November 22, 2023

Detailed step by step explanation of VLAN basics and VLAN separation, easy to understand, easy to understand at a glance!

ForewordHi, I'm Mr. Lin, basics of VLAN are explained and detailed steps of VLAN separation are easy to understand. Let's take a look at knowledge together! TextVLAN concept

In Chinese, VLAN (virtual local area network) is called "virtual local area network".

A virtual local area network (VLAN) is a group of logical devices and users. These devices and users are not limited by physical location. They can be organized by function, department, and application. They appear to be on same network segment, hence name VLAN.

Because switch port has two types of VLAN attributes, one is VLANID, other is VLANTAG, respectively corresponding to VLAN to set VLAN tag in data packet and data packet VLANTAG (tag) which is allowed to be transmitted. , different VLANID ports can transmit VLANTAG mutual resolution, build VLAN.

1. VLAN Basics

Detailed step by step explanation of VLAN basics and VLAN separation, easy to understand, easy to understand at a glance!

Communication between users in same VLAN is same as in LAN. Broadcast in same VLAN can only be heard by VLAN members and will not be transmitted to other VLANs, thereby controlling unnecessary generation. broadcast storms. At same time, without routing, different VLANs cannot communicate with each other, thereby increasing information security between different workgroups. Network administrators can fully control exchange of information between different workgroups in network by configuring routing between VLANs.

Detailed step by step explanation of VLAN basics and VLAN separation, easy to understand, easy to understand at a glance!

1. Specifications

(1) Port separation. Even on same switch, ports in different VLANs cannot communicate. Such a physical switch can be used as multiple logical switches.

(2) Network security. Different VLANs cannot communicate directly, which prevents broadcast information from being insecure.

(3) Flexible control. There is no need to change port and connection to change network to which user belongs, but only to change software configuration.

2, TAG and UNTAG

Port-based VLAN, which is most commonly used VLAN partitioning method, is most widely used and most efficient. Currently, most VLAN protocol switches support this VLAN configuration method. This VLAN separation method is based on switching ports of an Ethernet switch. It divides physical ports on VLAN switch and PVC (Permanent Virtual Circuit) ports inside VLAN switch into several groups. The group forms a virtual network, which is equivalent to an independent VLAN switch.

The IEEE released IEEE Std 802.1Q standard in 1999, which governs implementation of VLANs. The IEEE 802.1Q protocol standard defines VLAN tag field for various LAN network structures. In various network structures, connected devices can identify VLANs by common data characteristics.

For common Ethernet network models, there are two main types of packet encapsulation formats, namely Ethernet type II and 802.2/802.3 type. For encapsulation formats of these two Ethernet packets, IEEE 802.1Q protocol standard defines a VLAN tag after Destination MAC Address (DA) and Source MAC Address (SA) in data frame header to identify information related to the VLAN.

Detailed step by step explanation of VLAN basics and VLAN separation, easy to understand, easy to understand at a glance!
Detailed step by step explanation of VLAN basics and VLAN separation, easy to understand, easy to understand at a glance!

3. Port link type

When different departments need to visit each other, they can go through router and interact with port filtering based on MAC addresses. On corresponding port of switch, routing switch, or router closest to site in path of specific site, set set of MAC addresses that it can traverse. In this way, possibility of IP addresses being stolen by unauthorized intruders from inside and intrusion from other access points can be prevented.

Ethernet port has 3 link types: Access, Trunk, Shared

Access type ports can only belong to 1 VLAN and are typically used to connect computer ports;

Trunking ports can pass multiple VLANs, can receive and send multiple VLAN messages, and are typically used for connections between switches;

General ports can pass through multiple VLANs, can receive and send multiple VLAN packets, and can also be used for connections between switches or for connecting user computers.

The public port and trunk port have same processing principles when receiving data, only difference is in sending data: public port allows you to send multiple untagged VLAN packets, while trunk port allows only default VLAN. packages are not marked when sent.

Default VLAN (PVID):

An access port belongs to only 1 VLAN, so its default VLAN is VLAN it is located in without configuration;

The public port and trunk port belong to multiple VLANs, so you need to set a default VLAN ID. The default for hybrid ports and trunk ports is VLAN 1.

If a default VLAN ID is set for a port, when port receives a message without a VLAN tag, it will send message to port that belongs to default VLAN; when a port sends a message with a VLAN tag, if message's VLAN ID matches port's default VLAN ID, system will remove VLAN tag from packet before sending packet.

Switch interface data processing:

Get access port message: get a message to determine if there is VLAN information: if not, note PVID of port and exchange, if there is, discard it directly (default) Send via access port Message: remove VLAN information from message and send it directly

True Port Received Message: Receive message, evaluate if VLAN information exists: if not, note port PVID and exchange, if present, evaluate if VLAN ID is in range. barrel inside if within reach, otherwise discard

Messageabout sending a trunk port. Compare PVID of port with VLAN information in sent message. If they match, remove VLAN information and submit it. If not, send it directly

Generic Port Received Message: Receive a message, evaluate VLAN information: if not, note port's PVID and exchange. If yes, evaluate if common port allows VLAN data: if so, discard otherwise (untagged configuration on port is currently out of question, and untagged configuration only works when sending packets)

Common port for sending messages:

1) Determine if VLAN is on this port

2) If it is not a tag, remove VLAN information and send it; if it's a tag, send it directly.

Detailed step by step explanation of VLAN basics and VLAN separation, easy to understand, easy to understand at a glance!

Second, how to separate VLANs

Take TP-LINK SL3226 as an example, requirement is a wireless network in a school dormitory, there is an access switch on a certain floor to manage second layer network with 20 panel access points. The network access is required, management address is 192.168.200.110. Management VLAN - 4000, Port VLAN - 110, Main switch cascade VLAN - 204. Controller management VLAN - 1000

Introduction: TP-LINK SL3226 is a 24-port 100M switch, and two 25.26 upstream ports are gigabit ports.

1. Log in to management interface of switch (configure network cable of computer and temporarily connect it to port 24)

Detailed step by step explanation of VLAN basics and VLAN separation, easy to understand, easy to understand at a glance!
Detailed step by step explanation of VLAN basics and VLAN separation, easy to understand, easy to understand at a glance!

Select a VLAN

Detailed step by step explanation of VLAN basics and VLAN separation, easy to understand, easy to understand at a glance!
Detailed step by step explanation of VLAN basics and VLAN separation, easy to understand, easy to understand at a glance!
Detailed step by step explanation of VLAN basics and VLAN separation, easy to understand, easy to understand at a glance!
Detailed step by step explanation of VLAN basics and VLAN separation, easy to understand, easy to understand at a glance!
Detailed step by step explanation of VLAN basics and VLAN separation, easy to understand, easy to understand at a glance!

New VLAN204 port 25-26 TAG export rules

Detailed step by step explanation of VLAN basics and VLAN separation, easy to understand, easy to understand at a glance!

Create a new network VLAN1000, port 1-26, export rule is TAG

Detailed step by step explanation of VLAN basics and VLAN separation, easy to understand, easy to understand at a glance!

New VLAN4000 Port 24-26 Exit Rule 24 - UNTAG, 25-26 - TAG

Detailed step by step explanation of VLAN basics and VLAN separation, easy to understand, easy to understand at a glance!

Configure VLAN as shown below

Detailed step by step explanation of VLAN basics and VLAN separation, easy to understand, easy to understand at a glance!

4. Set up PVID

Change the default VLAN for ports 1-23 to 110

Detailed step by step explanation of VLAN basics and VLAN separation, easy to understand, easy to understand at a glance!

Change the default VLAN on port 24 to 4000

Detailed step by step explanation of VLAN basics and VLAN separation, easy to understand, easy to understand at a glance!

After changing, connect a network cable to port 25 or 26 for configuration, and management IP address will remain unchanged

After changing port 24, log in as shown

Detailed step by step explanation of VLAN basics and VLAN separation, easy to understand, easy to understand at a glance!

5. Change management VLAN number and management IP address

System Configuration>Management IP Address. Change management VLAN to 4000 and change management IP address to 192.168.200.110

Detailed step by step explanation of VLAN basics and VLAN separation, easy to understand, easy to understand at a glance!

Computer loses connection after changing it, changing computer's IP address to 192.168.200.* and connecting a network cable to port 24

Detailed step by step explanation of VLAN basics and VLAN separation, easy to understand, easy to understand at a glance!

6. Save configuration

Enter 192.168.200.110 to enter switch management interface again, select save configuration menu, and select save configuration to configure layer 2 access switch.

Detailed step by step explanation of VLAN basics and VLAN separation, easy to understand, easy to understand at a glance!

If you would like to restore factory configuration, you can do so in System Management > System Tools > Software Reset.

Detailed step by step explanation of VLAN basics and VLAN separation, easy to understand, easy to understand at a glance!

The above refers to VLAN separation method and is for reference only!

Related