连网技术与网络管理2023-04-22

vlan是data link layer中比较重要的一个协议？

VLAN (Virtual Local Area Network) is a logical grouping of devices on a network based on their functions, project teams, or applications. It enables network administrators to partition a physical LAN into multiple logical networks, each with its own broadcast domain.

At the data link layer, VLANs are implemented by adding a VLAN tag to each Ethernet frame as it passes through the network. This tag identifies which VLAN the frame belongs to and helps to keep the frames from different VLANs separate. VLAN tags are added and removed by network switches as they forward the frames between different VLANs.

Layer 3 switches, also known as multilayer switches, combine the functions of a traditional layer 2 switch with those of a layer 3 router. In addition to switching frames based on their MAC addresses at layer 2, they can also perform routing based on their IP addresses at layer 3. This allows layer 3 switches to provide inter-VLAN routing, which enables communication between VLANs that are connected to the same switch.

Layer 3 switches can also support other advanced features, such as Quality of Service (QoS), access control lists (ACLs), and multicast routing, which make them suitable for use in large enterprise networks.

 

When a switch receives a frame, it checks the destination MAC address of the frame and looks up the MAC address in its MAC address table to determine the outgoing interface for the frame. If the MAC address is not found in the table, the switch will flood the frame out all interfaces except for the interface it was received on. This is because the switch doesn't know which interface is connected to the destination device and needs to send the frame to all interfaces in the same VLAN.

When the destination device receives the frame, it sends an acknowledgement back to the source device, allowing the switch to learn the MAC address of the destination device and update its MAC address table accordingly. If the switch already knows the MAC address of the destination device, it forwards the frame directly to the appropriate interface without flooding.

Overall, the switch forwards frames within the same VLAN and filters frames between different VLANs based on the configured VLAN membership and VLAN interfaces. This helps to reduce unnecessary traffic and optimize network performance.

 

There are three types of forwarding methods used by switches:

1. Store-and-Forward存储转发: In this method, the switch stores the entire incoming frame in its buffer and checks for errors before forwarding it to the outgoing port. If the frame contains errors, it is discarded. This method provides the highest level of error checking and is therefore the slowest method of forwarding frames.

2. Cut-Through快速转发: In this method, the switch forwards the frame as soon as it has read the destination MAC address. This method provides lower latency but provides no error checking and can potentially forward corrupted frames.

3. Fragment-Free碎片隔离(分段过滤): This method is similar to cut-through, but the switch reads the first 64 bytes of the frame to check for collisions before forwarding. This provides a compromise between speed and error checking, as it only checks for errors in the first 64 bytes of the frame where most collisions occur.

 

网络层次模型

In a hierarchical network design, there are typically three layers of network, which are the core, distribution, and access layers.

1. Access Layer: This layer is the first layer that connects end-user devices to the network. It is responsible for providing access to the network and controlling the flow of traffic between end devices and the network. The access layer is also where VLANs are usually implemented to group devices into logical networks.

2. Distribution Layer: This layer is responsible for routing and filtering traffic between different access layer switches and also connects them to the core layer. The distribution layer typically implements policies for network traffic, such as Quality of Service (QoS) policies, access control lists (ACLs), and policy-based routing (PBR).

3. Core Layer: This layer is the backbone of the network and is responsible for the high-speed and reliable transport of data between different distribution layer switches. The core layer does not perform any packet manipulation or filtering and is designed for maximum uptime and high-speed data transport. Redundancy and load-balancing are typically implemented at the core layer to ensure network availability and performance.

 

交换机的网络可以包含多个交换机，每个交换机通常连接多个主机和其他交换机。在这样的网络中，所有的交换机和主机都处于同一个广播域内，这意味着当有一个广播帧发送到网络时，所有的交换机和主机都会接收到这个帧，包括不需要这个帧的设备，从而导致网络拥塞。

另外，交换机需要维护一个庞大的MAC地址表，来确定每个MAC地址所对应的端口。当一个主机发送一个帧到网络时，交换机会在MAC地址表中查找该帧的目标MAC地址，并将该帧转发到该地址所对应的端口。如果MAC地址表很大，交换机的性能可能会受到影响。

此外，交换机也存在一些安全性隐患。由于交换机是一种透明的设备，攻击者可以通过欺骗交换机来获取网络流量，进行拦截、分析和修改等攻击。因此，对于交换机的安全性，需要采取相应的措施，如使用VLAN、端口安全等来保护网络安全。

 

VLAN (Virtual Local Area Network) is a logical grouping of network devices, computers, servers, or other network resources, regardless of their physical locations. A VLAN allows you to segment a network at the data link layer (layer 2) based on logical instead of physical connections. This means that devices that are not physically located on the same LAN can be grouped together as if they were on the same LAN.

The primary reason for introducing VLANs in a network is to increase network flexibility and scalability. VLANs can be used to group devices based on department, function, or security requirements. This allows network administrators to better manage network traffic, improve network performance, and enhance network security. By using VLANs, network administrators can create virtual workgroups that operate as if they are connected to the same physical switch, even if they are located on different switches or different physical locations.

VLANs also enable network administrators to control network broadcast traffic. By segmenting a network into smaller broadcast domains, the overall amount of broadcast traffic can be reduced, which can help to improve network performance. Additionally, VLANs can be used to isolate traffic, improving network security by preventing unauthorized access to sensitive information.

 

冲突域是指当多个设备在同一物理介质上进行数据传输时可能会发生冲突的区域。当两个设备同时发送数据帧到同一个物理链路上时，数据帧会发生碰撞，从而导致数据损坏，这种情况就是冲突。在以太网中，冲突域通常是指一组连接在同一个集线器上的设备。因为集线器是物理层设备，它只是简单地将收到的帧广播到所有其他端口上，而不会根据目的MAC地址过滤帧，因此所有连接到同一个集线器上的设备都处于同一个冲突域中。

广播域是指一个设备向网络上发送一个广播帧时，这个广播帧能够到达的所有设备的集合。当一个设备发送一个广播帧时，该帧会被交换机转发到所有连接到该交换机上的端口上，然后传递到整个局域网上的所有设备。因此，一个广播帧可以到达广播域内的所有设备。

交换机可以将网络划分成多个虚拟局域网（VLAN），每个VLAN都是一个逻辑上的独立网络，各自拥有独立的广播域。交换机在转发数据帧时，只会将数据帧转发到与目的MAC地址相应的端口上，而不是像集线器那样将数据帧广播到所有端口上。因此，交换机可以分割冲突域，但不能分割广播域。因为交换机需要将广播帧转发到整个VLAN上的所有设备，而无法根据目的MAC地址过滤帧。因此，所有同一VLAN的设备仍然处于同一个广播域中。

 

If a device belongs to two VLANs, it means that the device has network connectivity to both VLANs and can communicate with devices in both VLANs. However, the device must have two network interfaces, one for each VLAN, or it must be connected to a switch port that is configured to allow traffic from both VLANs.

For example, if a device has two network interfaces, one configured for VLAN 10 and the other for VLAN 20, the device can communicate with devices in both VLANs. Alternatively, if the device is connected to a switch port that is configured as a trunk port and allows traffic from both VLAN 10 and VLAN 20, the device can also communicate with devices in both VLANs.

It's important to note that devices in different VLANs cannot communicate with each other unless there is a router or Layer 3 switch that connects the VLANs and allows for inter-VLAN routing.

 

交换机划分vlan

en

conf t

conf terminal

vlan 10

exit

vlan 20

exit

interface f0/1

switchport mode access

switchport access vlan 10

exit

 

There are several types of VLANs, including:

1. Port-based VLANs: These VLANs are based on the physical ports of a switch. Each port is assigned to a specific VLAN, and all devices connected to that port are members of that VLAN.

2. MAC-based VLANs: These VLANs are based on the MAC addresses of the devices connected to the switch. Each device is assigned to a specific VLAN based on its MAC address.

3. Protocol-based VLANs: These VLANs are based on the type of protocol being used by the devices. For example, all devices using VoIP may be assigned to a specific VLAN.

4. VLANs based on IP subnet: These VLANs are based on IP subnets. All devices in a particular IP subnet are assigned to a specific VLAN.  这个是在3层划分的，但是阻挡不了2层的广播

It is not possible for a device to belong to two VLANs simultaneously, as each port on the switch can only be a member of a single VLAN at any given time. However, a device can communicate with devices on other VLANs through the use of a router or a Layer 3 switch that is configured with inter-VLAN routing.

 

 

switch mode trunk?

Ethernet 802.1Q is a protocol used for Virtual LAN (VLAN) tagging in Ethernet networks. It allows multiple VLANs to be carried over a single physical Ethernet network by adding a VLAN tag to the Ethernet frame. The VLAN tag is inserted into the Ethernet frame header, and it contains a VLAN ID (VID) that identifies the VLAN to which the frame belongs.

The Ethernet 802.1Q protocol is used in switched Ethernet networks to create multiple broadcast domains by dividing a single physical network into multiple logical networks. This helps to improve network performance and security by isolating traffic between different VLANs.

The VLAN tag added by Ethernet 802.1Q is a 4-byte field that contains a 12-bit VLAN ID, a 3-bit priority field, and a 1-bit Canonical Format Indicator (CFI) field. The VLAN ID allows up to 4,096 different VLANs to be defined on a network, while the priority field allows traffic to be prioritized based on QoS requirements.

Ethernet 802.1Q is supported by most modern Ethernet switches and routers, and it is widely used in enterprise networks to implement VLANs.

 

VLAN tag is an additional header added to an Ethernet frame to identify the VLAN to which the frame belongs. The VLAN tag contains a 4-byte field, known as the Tag Control Information (TCI), which includes a 12-bit VLAN ID field that identifies the VLAN to which the frame belongs. The VLAN tag is added to the Ethernet frame when it enters a trunk port of a switch and is removed when it leaves the trunk port on the other end.

The VLAN tag allows for the segregation of network traffic into different VLANs on the same physical network infrastructure. By adding the VLAN tag to Ethernet frames, switches can identify which VLAN the frame belongs to and forward it to the appropriate ports. This allows for more efficient network management and can improve network security by preventing unauthorized access to sensitive data in other VLANs.

VLAN (Virtual Local Area Network) protocol is a standard that enables multiple VLANs to exist within a single physical network. It is defined in the IEEE 802.1Q standard and works by adding a tag to Ethernet frames, indicating which VLAN the frame belongs to.

The VLAN protocol is used to create virtual LANs that allow network administrators to segment a network into smaller broadcast domains for better traffic management and security. By assigning devices to specific VLANs, network administrators can control traffic flows, improve network performance, and limit access to sensitive resources.

VLAN protocol works at Layer 2 of the OSI model and enables switches to handle traffic from multiple VLANs over a single physical link. It is widely used in enterprise networks and can be implemented in both wired and wireless networks.