I m a newbie, what should I do about VLAN division? 5

There are two ways to create a VLAN, and there are two modes to assign an interface to a VLAN.

Create a VLAN, using 3550 as an example.

enshow vlan brief

By default, a switch has five VLANs, which cannot be modified or deleted.

By default, all ports belong to VLAN1.

vlan database

vlan 2 name wolf

vlan 3 name cisco

If you use a VLAN database to create a VLAN, save it.

exitexit means to save, abort means not to save.

show vlan brief

Some switches support this configuration, and some switches don't.

enshow vlan brief

conf t

vlan 4

name cisco

If you use do sh vlan brief, you will not see vlan 4 because it has not been saved to the database by default.

Divide the port. int fa0/1

sw mo acc

sw acc vl 2

If the 3550 switch is connected to a PC, you can use a command.

Another partition is based on the VMPS server, which is based on MAC addresses.

VMPS includes a database that maps MAC addresses to VLAN assignments. When a frame arrives at a dynamic port, the switch queries the VMPS based on the source address of the frame to obtain the VLAN assignment.

How vmps works:

- When VMPS is started, the switch first starts a database of MAC address-VLAN mappings from a pre-specified TFTP server, and then opens a UDP process to listen for and process requests from the client.

When VMPS receives a valid request from a client, check whether there is a mapping record between the MAC address and the VLAN in the database. If so, send the corresponding VLAN to the client switch. If not, and the vmps is in non-secure mode, the client simply denies access to the host; If there is no mapping record of the MAC address, but the VMPS is in safe mode, the broken port connecting to the MAC address on the client switch is closed, and the only way to reopen the MAC address is to perform manual operations.

- The user can configure a default VLAN to which it will be assigned if there is no record of the MAC in the database. Users can also use the none keyword to explicitly specify that a MAC cannot belong to a certain VLAN

VMPS also provides some policies to make VMPS configuration more flexible. These policies include port-groups and vlan-groups

A subnet-based VLAN determines the VLAN to which a port belongs based on the IP address of the connected computer. Even if the MAC address of the computer changes due to a change of network card or other reasons, as long as its IP address remains the same, it can still join the original VLAN.

A VLAN is a broadcast domain, and the two broadcast domains are connected by a router, and the data packets between the broadcast domains are relayed by the router. Therefore, routers are also required to provide relay services for inter-VLAN communication.

In summary, the biggest advantage of using VLANs is that they control broadcast storms, isolate broadcasts, improve overall network security, and make network management simple.

The purpose of VLAN partitioning:

1. Save resources, there are many broadcasts in a broadcasting domain, etc., and now in the broadcasting domain, all hosts do not need to use a broadcast to deal with it.

2. Security, after isolating the broadcast domain, you can carry out policies on different VLANs, such as financial VLANs do not give engineering and project VLAN access, if it is a broadcast domain, it is more difficult to do, in addition, for example, ARP gateway deception is to use itself as a gateway to free ARP out, if the VLAN is divided, it can only affect the host in a small broadcast domain.

3. Easy to manage, the company's employees can be classified, such as finance, projects, sales, and later stages, and it is easy to do strategies and assign permissions after classification, such as finance can be on the external network, and 10m broadband can be given to the external network in the later stage, and the second project can be given 20m external network bandwidth.

1. Based on port division.

This method specifies which VLAN each port belongs to in the circle, which is simple, but when there are many hosts, the repetitive workload is large, and when the host port changes, you need to change the VLAN to which the port belongs at the same time.

2. Partition based on MAC address.

It is divided according to the MAC address of the host NIC (each NIC has a unique MAC address in the world). Check and record the MAC address of the NIC to which the port belongs to determine the valn to which the port belongs.

3. Divide based on IP address.

Any host belonging to the same IP broadcast group is considered to belong to the same VLAN, which has good flexibility and scalability, and can easily expand the network through routers, but it is not suitable for LAN and is not efficient.

VLAN stands for virtual

localarea

The abbreviation of network, Chinese name"Virtual LAN"VLAN is a data exchange technology that logically divides (noting, not physically) local area network (LAN) devices into network segments (or smaller LAN LANs) to realize virtual workgroups (units).

VLAN is an emerging technology that is mainly used in switches and routers, but the mainstream application is still in switches. However, not all switches have this feature, and only Layer 3 and above switches have this feature.

There are three main benefits of VLAN:

1) Separation of ports. Even on the same switch, ports in different VLANs cannot communicate. Such a physical switch can be used as multiple logical switches.

2) Network security. Different VLANs cannot communicate directly, which eliminates the insecurity of broadcast information.

3) Flexible management. You don't need to change the port and connection to change the network to which the user belongs, you can just change the software configuration.

The emergence of VLAN technology enables administrators to logically divide different users in the same physical LAN into different broadcast domains according to actual application requirements, and each VLAN contains a group of computer workstations with the same requirements, which has the same attributes as the physical LAN. Since it is logically divided rather than physically, workstations in the same VLAN are not restricted to the same physical range, that is, they can be in different physical areas.

LAN CIDR block.

According to the characteristics of VLAN, the broadcast and unicast traffic within one VLAN will not be transferred to other VLANs, which helps to control traffic, reduce equipment investment, simplify network management, and improve network security.

In addition to the advantages of dividing the network into multiple broadcast domains, so as to effectively control the occurrence of broadcast storms and make the topology of the network more flexible, VLAN can also be used to control the mutual communication between different departments and different sites in the network.

The Chinese name of VLAN (virtuallocalareanetwork) is"Virtual LAN"。A virtual local area network (VLAN) is a logical set of devices and users that are not limited by physical location, but can be organized according to factors such as function, department, and application, and communicate with each other as if they were in the same network segment.

Introduction to VLANs.

VLAN is a relatively new technology that works on Layer 2 and Layer 3 of the OSI reference model, a VLAN is a broadcast domain, and the communication between VLANs is done through Layer 3 routers. Compared with traditional LAN technology, VLAN technology is more flexible, and it has the following advantages: the management overhead of moving, adding, and modifying network devices is reduced; It is possible to control broadcasting activities; It can improve the security of the network.

In a computer network, a layer 2 network can be divided into a number of different broadcast domains, one of which corresponds to a specific group of users, and these different broadcast domains are isolated from each other by default. To communicate between different broadcast domains, one or more routers need to be passed. Such a destruction is like a broadcast domain, which is called a VLAN.

We often see the term VLAN when we use computers, so what exactly does it mean?

Meaning of VLAN

A VLAN is a virtual local area network.

It means that the sites in the network are not tied to their physical location and can flexibly join different logical subnets as needed.

is a network technology in .

In a virtual LAN based on switched Ethernet, VLAN technology can be used in switched Ethernet.

Divide a physical network connected by switches into logical subnets. That is, the broadcast packets sent by the stations in a virtual LAN will only be sent to the sites that belong to the same VLAN.

Virtual LAN

In roll-over cavity exchanger Ethernet, each site can belong to a different virtual LAN. The sites that make up a virtual LAN are not tied to their physical location, they can be attached to the same switch or to different switches. Virtual LAN technology enables the topology of the network.

It becomes very flexible, such as users on different floors or users in different departments can join different virtual LANs as needed.

To sum up, VLAN is a virtual local area network, which is a network technology in which sites in the network are not limited to their physical location, but can flexibly join different logical subnets as needed. Do you understand?