成在线人免费视频,亚洲日韩精品无码专区网站,中文字幕中文乱码www,无码少妇一区二区性色av

VLAN詳解：原理、類型與優(yōu)勢（中英文）

LAN 是指網(wǎng)絡(luò)上兩個或多個設(shè)備的組合。VLAN 是一種虛擬 LAN，是本地網(wǎng)絡(luò)中的一個子組。VLAN 使網(wǎng)絡(luò)管理員可以輕松地將單個交換網(wǎng)絡(luò)劃分為多個組，以滿足其系統(tǒng)的功能和安全要求。

A LAN is a grouping of two or more devices on a network. A VLAN is a virtual LAN, a subgroup within a local network. VLANs make it easy for network administrators to separate a single switched network into multiple groups to match the functional and security requirements of their systems.

在上圖中，一臺交換機支持兩個虛擬網(wǎng)絡(luò)——兩個 VLAN。VLAN-10 上的用戶無法訪問 VLAN-20 上的設(shè)備，反之亦然。

In the above diagram, one switch is supporting two virtual networks–two VLANs. The users on VLAN-10 cannot access the devices on VLAN-20, and vice-versa.

然而，VLAN 是完全虛擬的，無需鋪設(shè)新電纜或?qū)ΜF(xiàn)有網(wǎng)絡(luò)基礎(chǔ)設(shè)施進行重大改造即可實現(xiàn)。

However, VLANs are entirely virtual. They can be implemented without having to run new cables or make major changes in the existing network infrastructure.

VLAN 與 LAN

VLANs vs. LAN

VLAN 類型：基于端口的 VLAN 和帶標記的 VLAN

Types of VLANs: Port-Based VLAN and Tagged VLAN

多個 VLAN 之間要相互通信，需要使用路由器。VLAN 之間的路由器可以過濾廣播流量、增強網(wǎng)絡(luò)安全、執(zhí)行地址匯總并緩解網(wǎng)絡(luò)擁塞。

For multiple VLANs to communicate with each other, a router is required. Routers between VLANs filter broadcast traffic, enhance Network security, perform address summarization, and mitigate network congestion.

VLAN 分為兩種類型：基于端口的 VLAN（無標記 VLAN）和帶標記 VLAN。對于帶標記的 VLAN，會在數(shù)據(jù)包中插入一個特殊的“標記”，以便交換機和路由器能夠正確轉(zhuǎn)發(fā)這些數(shù)據(jù)包。大多數(shù)網(wǎng)絡(luò)設(shè)備支持以太網(wǎng) VLAN 的標準是 IEEE 802.1Q。此標準為以太網(wǎng)幀添加一個四字節(jié)的標記。此額外信息標識該幀屬于某個 VLAN，并包含 VLAN ID 號（同一網(wǎng)絡(luò)上最多可以有 4094 個 VLAN）。多個帶標記的 VLAN 可以使用交換機上的同一個端口，稱為中繼端口。

無標記 VLAN 基于交換機上的物理端口（稱為訪問端口）。以太網(wǎng)幀中沒有添加任何額外信息。相反，交換機上的每個端口都被定義為屬于特定的 VLAN。這種方法將單個物理交換機劃分為多個邏輯交換機。如果設(shè)備僅連接到單個 VLAN 中的端口，則該端口應(yīng)該是無標記的。

The two types of VLANs are port-based (untagged) and tagged. For tagged VLANs, a special “tag” is inserted into packets so that switches and routers will forward those packets correctly. The standard supported by most networking devices for supporting VLANs on Ethernet networks is IEEE 802.1Q. This standard adds a tag of four bytes to an Ethernet frame. This extra information identifies the frame as belonging to a VLAN, and contains the VLAN ID number (up to 4094 VLANs are possible on the same network). Multiple tagged VLANs can use the same port on a switch, called a trunk port.

Untagged VLANs are based on the physical ports on a switch (called access ports). There is no extra information added to the Ethernet frame. Instead, each port on the switch is defined as belonging to a specific VLAN. This approach divides a single physical switch into multiple logical switches. If a device is connected to a port in a single VLAN only, then the port should be untagged.

基于端口的VLAN

Port-based VLAN

標記 VLAN

Tagged VLAN

第三種類型的 VLAN 端口稱為混合端口。此選項允許同時進行設(shè)備和中繼。無線接入點通常使用混合端口進行配置。

There is a third type of VLAN port called a hybrid port. This option allows for both devices and trunking to occur. Wireless access points are often configured using hybrid ports.

VLAN 的工作原理

How does a VLAN work

使用 VLAN 分段和分離來改進 ITS 網(wǎng)絡(luò)，VLAN 在實際應(yīng)用中非常有用。ITS（智能交通系統(tǒng)）應(yīng)用是 ITS 網(wǎng)絡(luò)傳輸數(shù)據(jù)的一個實際案例。ITS 網(wǎng)絡(luò)傳輸數(shù)據(jù)包括關(guān)鍵交通控制信號、安全監(jiān)控視頻流和數(shù)字標牌數(shù)據(jù)。不同類型的數(shù)據(jù)具有不同的緊急程度和數(shù)據(jù)安全要求。當不同類型的數(shù)據(jù)發(fā)生沖突時，關(guān)鍵交通控制信號必須具有最高傳輸優(yōu)先級，并且不能丟棄此類數(shù)據(jù)。為此，建議使用 VLAN 進行數(shù)據(jù)分離和 QoS（服務(wù)質(zhì)量）分類。交通控制信號數(shù)據(jù)在其自己的 VLAN 上將被分配高優(yōu)先級，以便在網(wǎng)絡(luò)流量較大時優(yōu)先傳輸。

Using VLAN Segmentation and Separation to Improve an ITS Network, one real-world example where VLANs are very useful is in ITS (Intelligent Transportation System) applications. ITS network transmission data includes critical traffic control signals, security surveillance video streams, and digital sign board data. Different data types have different urgencies and data security requirements. When there is a conflict between different types of data, critical traffic control signals must have the highest transmission priority, and this data must not be dropped. For this purpose, it is recommended to use VLANs for data separation and QoS (Quality of Service)?classification. The traffic control signal data, on its own VLAN, will be assigned a high priority level so that the transmissions will be given priority when network traffic is heavy.

管理 VLAN

The Management VLAN

管理 VLAN 是所有交換機共享的單一網(wǎng)絡(luò)，無論網(wǎng)絡(luò)上有多少個其他 VLAN。出于安全考慮，可以將特定端口分配給管理 VLAN，以便只有管理員才能登錄該端口?？梢粤谐鼍哂性L問權(quán)限的特定 MAC 地址（設(shè)備）。這可以防止入侵者僅通過連接新設(shè)備即可訪問網(wǎng)絡(luò)。請注意，如果管理 VLAN 配置錯誤，管理員或技術(shù)人員可能會失去對該交換機的訪問權(quán)限，并且必須將交換機重置為出廠默認設(shè)置才能再次訪問。

The management VLAN is a single network shared by all switches, no matter how many other VLANs exist on the network. For security, a specific port can be assigned to the management VLAN so that only the administrator is able to log in to that port. Specific MAC addresses (devices) can be listed to have access. This prevents an intruder for gaining access to the network just by connecting a new device. Note that if a management VLAN is misconfigured, the administrator or technician can lose access to that switch and the switch will have to be reset to factory default settings in order to access it again.

VLAN 分段的優(yōu)勢

Benefits of VLAN segmentation

? 優(yōu)化網(wǎng)絡(luò)性能：

VLAN 通過縮小廣播域的規(guī)模來提升網(wǎng)絡(luò)性能。在廣播域中，每個設(shè)備都可以向其他所有設(shè)備發(fā)送數(shù)據(jù)包，并且每個數(shù)據(jù)包都必須接收和處理。當廣播域變得非常大時，這就會成為一個問題，因為大量的廣播數(shù)據(jù)會導致交換機性能下降。使用 VLAN，這些問題得到了緩解，因為它將網(wǎng)絡(luò)劃分為更小、更易于管理的單元。這種優(yōu)化可以顯著提高整體網(wǎng)絡(luò)效率。

? 增強安全性：

VLAN 提供了額外的安全保障。例如，可以為具有特定安全許可的用戶創(chuàng)建特定的 VLAN。這意味著敏感數(shù)據(jù)和系統(tǒng)可以與常規(guī)網(wǎng)絡(luò)隔離，從而降低未經(jīng)授權(quán)訪問的風險。通過創(chuàng)建這些安全特定的 VLAN，組織可以更好地保護其關(guān)鍵資產(chǎn)。

? 簡化設(shè)備管理：

VLAN 使設(shè)備管理更加輕松。如果用戶移動到新的物理位置，則無需重新配置該用戶的物理工作站。此外，如果用戶停留在同一地點但更換工作，則只需更改工作站的 VLAN 成員資格。

? Optimizing Network Performance:
VLANs improve network performance by reducing the size of broadcast domains. In a broadcast domain, every device can send packets to every other device, and every packet must be received and processed. This becomes problematic when a broadcast domain becomes very large, leading to degraded switch performance due to the high volumes of broadcast data. With VLANs, these issues are mitigated, as they segment the network into smaller, more manageable units. This optimization leads to a significant boost in overall network efficiency.

? Enhancing Security:
VLANs offer an additional layer of security. For instance, a specific VLAN can be created for users with specific security clearances. This means that sensitive data and systems can be isolated from the general network, reducing the risk of unauthorized access. By creating these security-specific VLANs, organizations can better safeguard their critical assets.

? Simplified Device Management:
VLANs make device management easier. If a user moves to a new physical location, the physical workstation of that user does not need to be reconfigured. Also, if a user stays in the same location but changes jobs, only the VLAN membership of the workstation needs to be changed.

總而言之，VLAN 通過抑制廣播流量和增強安全性來增強交換網(wǎng)絡(luò)的性能。它們通過中繼端口擴展到單個交換機之外，并適應(yīng)各種端口配置。對于企業(yè)和組織而言，VLAN 可以簡化網(wǎng)絡(luò)效率、安全性和設(shè)備管理，使其成為現(xiàn)代網(wǎng)絡(luò)策略中不可或缺的一部分。通過將網(wǎng)絡(luò)劃分為單獨的 VLAN，可以實現(xiàn)更強大的控制和優(yōu)化。

In summary, VLANs enhance switched network performance by curbing broadcast traffic and bolstering security. They extend beyond a single switch through trunk ports and accommodate various port configurations. For businesses and organizations, VLANs streamline network efficiency, security, and device management, making them essential in modern networking strategies. By segmenting your network into separate VLANs, you can achieve even greater control and optimization.