New VLAN usage

Although VLAN is not the best network technology, this method for logical segmentation of network nodes is used by many enterprises. VLANs are configured in enterprise networks in multiple ways, including network security authentication, roaming wireless users at 802.11b access points, isolating IP voice streams, and transmitting data over networks with different protocols.

When VLAN was introduced six years ago, most VLANs were based on IEEE 802.1Q and 802.1p standards. 802.1Q is used to load VLAN user information into Ethernet frames. 802.1p enables L2 switches to prioritize traffic and implement dynamic multi-access filtering.

When VLAN was introduced, IT was regarded as a method to simplify address management. IT enables IT personnel to physically configure servers and PCs at any point in the network and add PCs to the group.

Most network device software can be used to control media access MAC addresses. addresses are associated with VLANs. When a customer moves from one port to another, they can automatically connect to the network.

VLAN applications

Recently, Houston has established networks and subnets in four 22-storey buildings, including 122 courts, law firms, and legal offices, which are ideal for VLAN building, it is easier to merge 122 private subnets into a VLAN than to insert users into a port group.

VLANs and static IP addresses can also be used for security mechanisms. All customers who work here are assigned a static IP address, which is connected to the network through the Alcatel OmniSwitch router and OmniCore 5052 backbone network switch.

This configuration allows judges and lawyers to work in different courts. This setting can control the access permissions of authorized users and restrict the access of unregistered users, thus providing security. The only way to access the network is to have an IP address, and these PCs are connected to one of the VLANs.

VLAN roaming

Bridgewater State College of mascript usetts has configured more than 100 Enterasys RoamAbout 802.11b/a wireless access points, so that students can access the Web and E-mail throughout the campus.

If wireless traffic is not isolated from its own VLAN, it will become a nightmare for mobile users who want to maintain network connections on campus. Place all wireless traffic in one VLAN to ensure that the user will not lose the line when moving from one access point to another. In fact, when the configured Enterasys Access Point on the campus is only 150 feet, this situation is very easy to happen.

Cisco and Enterasys hybrid stackable switches are used in dormitories, classrooms, and management units to connect to wireless access points. After overcoming some cross-vendor VLAN configuration problems, you can now roam anywhere on campus, whether connected to a Cisco or Enterasys switch, you can keep the connection on the same VLAN.

VLAN management

VLAN is not only applicable to security and network management, but also a useful tool for managing hybrid networks.

Some people use the SmartSwitch of Enterasys to stack switches and the SmartSwitch Router backbone network switches to create VLANs on the entire subnet. These subnets run multiple protocols. The medical database is built on a VAX minicomputer and runs on the legacy DECnet protocol. DECnet does use a large amount of broadcast traffic, which can be placed on its own VLAN. Therefore, DECnet data streams can only reach a certain network segment.

The NetWare 4.11 server runs on the network in a similar way. It only creates independent IPX VLANs for Novell servers and users, so that most networks based on IP addresses and Windows NT/2000 servers will not fall into the ocean of IPX and DECnet traffic.

Isolating VoIP traffic into VLANs has become a standard recommendation for IP phone manufacturers such as 3Com, Cisco, Alcatel, Nortel, and Avaya. All the switches and ip pbx devices of these vendors support 802.1Q technology, which isolates IP voice streams from entering their own VLANs.

Both vendors and users believe that it is very useful to maintain voice in their virtual segments. As a method to isolate voice streams, it can achieve fault diagnosis. If there is a large volume of broadcast or large file downloads, it can also ensure that the voice quality will not decline.