From this partitioning approach itself, we can see that the advantage of this partitioning method is that it is very simple to define a VLAN member, as long as all the ports are defined as the corresponding VLAN group. Suitable for any size network. The downside is that if a user leaves the original port and has a port on a new switch, it must be redefined. This type allows a network user to automatically retain the membership of the VLAN to which it belongs when it moves from one physical location to another.
From this partitioning mechanism, it can be seen that the biggest advantage of this VLAN division is that when the user moves physically, that is, from one switch to another, the VLAN does not need to be reconfigured because it is based on the user Not a switch-based port. The disadvantage of this method is that all users must be configured, if there are hundreds or even thousands of users, the configuration is very tired, so this division method is usually applied to the small local area network.
And this division of the method also led to the efficiency of the switch to reduce the implementation of each switch port may exist in many VLAN group members, save a lot of users MAC address, the query is not easy. In addition, for the use of laptop users, their network card may often be replaced, so VLAN must always be configured. This is very attractive for network administrators who want to organize users for specific applications and services.
Moreover, the user can move freely within the network, but its VLAN membership remains the same. The advantage of this approach is that the physical location of the user has changed, there is no need to reconfigure the VLAN to which it belongs, and the VLAN can be divided according to the protocol type, which is important for the network manager, and this method does not require additional Frame tag to identify the VLAN, which can reduce the network traffic.
The disadvantage of this method is inefficient because checking the network layer address of each packet is the need to consume processing time as opposed to the previous two methods , the general switch chip can automatically check the packet on the network Ethernet Head, but let the chip can check the IP header, need a higher technology, but also more time-consuming. Of course, this is related to the implementation of various vendors. This method of partitioning extends the VLAN to the WAN, so this method has more flexibility, and it is easy to expand through the router, which is mainly suitable for LAN users not in the same geographical area to form a VLAN, not suitable for local area network, mainly efficiency is not high.
Network management personnel according to their own management model and the needs of the unit to decide which type of VLAN to choose. Any new technology to be widely supported and applied, there must be some key advantages, VLAN technology is the same, its advantages are mainly reflected in the following aspects:.
With VLAN technology, you can combine different locations, different networks, and different users to form a virtual network environment, just as convenient, flexible, and effective as using a local LAN.
VLANs can reduce the overhead of moving or changing the location of workstations, especially if some companies with frequent changes in business situations use VLANs, and this part of the management costs are significantly reduced. VLANs can provide a mechanism for building firewalls to prevent the excessive broadcast of switched networks. Similarly, adjacent ports do not receive broadcasts from other VLANs.
This can reduce the broadcast traffic, the release of bandwidth to the user application, reduce the production of broadcasting. Because a VLAN is a separate broadcast domain, VLANs are isolated from each other, which greatly improves the utilization of the network and ensures the security and security of the network.
People often send some confidential, critical data on the LAN. Confidential data should provide security means such as access control. An effective and easy way to do this is to segment the network into several different broadcast groups, which limit the number of users in the VLAN and prohibit unauthorized access to applications in the VLAN. Exchange ports can be grouped based on application type and access privileges, and restricted applications and resources are typically placed in a secure VLAN.
In order to give you real configuration examples of learning opportunities, the following to a typical medium-sized LAN VLAN configuration as an example to introduce the most commonly used by the port division VLAN configuration method. A company has about computers, the main use of the network sector: the Ministry of Production 20 , the Ministry of Finance 15 , the Ministry of Personnel 8 and the information center 12 four parts.
The basic structure of the network is that the whole network backbone adopts three Catalyst network management switches named: Switch1, Switch2, and Switch3 respectively. The switches are connected to several hubs according to their needs. The users are mainly distributed in four parts, namely: production department, finance department, information center and personnel department.
The main part of the four users to separate VLAN, to ensure that the corresponding departments of network resources are not stolen or destroyed. After the connection is successful, the main configuration interface the configuration of the basic information has been completed before the switch. CLI session with the switch is open. To end the CLI session, enter [Exit ]. In this case, enter the privileged mode prompt configured by the switch:. Step 4: For security and convenience, we give the three Catalyst switches a name, and set the privilege mode login password.
The following is only described as Switch1 example. The configuration code is as follows:. There must be at least one VTP server in a domain. This is because the Catalyst is more powerful than the Catalyst , and therefore is better able to handle the server capabilities.
Note: The trunk mode can be This section provides information you can use to confirm that your configuration is working properly. Certain show commands are supported by the Cisco CLI Analyzer registered customers only , which allows you to view an analysis of show command output.
This is troubleshooting information relevant to this configuration. Complete these steps in order to troubleshoot trunking between the switches. Note: Steps 1 and 2 can be verified if you issue the show vtp domain command.
If there is a mismatch of results in any of the steps, VTP trunking does not work. Skip to content Skip to search Skip to footer. Available Languages. Download Options. Updated: July 13, Contents Introduction. Catalyst EN with software version Enterprise V9. Background Theory The Catalyst runs two versions of images, namely the Standard and Enterprise editions. Configure In this section, you are presented with the information to configure the features described in this document.
To end the CLI session, enter [Exit]. Configurations The basic steps of this configuration are as follows: Configure the VTP domain name and mode such as one of the switches should at least be operating in the VTP server and the other in VTP client mode.
Issue the appropriate show commands to verify the trunking operation. This document uses the configurations shown below: Catalyst Catalyst EN Catalyst Cat enable show config This command shows non-default configurations only. Use 'show config all' to show both default and non-default configurations. Note that this is!
There are three VTP modes supported:! CatEN config vtp client!
0コメント