A virtual network is a virtual workgroup established throughout the network through network switching devices. The virtual network is logically equal to the second layer of the OSI model and has nothing to do with the specific physical network and geographical location. Virtual workgroups can contain departments and workgroups in different locations without having to physically reconfigure any ports, truly enabling network users to be independent of their physical location. Virtual network technology divides traditional broadcast domains into individual sub-broadcast domains as needed, limiting broadcasting to virtual working groups. Due to the reduction of broadcast domains, the proportion of broadcast packet consumption bandwidth in the network is greatly reduced, and the network performance is significantly improved. Let’s take a look at the following diagram. Figure 1 shows that departments of the same nature in two floors are divided into a VLAN, so that accounting data will not be broadcasted to market machines, nor will there be data conflicts with market machines. Therefore, VLAN effectively divides the conflict domain and the broadcast domain.
We can define VLANs on one port of the switch, all terminals connected to this particular port are part of the virtual network, and the entire network can support multiple VLANs. VLANs minimize unnecessary data traffic by establishing network firewalls, isolate transmission between various VLANs and possible problems, greatly increasing network throughput and reducing network latency. In a virtual network environment, communication between users in the same physical network segment can be controlled by dividing different virtual networks. This effectively realizes data confidentiality and is not troublesome to configure. Network administrators can logically reconfigure the network, quickly, simply and effectively balance load traffic, and easily increase, delete and modify users without physically adjusting the network configuration. Since VLAN has so many advantages, why don’t we understand it and apply VLAN technology to our real network management? OK Let's see how to configure VLAN on a switch by using the actual example of configuring a static VLAN on a Catalyst 1900 switch.
Two VLANs on Catalyst 1900
After setting up the hyper terminal and connecting to the 1900 switch (refer to the "1900 Series Ethernet Switch Quick Start Guide" or other CISCO reference materials), the following main configuration interface will appear:
-------------------------------------------------
1 user(s) now active on Management Console.
User Interface Menu
[M] Menus
[K] Command Line
[I] IP Configuration
Enter Selection:
Let’s briefly introduce three options here. [M] Menus is the main menu, mainly the initial configuration of the switch and monitoring the switch’s health. [K] Command Line is a command line, just like using commands in a router to configure and monitor a router, mainly operates through commands. [I] IP Configuration is an option to configure IP address, subnet mask, and default network management. This is the first time you connect to the switch to display the interface. If you have configured IP Configuration, you will not have this option when you log in next time. Because the configuration with commands is concise and clear, we use [K] Command Line to implement VLAN configuration.
After setting up the hyper terminal and connecting to the 1900 switch (refer to the "1900 Series Ethernet Switch Quick Start Guide" or other CISCO reference materials), the following main configuration interface will appear:
-------------------------------------------------
1 user(s) now active on Management Console.
User Interface Menu
[M] Menus
[K] Command Line
[I] IP Configuration
Enter Selection:
Let’s briefly introduce three options here. [M] Menus is the main menu, mainly the initial configuration of the switch and monitoring the switch’s health. [K] Command Line is a command line, just like using commands in a router to configure and monitor a router, mainly operates through commands. [I] IP Configuration is an option to configure IP address, subnet mask, and default network management. This is the first time you connect to the switch to display the interface. If you have configured IP Configuration, you will not have this option when you log in next time. Because the configuration with commands is concise and clear, we use [K] Command Line to implement VLAN configuration.
We select [K] Command Line and enter the command line configuration
Enter Selection:K Enter
CLI session with the switch is open.
To end the CLI session,enter [Exit ].
>
Now we have entered the normal user mode of the switch. Just like a router, this mode can only view the current configuration, cannot change the configuration, and the commands that can be used are very limited. We enter enable and enter privileged mode:
>enable
#config t
Enter configuration commands,one per with CNTL/Z
(config)#
For security and convenience, we give this switch a name and set a login password.
(config)#hostname 1900Switch
1900Switch(config)# enable password level 15 goodwork
1900Switch(config)#
Note: The password must be 4-8 digit characters. The settings of the switch password are slightly different from those of the router. The switch uses the level size to determine the permissions of the password. Level 1 is the password to enter the command line interface. That is to say, after setting the password of level 1, you will be asked to enter the password next time you connect to the switch and enter K, and this password is the password set by level 1. level 15 is the privileged mode password you enter after entering the enable command. In the router, enable password and enable sketch are used to distinguish this.
OK, we have set the name and password so it is safe enough, let's set up the VLAN. The VLAN setting is divided into the following 2 steps:
1. Set VLAN name
2. Apply to port
Let's set the name of the VLAN first. Use vlan vlan number name vlan name vlan name. Configure in privileged configuration mode:
1900Switch (config)#vlan 2 name accounting
1900Switch (config)#vlan 3 name marketing
We have newly configured 2 VLANs, why does the VLAN number start from 2? This is because by default, all ports are not placed on VLAN 1, so configuration starts from 2. The 1900 series switches can be configured with up to 1024 VLANs, but only 64 can work at the same time. Of course, this is theoretically, we should plan the VLAN number according to the actual needs of our network. After configuring the VLAN name, we need to enter each port to set up the VLAN. In a switch, to enter a certain port, such as the fourth port, you need to use interface Ethernet 0/4. OK, combined with the figure given above, we make ports 2, 3, 4 and 5 belong to VLAN2, and ports 17--22 belong to VLAN3. The command is vlan-membership static/ dynamic VLAN number. One of the static or dynamic ones must be selected, followed by the VLAN number you just configured. OK, let's see the results:
1900Switch(config)#interface ethernet 0/2
1900Switch(config-if)#vlan-membership static 2
1900Switch(config-if)#int e0/3
1900Switch(config-if)#vlan-membership static 2
1900Switch(config-if)#int e0/4
1900Switch(config-if)#vlan-membership static 2
[1][2] Next page
Article entry: csh Editor in charge: csh
1900Switch(config-if)#int e0/5
1900Switch(config-if)#vlan-membership static 2
1900Switch(config-if)#int e0/17
1900Switch(config-if)#vlan-membership static 3
。。。。。。
1900Switch(config-if)#int e0/22
1900Switch(config-if)#vlan-membership static 3
1900Switch(config-if)#
OK, we have defined all VLANs to the switch ports. Here, we are just static configurations, and we will mention them later on the dynamic configuration. So far, we have configured the switch's VLAN. How about it, it's not as complicated as you think :). To verify our configuration, we use the show vlan command in privileged mode. The output is as follows:
1900Switch(config)#show vlan
VLAN Name Status Ports
--------------------------------------
1 default Enabled 1,6-16,22-24,AUI,A,B
2 acconting Enabled 2-5
3 marketing Enabled 17-22
1002 fddi-default Suspended
1003 token-ring-defau Suspended
1004 fddinet-default Suspended
1005 trnet-default Suspended
This is a 24-port switch, with AUI and two 100 megaports (A, B). It can be seen that our setup is working normally. What, do you still need to save the running configuration? Of course, no need to do it. The switch is saved automatically in real time, so we don’t need to use commands to save the settings. Of course, you can also use the show vlan vlan command to view a VLAN, such as show vlan 2 and show vlan 3. You can also use show vlan-membership. The change command mainly shows which VLAN each port on the switch belongs to.
The above is the process of configuring static VLANs to the switch. Let’s take a look at dynamic VLANs. The formation of dynamic V L A N is very simple. When the port decides which V L A N it belongs to, a dynamic V L A N is formed. However, this does not mean that the layer remains unchanged. It is just a simple map, which depends on the database created by the network administrator. After the port assigned to dynamic V LAN is activated, the switch caches the source M A C address of the initial frame. Then, the switch issues a request to an external server called VMPS (V LAN Management Policy Server). V MPS contains a text file that contains the M A C address for V LAN mapping. The switch downloads the file and then verifies the MA C address in the file. If the M A C address is found in the file list, the switch assigns the port to V L A N in the list. If there is no M A C address in the list, the switch assigns the port to the default V L A N (assuming that the default V L A N has been defined). If there is no M A C address in the list and no default V L A N is defined, the port will not be activated. This is a very good way to maintain network security. On the surface, dynamic V L A N has a great advantage, but it also has the fatal drawback that creating a database is a very hard and tedious task. If there are thousands of workstations on the network, there is a lot of input work to do. Even if someone is competent for the job, there are still many problems related to dynamic V L A N. In addition, keeping the database up to date is also a very time-consuming task at any time. Therefore, it is not often used, so we will not explain it in detail here. You can refer to the relevant CISCO documentation.
This is not as complicated as you think. We have configured VLANs, so another part of VLAN that cannot be ignored is the early planning of the network. That is to say, which machines are in a VLAN, how to allocate their respective IP addresses, subnet masks, and the issues of communication between VLANs. Only when the planning is done can you save trouble easily during configuration and future maintenance.
Previous page [1][2]
Article entry: csh Editor in charge: csh