set, the virtual LAN that these ports belong to is fixed. This will lead to a problem. For example, if the R & D manager is originally a network belonging to the R & D department, but now he holds a notebook to a meeting room and goes online in the meeting room, it is not a network belt belonging to the R & D department, because the switch port used is different when surfing the internet in the conference room with him in the office. The switch determines which vswitch it belongs to based on the port. It can be seen that if the virtual LAN is configured statically, it is relatively rigid. When the employee's location changes, the VLAN switch department can intelligently determine which network the employee's computer belongs. Therefore, for enterprises with frequent changes in employee positions or mobile office demands, switch using this work mode is not suitable. Another way of working is to dynamically allocate the port of the virtual LAN. There are many specific implementation methods for this work method.

1. You can divide a virtual LAN Based on the Mac address. Each user's computer has a unique MAC address. Generally, our network administrator can restrict the user from changing the MAC address through various means. In specific management, we can first collect the user's MAC address, and then set the virtual LAN in the switch according to the MAC address. When a user connects to a vswitch, The vswitch selects the corresponding virtual LAN Based on the MAC address of the user's computer. In this case, it is obvious that when the R & D department manager moves the laptop from the R & D department office to the conference room, it still belongs to the R & D department's Lan, although its port has changed, however, its MAC address has not changed, so its original network nature has not changed. However, this processing method also has a problem, that is, whenever an enterprise adds a host or replaces a fast Nic, it may need to change the configuration of the VLAN switch, this may be a little troublesome. In addition, this work method also affects the efficiency of VLAN switches. Each time a vswitch communicates, it needs to determine which VLAN the MAC address of the packet belongs and whether the packet can be forwarded, the efficiency is lower.

2. Virtual LAN based on user name and password. This mainly depends on the user's login network user name and password to determine which LAN should belong. However, this processing method is usually used in special occasions. For the sake of information security, put a special file server, such as this server that only allows access by specific users, in a virtual LAN. In this case, if other users need to access this server, they need to first use the user name and password to access this network. If the user name and password are incorrect, you cannot access the network or the server.

3. Policy-based access. This access method is to combine the above methods, such as MAC addresses, IP addresses, protocols, etc. You can set a large number of parameters to divide the virtual LAN according to certain rules. For example, if a host has different network access protocols, it can be divided into different virtual LAN. This processing method is generally not frequently used in enterprise networks. This processing method greatly reduces the processing performance of the VPC switch. in practical applications, enterprises generally do not need such complex control. He is mainly used for high security requirements, such as banks and enterprises. In general enterprises, if you use this processing method, you will feel a little helpful.

Ii. Selection of operation methods

Generally, you can configure a virtual LAN in two ways: Command Line-based and graphical. Each of these two processing methods has its own advantages. If you use the command line to manage the virtual LAN, the management efficiency is relatively high, because the command line-based management mode, the command execution efficiency is relatively high. Therefore, common LAN management experts like to use command lines instead of graphical interfaces.

The other is a WEB-based graphic management interface. This management method is obviously intuitive, but you need to enable some services on the VLAN switch. This is not safe for vswitches and is vulnerable to viruses or Trojans. Therefore, it is unwise to adopt this management mode in terms of security. However, this processing method is simple and intuitive, so it is quite popular with new users. When purchasing a VLAN switch, the network administrator must select an appropriate processing method based on the actual situation and select VLAN switches that support this processing method, otherwise, the stone will be lifted and the foot will be broken.

Iii. communication problems with virtual LAN

Sometimes, we may not only manage the virtual LAN on one vswitch, but also manage the virtual LAN in three vswitches or even more switch environments. That is to say, when the number of users is large, the same virtual LAN may be distributed across multiple LAN switches. For example, the administrative department is connected to vswitch A, while the production department is connected to vswitch B. But what if the administrative department and Production Department belong to the same virtual LAN? Therefore, when we purchase a vswitch, if we need to manage the virtual LAN on the VLAN switch, we need to consider whether this situation exists. If such a requirement exists, it is necessary to consider whether a VLAN switch supports the management of a VLAN that spans the switch?

In addition, sometimes different virtual LAN also needs to communicate. For example, although the R & D department belongs to an independent LAN, sometimes it also needs to access personnel notices on the computer of the Administrative Department. How can this be managed? This is a one-way access. That is to say, the Administrative Department cannot access the network of the R & D department, while the R & D department needs to access the network of the administrative department. If the two are randomly accessed, you can directly connect them through the vro to solve the problem. However, restricted access is required. Therefore, this poses a new challenge to the management of Virtual LAN. Generally, we can achieve this through the access control list of the vro. Alternatively, we can use network design to cleverly prevent computer locations and achieve this.