How to configure and apply VLAN to network switch?
The VLAN configuration and application for network switch.
- VLAN
1) Introduction:
Ethernet is a data network communication technology based on CSMA/CD (Carrier Sense Multiple Access/Collision Detection) shared communication medium. When the number of hosts is large, problems such as serious conflicts, flooding of broadcasts, significant performance degradation, and even network unavailability will occur. Although LAN interconnection through switches can solve the problem of serious conflicts, it still cannot isolate broadcast messages and improve network quality.
In this case, VLAN technology emerged. This technology can divide a LAN into multiple logical VLANs. Each VLAN is a broadcast domain. The communication between hosts in a VLAN is the same as within a LAN, and the communication between VLANs is Otherwise, they cannot directly communicate with each other. In this way, broadcast packets are limited to one VLAN.
2) Advantages:
Restrict broadcast domain: The broadcast domain is restricted to a VLAN, which saves bandwidth and improves network processing capabilities.
Enhance the security of the LAN: Packets in different VLANs are isolated from each other during transmission, that is, users in one VLAN cannot communicate directly with users in other VLANs.
Improved network robustness: faults are limited to one VLAN, and faults in this VLAN will not affect the normal operation of other VLANs.
Flexible construction of virtual workgroups: VLAN can be used to divide different users into different workgroups. Users in the same workgroup do not have to be limited to a fixed physical range, making network construction and maintenance more convenient and flexible.
2. VLAN data frame
1) Definition:
To enable the device to distinguish packets from different VLANs, a field identifying VLAN information needs to be added to the packets. The IEEE 802.1Q protocol stipulates that a 4-byte VLAN tag (also called VLAN Tag, referred to as Tag) is added after the destination MAC address and source MAC address fields of the Ethernet data frame and before the protocol type field to identify VLAN information.
2) Introduction to data frames:
The meaning of each field of VLAN tag
|
Field |
Length |
Meaning |
Value |
|
TPID |
2Byte |
Tag Protocol Identifier (tag protocol identifier), indicating the data frame type. |
Indicates the frame type. When the value is 0x8100, it indicates the IEEE 802.1Q VLAN data frame. If a device that does not support 802.1Q receives such a frame, it will discard it.Each equipment manufacturer can customize the value of this field. When the neighbor device configures the TPID value to be other than 0x8100, in order to be able to identify such packets and achieve interoperability, the TPID value must be modified on the local device to ensure that it is consistent with the TPID value configuration of the neighbor device. |
|
PRI |
3bit |
Priority, indicating the 802.1p priority of the data frame. |
The value range is 0~7. The larger the value, the higher the priority. When the network is blocked, the device sends data frames with higher priority first. |
|
CFI |
1bit |
Canonical Format Indicator (standard format indicator bit) indicates whether the MAC address is encapsulated in a standard format in different transmission media and is used to be compatible with Ethernet and Token Ring networks. |
A CFI value of 0 indicates that the MAC address is encapsulated in a standard format, and a value of 1 indicates that the MAC address is encapsulated in a non-standard format. In Ethernet, the value of CFI is 0. |
|
VID |
12bit |
VLAN ID indicates the number of the VLAN to which the data frame belongs. |
The value range of VLAN ID is 0~4095. Since 0 and 4095 are reserved values for the protocol, the valid value range of VLAN ID is 1 to 4094. |
3)Status of data frame:
Labeled data frame:
– A frame with a 4-byte VLAN tag added.
Unlabeled dataframe:
– Raw, untagged frame without 4-byte VLAN tag added
3. Mode of VLAN definition
1)Link types
Access link
The access link can only carry data frames of one VLAN and is used to connect devices and user terminals (such as user hosts, servers, etc.). Normally, user terminals do not need to know which VLAN they belong to, nor can they identify tagged frames, so the frames transmitted on the access link are all untagged frames.
Arterial link
Trunk links can carry data frames from multiple different VLANs and are used for interconnection between devices. In order to ensure that other network devices can correctly identify the VLAN information in the data frame, all data frames transmitted on the trunk link must be tagged.
2)Interface types
Access interface
The Access interface is generally used to connect to user terminals that cannot recognize Tags (such as user hosts, servers, etc.), or when there is no need to distinguish between different VLAN members. It can only send and receive Untagged frames, and can only add unique VLAN tags to Untagged frames.
Trunk interface
Trunk interfaces are generally used to connect switches, routers, APs, and voice terminals that can send and receive tagged frames and untagged frames at the same time. It allows frames from multiple VLANs to pass through with tags, but only allows frames from one VLAN to be sent out from this type of interface without tags (that is, stripping the tags).
Hybrid interface
The Hybrid interface can be used to connect user terminals (such as user hosts, servers, etc.) and network devices (such as Hub) that cannot recognize Tags. It can also be used to connect switches, routers, and voice terminals that can send and receive Tagged frames and Untagged frames at the same time. AP. It can allow frames of multiple VLANs to pass through with tags, and allows frames sent from this type of interface to be configured with frames of some VLANs with tags (i.e. without stripping tags) and frames of some VLANs without tags (i.e. stripping tags) as needed. except Tag).
4.Adding and removing VLAN tags
1)Processing of adding and removing VLAN tags on Access interface
2)Adding and removing VLAN tags on trunk interface
3)Adding and removing VLAN tags on Hybrid interface
5. How different types of interfaces process data frames
| Interface | Process of receiving packet without tags | Process of receiving packet with tags | Send frame processing process |
| Access | Receive the message and add the default VLAN ID. | – When the VLAN ID is the same as the default VLAN ID, the packet is received. – When the VLAN ID is different from the default VLAN ID, the packet is discarded. | Remove the PVID Tag of the frame first and then send it. |
| Trunk | – Mark the default VLAN ID and receive the packet when the default VLAN ID is in the list of allowed VLAN IDs. – Mark the default VLAN ID. When the default VLAN ID is not in the list of allowed VLAN IDs, the packet is discarded. | – When the VLAN ID is in the list of VLAN IDs allowed to pass through the interface, the packet is received. – When the VLAN ID is not in the list of VLAN IDs allowed to pass through the interface, the packet is discarded. | – When the VLAN ID is the same as the default VLAN ID and is a VLAN ID allowed to pass through the interface, remove the tag and send the message. – When the VLAN ID is different from the default VLAN ID and is a VLAN ID allowed to pass through the interface, keep the original tag and send the message. |
| Hybrid | – Mark the default VLAN ID, and receive the packet when the default VLAN ID is in the list of allowed VLAN IDs. – Mark the default VLAN ID. When the default VLAN ID is not in the list of allowed VLAN IDs, discard the packet. | – When the VLAN ID is in the list of VLAN IDs allowed to pass through the interface, the packet is received. – When the VLAN ID is not in the list of VLAN IDs allowed to pass through the interface, the packet is discarded. | This packet is sent when the VLAN ID is the VLAN ID allowed to pass through the interface. You can use commands to set whether to carry Tag when sending. |
EN 
AR 
FR 
DE 
ES 
KO 
RU