What is VLAN?
VLAN, also called virtual local area network, is a group of logical devices and users. These devices and users are not limited by physical location. They can be organized according to factors such as functions, departments and applications, and communicate with each other as if they were in the same network segment. Because the ethernet switch port has two VLAN attributes, one is VLANID, and the other is VLANTAG, which correspond to the VLAN to set the VLAN tag for the data packet and the allowed VLANTAG (tag) data packets. Different VLANID ports, can construct VLANs by allowing each other VLANTAG. VLAN is a relatively new technology and works on the second and third layers of the OSI reference model. A VLAN is not necessarily a broadcast domain, and the communication between VLANs does not necessarily require a routing gateway. VLANs with different access control attributes can of course be achieved through Layer 3 routers. However, with the permission of VLANID and VLANTAG, VLANs can integrate system architecture, logical topology and access control for almost any information in the local area network, and achieve non-disturbing sharing with other information systems that share physical network links.
Simply put, the communication between users in the same VLAN is the same as in a local area network. The broadcast in the same VLAN can only be heard by members of the VLAN, and will not be transmitted to other VLANs. It is to control generation of unnecessary broadcast storms. At the same time, if there is no routing, different VLANs cannot communicate with each other, thereby improving the information security between different working groups. Network administrators can comprehensively manage information exchange between different workgroups within the network by configuring routes between VLANs.
If there are hundreds of hosts in a local area network, once a broadcast storm occurs, the entire network may be paralyzed. Therefore, the broadcast domain is divided by vlan, so that the broadcast is limited to each vlan, and will not spread across VLANs. Hosts between different VLANs cannot access each other without Layer 3 routing, thus achieving isolation. This is also for security reasons.
VLAN role
Restricting the broadcast domain: The broadcast domain is restricted to a VLAN, which saves bandwidth and improves network processing capability.
Enhanced LAN security: Packets in different VLANs are isolated from each other during transmission, that is, users in one VLAN cannot communicate directly with users in other VLANs.
Improve the health of the network: the fault is limited to one VLAN, and the fault in this VLAN will not affect the normal work of other VLANs.
Flexible construction of virtual work groups: VLANs can be used to divide different users into different work groups, and users in the same work group do not need to be limited to a fixed physical range, making network construction and maintenance more convenient and flexible.
The VLAN division under the Layer 3 switch has already achieved isolation and cannot communicate. The role of VLAN is to isolate the collision domain and the broadcast domain. So, how to divide different VLANs on the same ethernet switch?There are mainly the following methods:
How do Ethernet switches divide VLANs?
1. VLAN is divided by port
This is the most commonly used VLAN division method, and it is also the most widely used and most effective. At present, most ethernet switches of VLAN protocol provide this VLAN configuration method. This method of dividing VLAN is divided according to the switch port of the Ethernet switch. It divides the physical port on the VLAN switch and the PVC (permanent virtual circuit) port inside the VLAN switch into several groups, and each group constitutes a virtual circuit. It is equivalent to an independent VLAN switch. When different departments need to access each other, they can be forwarded through routers and cooperated with port filtering based on MAC addresses.
2. VLAN is divided by MAC address
This method of dividing VLANs is based on the MAC address of each host, that is, the host with each MAC address is configured to which group it belongs to. The mechanism it implements is that each network card corresponds to a unique MAC address, and the VLAN switch tracks the address belonging to the VLAN MAC.
VLANs in this way allow network users to automatically retain their membership in the VLAN to which they belong as they move from one physical location to another.
3. VLANs are divided by network protocols
Divide VLANs according to the network layer address or protocol type of each host, and divide hosts running the same protocol into the same vlan, which is suitable for WAN.
4. VLANs are divided by IP multicast
IP multicast is actually a definition of VLAN, that is, an IP multicast group is considered to be a VLAN. This division method expands VLAN to WAN, so this method has more flexibility, and it is also easy to expand through routers. It is mainly suitable for LAN users who are not in the same geographical range to form a VLAN. This method is not efficient.
5. VLANs are divided by policies
Policy-based VLANs can implement multiple allocation methods, including VLAN switch ports, MAC addresses, IP addresses, and network layer protocols.Network m anagers can decide which type of VLAN to choose according to their own management mode and the needs of the unit.
6. VLANs are divided by user definition and non-user authorization.
The VLAN division based on user definition and non-user authorization means that in order to adapt to a special VLAN network, VLANs are defined and designed according to the special requirements of specific network users, and users from non-VLAN groups can access the VLAN, but a user password needs to be provided. You can join a VLAN only after obtaining the authentication of VLAN management.
How to communicate between VLANs?
A VLAN is a broadcast domain. The two broadcast domains are connected by routers, and the data packets between the broadcast domains are relayed by routers.Therefore, the communication between VLANs also requires routers to provide relay services. For routing between VLANs, you can use a common router or a Layer 3 switch .
To sum up, in addition to dividing the network into multiple broadcast domains, VLAN in ethernet switch can effectively control the occurrence of broadcast storms and make the network topology very flexible. It can also be used to control different departments, Mutual access between different sites.
Contact: sales
Phone: 18688787693
E-mail: sales@hsindustrialswitch.com
Add: Room 608, Building B,GaoXinQi TEC Park,Baoan District, ShenZhen,China