Vlan division methods include: 1. Division based on port; 2. Division based on MAC address; 3. Division based on network layer protocol; 4. Division based on IP multicast; 5. Division based on policy; 6. Division based on user Definition, non-user authorization division.
#The operating environment of this article: Windows 7 system, Dell G3 computer.
Vlan division methods are:
1. VLAN based on port division
This is the most commonly used VLAN division method, and the application is also It is the most widespread and effective. Currently, most VLAN protocol switches provide this VLAN configuration method. This method of dividing VLAN is based on the switching ports of the Ethernet switch. It divides the physical ports on the VLAN switch and the PVC (permanent virtual circuit) ports inside the VLAN switch into several groups, and each group forms a virtual network, equivalent to an independent VLAN switch.
When different departments need to visit each other, they can be forwarded through routers and combined with port filtering based on MAC addresses. Set a passable MAC address set on the corresponding port of the switch, routing switch or router closest to the site on the access path to the site. This prevents illegal intruders from stealing IP addresses from within and intruding from other accessible points.
We can see from this division method itself that the advantage of this division method is that it is very simple to define VLAN members, as long as all ports are defined as corresponding VLAN groups. Suitable for any size network. Its disadvantage is that if a user leaves the original port and arrives at a certain port of a new switch, it must be redefined.
2. VLAN division based on MAC address
This method of dividing VLAN is based on the MAC address of each host, that is, each host with a MAC address is configured with which group it belongs to. , the mechanism it implements is that each network card corresponds to a unique MAC address, and the VLAN switch tracks the address belonging to the VLAN MAC. This type of VLAN allows network users to automatically retain their membership in the VLAN as they move from one physical location to another.
It can be seen from this division mechanism that the biggest advantage of this VLAN division method is that when the user's physical location moves, that is, when changing from one switch to another switch, the VLAN does not need to be reconfigured, because It is user based, not switch port based. The disadvantage of this method is that all users must be configured during initialization. If there are hundreds or even thousands of users, the configuration is very tiring, so this division method is usually suitable for small LANs. Moreover, this method of division also leads to a reduction in the efficiency of the switch, because there may be many members of the VLAN group on each switch port, and the MAC addresses of many users are stored, making it difficult to query. In addition, for users who use laptop computers, their network cards may be changed frequently, so VLAN must be configured frequently.
3. VLAN classification based on network layer protocols
VLANs are divided according to network layer protocols and can be divided into VLAN networks such as IP, IPX, DECnet, AppleTalk, and Banyan. This VLAN composed of network layer protocols enables the broadcast domain to span multiple VLAN switches. This is very attractive for network administrators who want to organize users for specific applications and services. Furthermore, users can move freely within the network but their VLAN membership remains unchanged.
The advantage of this method is that when the user's physical location changes, there is no need to reconfigure the VLAN to which it belongs, and VLANs can be divided according to protocol types, which is very important for network managers. Also, this This method does not require additional frame tags to identify VLANs, which can reduce network traffic. The disadvantage of this method is low efficiency, because checking the network layer address of each data packet requires processing time (compared to the previous two methods). General switch chips can automatically check the Ethernet frame of data packets on the network. header, but allowing the chip to check the IP frame header requires higher technology and is more time-consuming. Of course, this is related to the implementation methods of each manufacturer.
4. Divide VLANs based on IP multicast
IP multicast is actually a definition of VLAN, that is, an IP multicast group is considered to be a VLAN. This method of division extends the VLAN to the WAN, so this method has greater flexibility and is easy to expand through routers. It is mainly suitable for LAN users who are not in the same geographical range to form a VLAN. It is not suitable for LAN. It's not efficient.
5. Divide VLANs based on policies
VLANs based on policies can implement a variety of allocation methods, including VLAN switch ports, MAC addresses, IP addresses, network layer protocols, etc. Network managers can decide which type of VLAN to choose based on their own management mode and the needs of their unit.
6. Divide VLAN based on user definition and non-user authorization
Dividing VLAN based on user definition and non-user authorization means that in order to adapt to special VLAN networks, it is based on the special needs of specific network users. It is required to define and design VLAN, and allows non-VLAN group users to access the VLAN, but they need to provide the user password and can join a VLAN only after being authenticated by the VLAN management.
Related video recommendations: PHP programming from entry to proficiency
The above is the detailed content of What are the methods for dividing vlan?. For more information, please follow other related articles on the PHP Chinese website!