Vlan division methods include: 1. VLAN division based on port; 2. VLAN division based on MAC address; 3. VLAN division based on network layer protocol; 4. VLAN division based on IP multicast; 5. According to policy Divide VLAN; 6. Divide VLAN according to user definition and non-user authorization.
The operating environment of this tutorial: Windows 7 system, Dell G3 computer.
1. Port-based VLAN division
This is the most commonly used VLAN division method and is also the most widely used. , the most effective. Currently, most VLAN protocol switches provide this VLAN configuration method. This method of dividing VLAN is based on the switching ports of the Ethernet switch. It divides the physical ports on the VLAN switch and the PVC (permanent virtual circuit) ports inside the VLAN switch into several groups, and each group forms a virtual network, equivalent to an independent VLAN switch.
When different departments need to visit each other, they can be forwarded through routers and combined with port filtering based on MAC addresses. Set a passable MAC address set on the corresponding port of the switch, routing switch or router closest to the site on the access path to the site. This prevents illegal intruders from stealing IP addresses from within and intruding from other accessible points.
We can see from this division method itself that the advantage of this division method is that it is very simple to define VLAN members, as long as all ports are defined as corresponding VLAN groups. Suitable for any size network. Its disadvantage is that if a user leaves the original port and arrives at a certain port of a new switch, it must be redefined.
2. Divide VLAN based on MAC address
This method of dividing VLAN is based on the MAC address of each host, that is, for each host with a MAC address It configures which group it belongs to. The mechanism it implements is that each network card corresponds to a unique MAC address, and the VLAN switch tracks the address belonging to the VLAN MAC. This type of VLAN allows network users to automatically retain their membership in the VLAN as they move from one physical location to another.
It can be seen from this division mechanism that the biggest advantage of this VLAN division method is that when the user's physical location moves, that is, when changing from one switch to another switch, the VLAN does not need to be reconfigured, because It is user based, not switch port based.
The disadvantage of this method is that all users must be configured during initialization. If there are hundreds or even thousands of users, the configuration is very tiring, so this division method is usually suitable for small local area network.
Moreover, this method of division also leads to a reduction in the switch's execution efficiency, because there may be many members of the VLAN group on each switch port, and the MAC addresses of many users are saved, which is quite inconvenient to query. easy. In addition, for users who use laptop computers, their network cards may be changed frequently, so VLAN must be configured frequently.
3. VLAN classification based on network layer protocols
VLANs are divided according to network layer protocols and can be divided into VLAN networks such as IP, IPX, DECnet, AppleTalk, and Banyan. This VLAN composed of network layer protocols enables the broadcast domain to span multiple VLAN switches. This is very attractive for network administrators who want to organize users for specific applications and services. Furthermore, users can move freely within the network but their VLAN membership remains unchanged.
The advantage of this method is that when the user's physical location changes, there is no need to reconfigure the VLAN to which it belongs, and VLANs can be divided according to protocol types, which is very important for network managers. Also, this This method does not require additional frame tags to identify VLANs, which can reduce network traffic.
The disadvantage of this method is low efficiency, because checking the network layer address of each data packet requires processing time (compared to the previous two methods). General switch chips can automatically check the network layer address. The Ethernet frame header of the data packet, but allowing the chip to check the IP frame header requires higher technology and is more time-consuming. Of course, this is related to the implementation methods of each manufacturer.
4. Divide VLANs based on IP multicast
IP multicast is actually a definition of VLAN, that is, an IP multicast group is considered to be a VLAN. This method of division extends VLAN to the WAN, so this method has greater flexibility and is easy to expand through routers. It is mainly suitable for LAN users who are not in the same geographical range to form a VLAN, but is not suitable for LANs. It's not efficient.
5. Divide VLANs according to policies
VLANs based on policies can implement a variety of allocation methods, including VLAN switch ports, MAC addresses, IP addresses, and network layer protocols wait. Network managers can decide which type of VLAN to choose based on their own management mode and the needs of their unit.
6. Divide VLAN according to user definition and non-user authorization
Dividing VLANs based on user definition and non-user authorization means that in order to adapt to special VLAN networks, VLANs are defined and designed according to the special requirements of specific network users, and non-VLAN group users can access VLANs, but they need to provide The user password can be added to a VLAN only after being authenticated by the VLAN management.
For more computer-related knowledge, please visit the FAQ column!
The above is the detailed content of What are the methods for dividing vlan?. For more information, please follow other related articles on the PHP Chinese website!