November 29, 2023
ForewordHi everyone, I'm Mr. Lin, how do I select a switch? How to determine network structure for project? As one of most used devices in our work, switch must be aware of its choice. TextThere are always such doubts in execution of a project, because parameters determine budget of project, and widely used campus network technologies are also diverse.
Let's learn more about how to select a radio button in a project? Which will be faster and more convenient to use to set up a campus network, many new and old network workers often face this problem in their work, and many newbies are also prone to confusion.
Switch selection mainly includes six aspects: network scale and hierarchy, ports and number of switches, port options, switch function support, and backplane bandwidth; today I will mainly talk about scale and hierarchy of network.
The scale of network and application layer of switch are taken into account, which are mainly divided into small and medium-sized networks, as well as large and medium-sized networks.
How to plan a network hierarchy:
The network structure determines which hardware to use. Some small networks only have a basic layer and an access layer, so choosing a basic switch is relatively easy, and load is small, such as some small monitoring network, only in internal network, then choose a layer 2 switch. In a large-scale network, if it is difficult to coordinate and distribute only access layer and base layer, a three-layer structure is required: base layer, aggregation layer, and access layer. The aggregation layer is used to share load on main switch. Related to vlan partitioning, network management, and other functions.
I guess everyone has experience of splitting VLANs at work, so have you ever wondered how to split 4094 VLANs (the VLAN ID field is 12 bits, 4096 in total, of which vlan0 and vlan4095 protocols are reserved and not can be configured by users) VLANs can be separated? Which method is easy to use and simple?
VLAN implementation methods on switches can be roughly divided into six categories:
1. Port based VLAN
This is most commonly used VLAN separation method, most widely used, and most effective. Currently, most VLAN protocol switches support this method of VLAN configuration. This VLAN separation method is based on switching ports of Ethernet switch. It divides physical ports on VLAN switch and PVC (Permanent Virtual Circuit) ports inside VLAN switch into several groups, and each group forms a virtual network. network, which is equivalent to an independent VLAN switch.
When different departments need to visit each other, they can go through router and interact with port filtering based on MAC addresses. On corresponding port of switch, routing switch, or router closest to site in path of specific site, set set of MAC addresses that it can traverse. In this way, can prevent IP addresses from being stolen from inside and intrusion from other access points by illegal intruders.
You can see from this separation method itself that advantage of this method is that it is very easy to determine VLAN members if all ports are defined as corresponding VLAN groups. Suitable for any size network. The downside is that if user leaves original port and ends up on a specific port on a new switch, it needs to be redefined.
2. VLAN based on MAC address
This VLAN separation method is based on MAC address of each host, that is, it configures which group it belongs to for each host using MAC address.The mechanism it implements is that each NIC corresponds to a unique MAC -address, VLAN switch listens for addresses that belong to MAC address of VLAN. Thus, VLANs allow network users to automatically retain membership in VLAN they belong to when they move from one physical location to another.
It can be seen from this partitioning mechanism that biggest advantage of this VLAN partitioning method is that when user physically moves, that is, when switching from one switch to another, VLAN does not need to be reconfigured, because it is based on users, not switch ports. The disadvantage of this method is that all users must be configured during initialization. If there are hundreds or even thousands of users, setup is very tedious, so this division method is usually suitable for small LANs strong >. And method of this separation also led to a decrease in efficiency of switch, because they all can have a member of many VLAN groups on port of each switch, stored MAC addresses of many users, and it is quite difficult to ask. In addition, NICs of users using laptops can change frequently, so VLANs need to be configured frequently.
3. Network Layer Protocol VLAN
VLAN is divided according to network layer protocol and can be divided into VLANs such as IP, IPX, DECnet, AppleTalk, and Banyan. This type of VLAN, composed according to a network layer protocol, can make a broadcast domain span multiple VLAN switches. This is very attractive to network administrators who want to organize users for specific applications and services. In addition, users are free to roam network, but their VLAN membership remains unchanged.
"Special Training Camp for Huawei Network Workers"
May 23-25, 3 days of real fights + haberdashery
Special seat price 0.1 yuan!
More haberdashery products related to Huawei network technology, transition to online learning
Online Q&A from Xiao Ge, Network Worker Participating in Real Combat
The advantage of this method is that user's physical location changes and there is no need to reconfigure VLAN they belong to, and VLANs can be divided by protocol type, which is very important for network administrators. In addition, this method does not require additional frame tags to identify VLAN, which can reduce network traffic. The disadvantage of this method is that it is inefficient, since checking network layer address of each data packet requires processing time (compared to two previous methods), and general switch chip can automatically check Ethernet frame of data packet. online. Of course, this is due to implementation methods of various manufacturers.
4. Separate VLANs based on IP multicast
IP multicast is actually a VLAN definition, meaning an IP multicast group is considered a VLAN. This partitioning method extends VLAN to WAN, so this method is more flexible and is also easy to extend with routers. It is mainly suitable for LAN users who are not in same geographic area to form a network. VLAN is not suitable for LAN, mainly due to low efficiency.
5. Divide VLANs by policy
Policy-based VLAN can implement multiple distribution methods, including VLAN switch port, MAC address, IP address, network layer protocol, etc. Network administrators can decide which VLAN type to choose according to their management mode and device needs.
6. Separate VLANs by user definition and non-user authorization
VLAN separation based on user definition and non-user authorization refers to VLAN definition and design according to specific requirements of specific network users, in order to adapt to specific VLANs and allow users outside VLAN group to access VLAN, but it must provide user password, can join VLAN only after authentication by VLAN management.