What is a VLAN: one VLAN is across multiple physical LANs Network Segmentthe logicBroadcast Domain, people design VLANs to Workstationsprovides separate broadcast domains that are logically segmented based on their capabilities, project groups, or applications regardless of their user's physical location.
avlan=a broadcast domain=Logical Network Segment
VLANThe advantages and installation features:
VLANThe advantages of:
·security. AVLANthe broadcast frames in the radio will not spread to otherVLANthe.
·Network segmentation. Dividing a physical network segment into logical segments as needed
·flexibility. Swap ports and connected user logic can be divided into interest groups, such as the staff of the same department, the project team, and many other user groups to segment.
TypicalVLANthe installation features:
·each logical network segment is like a separate physical network segment
· VLANability to span multiple switches
·by the trunk (Trunk) for multipleVLANCarrying Traffic
VLANHow to operate:
·Each of the configuration on the switchVLANcan perform address learning, forwarding/filter and eliminate the loop mechanism, just like a separate physical bridge. VLANmay include several ports
·The switch forwards the data to the same port as the originatingVLANThe destination port implementationVLAN.
·usually a port only carries the one it belongs toVLANtraffic.
VLANthe member mode:
Static: The port assigned to the VLAN is configured statically (manually) by the administrator.
Dynamic: Dynamic VLANs can be based on MAC address, IP Address recognition of their membership. When using MAC addresses, the usual way is with the VLAN Membership Policy server ( Vmps) supports dynamic VLANs. Vmpsincludes a database that maps MAC addresses to VLAN allocations. When a frame arrives at a dynamic port, the switch queries the vmps based on the source address of the frame toobtain the appropriate VLAN allocation.
Note: Although VLAN is divided on the switch, but the switch is a Layer two network device, a single network with a switch can not be VLAN The solution to this problem is to use a three-tier network device - routers. Routers can forward packets between different VLANs as if they were connected to a few real physical segments. This is what we call inter-VLAN routing.
The purpose of the VLAN: VLAN(Virtual Local Area Network, a virtual local area network) is much more purpose. By understandingVLAN, you will be able to see where it is useful.
first, know that both 192.168.1.2/30 and 192.168.2.6/30 belong to different network segments and must be passed RoutersIn order to access, all the different network segments to each other to access, must pass through the router.
Second,VLANessentially refers to a network segment, which is called a virtual local area network because it is a network segment created under the interface of a virtual router.
below, give instructions. For example, a router has only one port for the terminal connection (which is unlikely to happen, but simplifies the example), and the port is assigned the 192.168.1.1/24 address. However, since the company has two departments, a sales department, a planning department, each department requires to become a separate subnet, with a separate server. Then of course can be divided into 192.168.1.0--127/25,192.168.1.128--255/25. However, the physical port of the router should only be assigned a IP Address , then how to distinguish between different network segments? This allows the creation of two sub-interfaces --- the logical interface implementation under this physical port.
like logical interfaces .f0/0.1on distributionIPAddress192.168.1.1/25, for the sales department, andf0/0.2on distributionIPAddress192.168.1.129/25for the planning department. This is equivalent to the use of a physical port to achieve the two logical interface functions, so that the original can only be divided into a network segment of the case, extended to a can be divided2one or more network segments. These network segments are called virtual LANs because they are created under a logical interface .VLAN.
This is explained at the router levelVLANthe purpose.
Thirdly, it will be inSwitchThe purpose of the VLAN is elaborated on the level .
in reality, different network segments must be divided for many reasons. For example, only the sales department and the planning Department of two network segments. Then you can simply put all the sales department into a switch, and then access a port on the router, the Planning department all access to a switch, and then access a router port. This situation isLAN.However, as mentioned above, if the router is a terminal interface, then the two switches must be connected to the same router interface, this time, if you want to maintain the original network segment, then you must use the router's sub-interface, createVLAN.
Similarly, for example, two switches, if you want the ports on each switch belong to a different network segment, then you have a few network segments, you can provide a number of router interface, this time, although the router on the physical interface to define which network segment can be connected to the interface, but at the level of the switch, It is not able to distinguish which port belongs to which network segment, then the only way to realize the distinction is to divideVLAN, using theVLANyou can tell which network segment the terminal of a switch port belongs to.
In summary , when at least one port in all ports on a switch belongs to a different network segment, when a physical port of the router is connected2one or more of the network segments, it isVLANplay a role when this isVLANthe purpose.
Self-summarization of VLAN concepts and functions