One 、VLAN Major advantages

1. Limit broadcast domain

The broadcast domain is limited to one VLAN Inside ,VLAN The broadcast traffic sent by the internal device can only be sent in this VLAN Internal communication , It saves valuable bandwidth resources , At the same time, it also improves the network performance .

2. It can flexibly set up virtual working groups

VLAN Users in can be located in different physical locations in the network , It can be connected to the switch of each access layer , It can also be connected to the convergence layer or even the core switch , Network construction is more convenient .

3. Enhance network security

Because it's different VLAN The messages in the are directly isolated at layer 2 , So although the host IP The address is in the agreed network segment , But it's different VLAN Hosts in cannot be accessed directly , Security has been enhanced .

Two 、VLAN The frame format

1.TPID： Label protocol ID

Take a fixed value 0x8100, Indicates a carry 802.1Q The frame of the tag , There can be one or more , If not 802.1Q My device received a frame like this , It will be discarded .

2.TCI： Label control information

It is divided into three parts ：

PRI： priority , Value range 0-7, The higher the value, the higher the priority , When the switch is blocked , Give priority to sending high priority data frames .

CFI： Standard format indicator , Express MAC Whether the address is encapsulated in a standard format .CFI take 0 when ,MAC The address is packaged in standard format （ Low pass first ）, take 1 when , Package in non-standard format （ High pass first ）. Used to distinguish Ethernet frames 、FDDI Frame and token ring frame .

VLAN ID：VLAN identifier , Value range 0-4095 The bit , however 0 and 4095 In the agreement, it is reserved as VLAN ID, Cannot be assigned to a user .

VLAN Frame kind of data The field length range is unchanged , Still 46-1500 Bytes , It can be explained that VLAN Frames are longer than normal Ethernet frames ,VLAN Frame kind of type The field is fixed to 0x8100 Representative for IEEE802.1Q tag frame , If you don't support IEEE 802.1Q My device received a frame like this , It will be discarded .

3. Form of Ethernet frame

It is generally divided into marked frames （taggde), It is the addition of one or more 4 byte VLAN The frame of the tag , Unlabeled frames （untagged) frame , It's primitive 、 Not joined 4 byte VLAN The frame of the tag . The types of frames transmitted in common devices are as follows ：

（1） User host 、 The server 、Hub、 Fool switch （ Unmanageable switch ） Only send and receive untagged frame

（2） Switch and AP（WLAN access controller ） Both sending and receiving tagged frame , Can also send and receive untagged frame

（3） The voice terminal can send and receive one at the same time tagged Frames and a untagged frame .

In order to improve processing efficiency , In support of VLAN All the data frames processed inside the switch are tagged frame .

3、 ... and 、 Switch port type

There are three types of ports ：access、trunk、hybrid. All three switching ports involve an important concept ——PVID（port VLAN ID, port VLAN ID）

The frame received by the switch from the opposite end device may be untagged Data frame of , But all Ethernet frames in the switch are tagged Is handled in the form of forwarded , Therefore, the switch must give the port the untagged The data frame is marked with tag.

The network personnel must configure the default for the switch VLAN ID, In order to receive untagged Data frame , The switch can add default VLAN ID Of VLAN tag. This default VLAN ID Namely PVID, That is, by default, the VLAN.

1.access port

This port is generally used for unrecognized tag User terminal （ host 、 The server ） And network devices （ Fool switch 、 Hub, etc ） Connected to a , because access Data frame sent by port , Always without VLAN Labeled . in addition ,access The port is allowed to carry only one specified VLAN The label frame of passes , That is, a access Only one port can be added VLAN, This VLAN ID It's the time to access Port of PVID.

access Type port can be used for connection between switches , Implement two different VLAN（ But it must be in the same IP Network segment ） Direct layer 2 interworking of , But only two can be realized at most VLAN Direct exchange of visits between , And these two VLAN It must be on different network segments .

2.Trunk Type port

Trunk Ports are generally used to connect switches 、 Router 、AP, And can send and receive at the same time tagged The frame and untagged Frame voice terminal ,Trunk Ports allow multiple VLAN Frame band in tag adopt , But only in frames tag Field value and port PVID same VLAN The frame in is removed when it is sent from the port of this type VLAN label .

① stay trunk Type port ,PVID Only if you receive frames without labels , Or send with PVID same VLAN The frame of the tag works , In other cases, do not consider PVID.

②trunk By default, ports only allow VLAN 1 Through the frame of , Because the default PVID by VLAN 1, So send VLAN 1 Frames in without labels .

3.Hybrid Type port

Hybrid Ports can be thought of as access and trunk A mixture of ports , Because it allows the port to send one or more VLAN Remove the label when the frame in , It also allows the port to send one or more VLAN When the frame in the VLAN label , therefore Hybrid Type port can be connected but not recognized VLAN Tag user terminals and network devices , It can also be used to connect switches 、 Router 、AP And can send and receive at the same time VLAN Frames and without labels VLAN Tag the frame of the voice terminal .

 ① stay Hybrid Port type ,PVID Works only when a frame without a label is received , Ports are not considered in other cases PVID.

 ②Hybrid By default, ports only allow VLAN 1 Through the frame of , And send VLAN 1 The frame in is sent without label .

 ③ stay Hybrid Port , Whether data frames will be sent without labels PVID irrelevant , It needs to be specified by hand .

3、 ... and 、VLAN The way of division

1. Port based partitioning

Method ： According to the Ethernet port LAN Divide

somewhat ： Simple configuration , Is the most commonly used

shortcoming : inflexible , When VLAN When the member interface in changes, it needs to be reconfigured VLAN

scene ： Any network , But the network location should be fixed

2. be based on MAC Address partition

Method ： According to the source of the data frame MAC Add address division VALN, Pre configured MAC Address and VLAN ID Mapping table of , According to the mapping table, the corresponding... Is added to the frame VLAN ID, Then the data frame is specified VLAN Transmission of .

advantage ： Users do not need to re divide the physical location VLAN, It improves the security and flexibility of end users

shortcoming ： Big workload

scene ： A small network that often moves its location but does not often change its network card

3. Based on subnet partition

Method ： According to the source in the data frame IP Address and subnet mask division VLAN, Pre configured IP Address and VLAN ID The mapping relation of , Add the corresponding... In the frame according to the mapping table VLAN ID, Then the data frame is in the specified VLAN Transmission of

advantage ： The physical location changes only need to be reconfigured VLAN, Can reduce network traffic , Make the broadcast domain span multiple switches

shortcoming ： Regular distribution of users , And multiple users are in the same network segment

scene ： Highly mobile and easy to manage

4. Based on protocol partition VLAN

Method ： According to the protocol of the data frame （ family ） Type and packaging format VLAN, Configure the Ethernet frame in advance “ agreement ” Fields and “VLAN ID” Field mapping table , If the switch receives untagged frame , According to the mapping table, the corresponding... Is added to the frame VLAN ID, Then the data frame will be specified in VLAN Transmission of .

advantage ： Easy to maintain and manage .

shortcoming ： All the protocol types and VLAN ID Initial configuration of the mapping relationship table ; It is necessary to analyze the formats of various protocols and convert them accordingly , This will consume too many resources of the switch .

scene ： A network running multiple protocols at the same time .

5. Based on Policy Division VLAN

Method ： It can realize multiple combination planning methods , Including the interface ,MAC Address ,IP Address, etc , The network administrator configures the policy in advance , If you receive untagged frame , And match the configuration policy , Then the data frame is added with the specified VLAN Of tag, Then the data frame will be specified in VLAN Transmission of .

advantage ： High safety , Users can't change IP Address and MAC Address ; The network administrator can choose the division method according to his own management mode or needs .

shortcoming ： Each policy should be configured manually , stay VLAN The workload is heavy when there are many .

scene ： It is applicable to the environment with complex requirements .