Hello everyone!
Today, let's learn about VLAN.
Intra-VLAN communication
In a network consisting of multiple switches, data communication in a VLAN depends on how the switch processes the VLAN.
As shown in the preceding figure, to enable the link between SWA and SWB to support communication between users in VLAN 2 and VLAN 3, you need to configure the ports to belong to both VLANs. That is, configure GE0/0/2 on SWA and GE0/0/1 on SWB to belong to both VLAN 2 and VLAN 3.
When Host A sends data to Host B, the process of sending a data frame includes the following six steps:
1. The data frame first reaches GE0/0/4 of SWA.
2. GE0/0/4 adds a tag to the data frame. The VID field of the tag is set to 2 of the VLAN to which the port belongs.
3. SWA searches the MAC address table and forwards the frame to GE0/0/2. (If the packet is a broadcast packet, the data frame is sent to all ports in VLAN 2 except GE0/0/4 on the switch.)
4. GE0/0/2 forwards the frame to SWB.
5. After receiving the frame, SWB identifies that the frame belongs to VLAN 2 based on the tag in the frame, searches the MAC address table, and forwards the frame to the corresponding outbound interface. (If the packet is a broadcast packet, the packet is sent to all ports in VLAN 2 except GE0/0/1 on the local switch.)
6. GE0/0/3 sends the frame to Host B.
The communication between hosts in VLAN 3 is similar.
Inter-VLAN communication
VLANs isolate Layer 2 broadcast domains, and therefore traffic of different VLANs is isolated. Users in different VLANs cannot communicate with each other.
Traffic between different VLANs cannot directly cross the VLAN boundary. Routes are used to send packets from one VLAN to another.
There are three methods to resolve inter-VLAN communication:
1. Assign a separate router interface to each VLAN.
VLANs are configured on the Layer 2 switch. Each VLAN is connected to an interface of the router through an exclusive physical connection.
As shown in the preceding figure, VLAN 100 is connected to Ethernet2, VLAN 200 is connected to Ethernet1, and VLAN 300 is connected to Ethernet0. The data communication between different VLANs is implemented through the router at Layer 3 routing and forwarding so that the VLANs can communicate with each other.
However, as the number of VLANs on each switch increases, doing so will inevitably require a large number of router interfaces. This solution is not applicable to inter-VLAN route selection due to cost considerations. In addition, some VLANs may not communicate with each other frequently. As a result, the interfaces of the router are not fully used.
2. Multiple VLANs share a physical connection.
Configure VLAN Trunking on the interfaces connected to Layer 2 switches and routers so that multiple VLANs share the same physical link to the route.
As shown in the preceding figure, the router provides only one Ethernet interface, and three sub-interfaces are configured on the interface as the default gateways of three VLAN users. When a user in VLAN 100 needs to communicate with a user in another VLAN, the user only needs to send data packets to the default gateway. The default gateway modifies the VLAN tag of the data frame and then sends the data frame to the VLAN of the destination host, the communication between VLANs is complete.
This mode is also called the one-arm routing or one-arm routing. It requires only one Ethernet interface. You can create a sub-interface to serve as the gateway of all VLANs and forward data between different VLANs.
3. Layer 3 switch
The Layer 2 switch and router are integrated to form a Layer 3 switch. The Layer 3 switch implements VLAN division, Layer 2 switching within a VLAN, and inter-VLAN routing.
The router in the figure is equivalent to a routing software module in the switch, which implements Layer 3 routing and forwarding. A switch functions as a Layer 2 switching module and implements Layer 2 fast-forwarding in a VLAN. The default gateway set by the user is the IP address of the virtual VLAN interface on the Layer 3 switch.
One-Arm Router Configuration
Switch Configuration
//Configure the VLAN ID for Ethernet posts 0/1 and 0/2
[SWA] vlan 100
[SWA-vlan100] port Ethernet 0/1
[SWA] vlan 200
[SWA-vlan200] port Ethernet 0/2
//Configure ports 0/24 in trunk mode and transparently transmit packets of all VLANs
[SWA] interface Ethernet 0/24
[SWA- Ethernet 0/24] port link-type trunk
[SWA- Ethernet 0/24] port trunk permit vlan all
Router Configuration
//Configure the sub-interface of Ethernet 0/1
[RTA] interface ethernet 0/1.1
[RTA- Ethernet 0/1.1] vlan dot1q vid 100
[RTA- Ethernet 0/1.1] ip address 192.168.10.1 255.255.255.0
[RTA] interface Ethernet 0/1.2
[RTA- Ethernet 0/1.2] vlan dot1q vid 100
[RTA- Ethernet 0/1.2] ip address 192.168.20.1 255.255.255.0
Using the vlan dot1q vid command, you can configure an Ethernet sub-interface or Eth-Trunk sub-interface as a VLAN member interface and specify the VLAN encapsulation mode.
After entering the Ethernet sub-interface view, you must configure VLAN encapsulation.
Otherwise, you cannot set parameters such as the IP address and MTU.
Note: This command can be configured only on sub-interfaces.
Layer 3 Switch Configuration
//Create a VLAN Layer 3 interface on the SWA
[SWA] interface vlan- interface 100
[SWA-Vlan100- interface100] ip add 192.168.10.1 255.255.255.0
[SWA] interface vlan- interface 200
[SWA-Vlan100- interface200] ip add 192.168.20.1 255.255.255.0
sing the interface vlan-interface VLAN-ID command, you can enter the VLAN interface view after a VLAN is created.
The ID of a VLAN interface must correspond to an existing VLAN.
The VRP considers that the routing function is enabled after the Layer 3 VLAN interface is enabled on the switch. That is, once the Layer 3 VLAN interface is configured, the two VLANs can communicate with each other through their respective VLAN interfaces.
Features of VLANs in the Access Network
The OLT supports 4000 VLANs, ranging from 2 to 4093.
VLAN type and VLAN Standard
Standard VLAN
The ports in a standard VLAN are standard Ethernet ports that are logically equivalent. Ethernet ports in the same standard VLAN can communicate with each other, and Ethernet ports in different standard VLANs are isolated from each other.
The type of the service virtual port can only be ETH (Ethernet physical port).
On the OLT, a standard VLAN can contain only Ethernet ports, but not GPON service ports. A standard VLAN can contain multiple Ethernet ports and is generally used for Ethernet subtending or P2P services.
Smart VLAN
The smart VLAN is a special VLAN. In addition to all the features of the standard
VLAN, the smart VLAN has its own unique features:
In a smart VLAN, ports are classified into upstream ports and service ports.
Service ports are isolated from each other and cannot communicate with each other.
Upstream ports can directly communicate with each other.
The service virtual port and the upstream port can communicate with each other directly.
The broadcast domain of each port in a standard VLAN contains all ports in the VLAN. However, the broadcast domain of the upstream port of the smart VLAN covers all the ports of the VLAN, but the broadcast domain of the service port covers only the upstream port.
In addition, a smart VLAN can contain multiple upstream ports and service ports.
1. Use to create user groups. Different user groups belong to different VLANs.
2. Users in the same VLAN are isolated from each other at Layer 2.
3. When the number of VLANs is limited, this type of VLAN can be used to save VLAN resources.
Default VLAN of the system
VLAN ID:1
Type: Smart VLAN
You can run the default vlan modify command to change the type of the VLAN. The VLAN cannot be deleted.
Default reserved VLAN
VLAN range: 4079 to 4093
You can run the vlan reserve command to modify the reserved VLAN of the system.
MUX VLAN
The MUX VLAN is a VLAN that contains the upstream port and the service virtual port.
A MUX VLAN can contain multiple upstream ports but only one service port.
Service flows of different MUX VLANs are isolated from each other.
One VLAN corresponds to one Layer 2 virtual connection.
A MUX VLAN has a one-to-one mapping with access users. Therefore, access users can be differentiated by VLAN.
Introduction to VLAN Attr
Common VLAN
Common is the default attribute of a VLAN. That is, the VLAN does not have the QinQ or stacking attribute. A VLAN with the common attribute can be used as a common Layer 2 VLAN. When Layer 3 forwarding is performed, a Layer 3 virtual interface can be created based on the VLAN with the common attribute.
Stacking VLAN
If VLAN stacking is used to extend the number of VLANs or identify users, the BRAS needs to implement double-tagged user authentication.
If VLAN stacking is used to provide the leased line wholesale service, the upper-layer network must work in Layer 2 mode and forward packets based on the VLAN and MAC address.
QinQ VLAN
The QinQ VLAN is usually used to provide the private line service or to precisely bind users.
Thanks for reading!
