Use a layer-3 Switch to implement VLAN management for large and medium-sized enterprises

Source: Internet
Author: User


The expansion of VLAN enterprises in large and medium-sized enterprises with layer-3 switches has led to the continuous expansion of enterprise networks, many enterprises use the method of adding computers directly to the original network to expand the network scale. As a result, the network system becomes increasingly complex and network management becomes increasingly difficult, the security index in the network is also getting lower and lower, and the utilization of network resources is also greatly reduced. How to effectively manage the network and make rational use of network resources has become the biggest challenge for enterprises. Www.2cto.com uses VLAN to divide the network system so that administrators can manage enterprise networks more conveniently, the flexible expansion capability of VLAN networks also enables enterprises to expand their networks without network confusion, the capability of VLAN networks to control broadcast storms greatly improves the performance of enterprise network resources. Moreover, VLAN networks have the features of simple management and high security. Therefore, the use of VLAN in the initial design of the network can bring great benefits to the future expansion of the network.
VLAN partitioning by routers is a cost-effective method in small and medium-sized enterprises. However, VLAN partitioning by routers seriously affects the network performance of enterprises, therefore, layer-3 switches with routing functions are widely used in VLAN networks of large and medium-sized enterprises. However, we must be clear that a VLAN network using a layer-3 Switch also requires a router. However, a router is only a connection tool between the enterprise network and the Internet. Communication between VLANs is not implemented by a router. VLAN network structure built by layer-3 switches

The biggest feature of VLAN network division is its flexibility. VLAN-based network division mainly includes static VLAN and dynamic VLAN. Static VLAN is actually a port-based VLAN, this division method is complex because the administrator needs to configure the ports of each switch. Dynamic VLAN is divided into three types: Subnet-based VLAN, MAC address-based VLAN, and user-based VLAN. These three methods have their own characteristics. Therefore, we can flexibly combine them when dividing VLAN networks. For example, mobile users may change their external wireless NICs at any time, therefore, we can divide mobile users into user-based VLANs. Some fixed users can adopt subnet-based VLAN, that is, dividing the IP address of a segment into a VLAN. Therefore, VLAN division is flexible. The first layer of the network shown is still a vro. This is because the vro itself is the only tool used to connect to the Intranet and Internet. Therefore, the vro cannot be missing, only communication routes between VLANs are not implemented in routers. However, we also need to note that large VLAN networks have high requirements on routers because of their large data transmission volumes. Therefore, we cannot simply consider that layer-3 switches do not have high requirements on routers. Therefore, we still need to choose a vro based on the size of the entire network. The second layer of www.2cto.com is a layer-3 switch, which is also the key to the entire large VLAN network. A layer-3 Switch provides two functions: routing and switching. The routing function is a key technology for inter-VLAN communication. When the first data stream enters a layer-3 switch, the layer-3 switch routes the data stream. At the same time, the layer-3 Switch generates a MAC ing table between the MAC address and IP address, the advantage of this is that after the same data flow enters the layer-3 switch, the layer-3 switch does not need to route the data flow again, this data stream can communicate with each other through a layer-3 Switch, effectively solving the network bottleneck caused by the router. A layer-3 switch is also the key to VLAN division. The Administrator only needs to configure the layer-3 Switch to complete VLAN division. Therefore, when selecting a layer-3 switch, we must make a reasonable selection based on our actual situation to ensure the normal operation of the entire VLAN network. On the third layer of the network, we select a L2 Switch. The role of a L2 Switch in a VLAN network is actually to ensure the normal operation of the entire network base layer. If the network size is very large, in this case, it is best to select a gigabit switch so that the next layer of the network can continue to connect to the switch for expansion, if the network size is not very large (at least 200 computers are connected to a layer-3 Switch), you can directly select a common switch for this layer. The bottom layer of the network is the basis of the entire network. It is also the Standard for us to determine how to divide VLAN networks. They are composed of computer terminals and servers of enterprises. Under the 400-node Enterprise Network Design Scheme www.2cto.com, We will design an enterprise VLAN network with 400 nodes. We assume that this enterprise is divided into sales department, after-sales service department, design department, Finance Department, and server area. Among them, the sales department has 20 computers, the after-sales service department has 20 computers, the finance department has 20 computers, the server area has 20 servers, and the design department has 320 computers. We can divide the entire enterprise network into six VLANs. If you feel that the computer volume in the design department is large, you can also perform VLAN partitioning on the computers in this department. Is the VLAN partition structure of the 500 node:

Again, the VLAN network must be configured on a layer-3 switch. It is a VLAN structure diagram after configuration. We can see that in the sales department, after-sales service department, and Finance Department, two-layer switches are selected for each of the three VLANs. These departments have little requirements for network bandwidth and the number of computers is small. Each VLAN has only 20, in fact, we can select a 24-port switch to implement VLAN. You can decide based on your actual situation. Due to the large number of computers in the design department, we use a Gigabit Switch and multiple common switches to implement VLAN. on the server, we also select a Gigabit Switch for connection, this is mainly because the server has very high requirements on network bandwidth. The selection of layer-3 switches and routers is also based on the actual situation.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.