Before VLAN:
→ Network
Security is bad.
→ Network
efficiency is low. (unnecessary packets → wasting bandwidth and CPU
resources)
→ Service
expanded capability is bad. (e.g. It can't forward Ethernet frame
used for network management with higher priority.
VLAN Tag: +4-byte.
(IEEE 802.1Q)
| DA | SA | +TAG |
TYPE | DATA | FCS |
[6B] [6B] [4B]
[2B] [64-1500B] [4B]
|– TPID (Tag
Protocol Identified): fixed value 2-byte (802.1Q tag: 0x8100)
|– TCI (Tag
Control Information): 2-byte. {
→ Priority:
3bits. [0-7] → to provide differential forwarding service.
→ CFI
(Canonical Format Indicator): 1bit. [token ring/FDDI media access]
→ VLAN ID:
12bits. [0-4095] → it can control the forwarding of Ethernet frame
Implement VLAN in
the following way :
→ Based on port:
Port VLAN ID (PVID) / port default VLAN configured on every port. If
an untagged frame is received, the VLAN ID will be PVID.
→ Based on MAC:
mapping relation between MAC and VLAN ID. If an untagged frame is
received, VLAN ID will be added according to the mapping relation
table.
→ Based on
protocol: mapping relation between protocol filed of the Ethernet
frame and VLAN ID. If an untagged frame is received, VLAN ID will be
added according to the mapping relation table.
→ Based on
subnet: add VLAN ID according to IP address information in packet.
Priority order from
high to low: subnet → protocol → MAC → port. Based on port is
common method.
Ports of switch
divided into three types:
→ Access :
only permit VLAN ID to pass the port, the VLAN ID is the same with
PVID of the port; if the frame received from peer device is untagged,
the switch will add PVID to the frame by force; the frame sent by
Access port is always untagged frame; the default port of switches
are access, PVID is 1 by default. VLAN 1 is created by system and can
not be deleted.
→ Trunk :
VLAN ID can be the same with PVID and also can be different; if (
VLAN ID != exist in permitted list ) { discarded; else if { VLAN ID
== PVID {sent to another device after removing away the tag (*PVID
each port is unique); else if ( VLAN ID != PVID ) {forwarded without
modification}}}
→ Hybrid :
if (VLAN tag == none) {same function with access port; else if (not
(!) configure untagged VLAN) {trunk;} }
[ e0/1]port
link-type hybrid [ e0/2]port link-type hybrid [ e0/24]port
link-type hybrid
[ ]port hybrid
pvid vlan 2 [ ]port hybrid pvid vlan 3 [ ]port hybrid pvid vlan
99
[ ]port hybrid
vlan 2 untagged [ ]port hybrid vlan 3 untagged [ ]port hyb vlan 2
to 3 untagg
[ ]port hybrid
vlan 99 untagged [ ]port hybrid vlan 99 untagged
GVRP (GARP VLAN
Registration Protocol) → create VLAN automatically
[]gvrp
[]int e0/1
[ ]port link-type
trunk
[ ]port trunk
permit vlan all
[ ]gvrp
Tidak ada komentar:
Komentar baru tidak diizinkan.