成在线人免费视频,亚洲日韩精品无码专区网站,中文字幕中文乱码www,无码少妇一区二区性色av

VLAN詳解：原理、類型與優(yōu)勢（中英文）

LAN 是指網絡上兩個或多個設備的組合。VLAN 是一種虛擬 LAN，是本地網絡中的一個子組。VLAN 使網絡管理員可以輕松地將單個交換網絡劃分為多個組，以滿足其系統(tǒng)的功能和安全要求。

A LAN is a grouping of two or more devices on a network. A VLAN is a virtual LAN, a subgroup within a local network. VLANs make it easy for network administrators to separate a single switched network into multiple groups to match the functional and security requirements of their systems.

在上圖中，一臺交換機支持兩個虛擬網絡——兩個 VLAN。VLAN-10 上的用戶無法訪問 VLAN-20 上的設備，反之亦然。

In the above diagram, one switch is supporting two virtual networks–two VLANs. The users on VLAN-10 cannot access the devices on VLAN-20, and vice-versa.

然而，VLAN 是完全虛擬的，無需鋪設新電纜或對現有網絡基礎設施進行重大改造即可實現。

However, VLANs are entirely virtual. They can be implemented without having to run new cables or make major changes in the existing network infrastructure.

VLAN 與 LAN

VLANs vs. LAN

VLAN 類型：基于端口的 VLAN 和帶標記的 VLAN

Types of VLANs: Port-Based VLAN and Tagged VLAN

多個 VLAN 之間要相互通信，需要使用路由器。VLAN 之間的路由器可以過濾廣播流量、增強網絡安全、執(zhí)行地址匯總并緩解網絡擁塞。

For multiple VLANs to communicate with each other, a router is required. Routers between VLANs filter broadcast traffic, enhance Network security, perform address summarization, and mitigate network congestion.

VLAN 分為兩種類型：基于端口的 VLAN（無標記 VLAN）和帶標記 VLAN。對于帶標記的 VLAN，會在數據包中插入一個特殊的“標記”，以便交換機和路由器能夠正確轉發(fā)這些數據包。大多數網絡設備支持以太網 VLAN 的標準是 IEEE 802.1Q。此標準為以太網幀添加一個四字節(jié)的標記。此額外信息標識該幀屬于某個 VLAN，并包含 VLAN ID 號（同一網絡上最多可以有 4094 個 VLAN）。多個帶標記的 VLAN 可以使用交換機上的同一個端口，稱為中繼端口。

無標記 VLAN 基于交換機上的物理端口（稱為訪問端口）。以太網幀中沒有添加任何額外信息。相反，交換機上的每個端口都被定義為屬于特定的 VLAN。這種方法將單個物理交換機劃分為多個邏輯交換機。如果設備僅連接到單個 VLAN 中的端口，則該端口應該是無標記的。

The two types of VLANs are port-based (untagged) and tagged. For tagged VLANs, a special “tag” is inserted into packets so that switches and routers will forward those packets correctly. The standard supported by most networking devices for supporting VLANs on Ethernet networks is IEEE 802.1Q. This standard adds a tag of four bytes to an Ethernet frame. This extra information identifies the frame as belonging to a VLAN, and contains the VLAN ID number (up to 4094 VLANs are possible on the same network). Multiple tagged VLANs can use the same port on a switch, called a trunk port.

Untagged VLANs are based on the physical ports on a switch (called access ports). There is no extra information added to the Ethernet frame. Instead, each port on the switch is defined as belonging to a specific VLAN. This approach divides a single physical switch into multiple logical switches. If a device is connected to a port in a single VLAN only, then the port should be untagged.

基于端口的VLAN

Port-based VLAN

標記 VLAN

Tagged VLAN

第三種類型的 VLAN 端口稱為混合端口。此選項允許同時進行設備和中繼。無線接入點通常使用混合端口進行配置。

There is a third type of VLAN port called a hybrid port. This option allows for both devices and trunking to occur. Wireless access points are often configured using hybrid ports.

VLAN 的工作原理

How does a VLAN work

使用 VLAN 分段和分離來改進 ITS 網絡，VLAN 在實際應用中非常有用。ITS（智能交通系統(tǒng)）應用是 ITS 網絡傳輸數據的一個實際案例。ITS 網絡傳輸數據包括關鍵交通控制信號、安全監(jiān)控視頻流和數字標牌數據。不同類型的數據具有不同的緊急程度和數據安全要求。當不同類型的數據發(fā)生沖突時，關鍵交通控制信號必須具有最高傳輸優(yōu)先級，并且不能丟棄此類數據。為此，建議使用 VLAN 進行數據分離和 QoS（服務質量）分類。交通控制信號數據在其自己的 VLAN 上將被分配高優(yōu)先級，以便在網絡流量較大時優(yōu)先傳輸。

Using VLAN Segmentation and Separation to Improve an ITS Network, one real-world example where VLANs are very useful is in ITS (Intelligent Transportation System) applications. ITS network transmission data includes critical traffic control signals, security surveillance video streams, and digital sign board data. Different data types have different urgencies and data security requirements. When there is a conflict between different types of data, critical traffic control signals must have the highest transmission priority, and this data must not be dropped. For this purpose, it is recommended to use VLANs for data separation and QoS (Quality of Service)?classification. The traffic control signal data, on its own VLAN, will be assigned a high priority level so that the transmissions will be given priority when network traffic is heavy.

管理 VLAN

The Management VLAN

管理 VLAN 是所有交換機共享的單一網絡，無論網絡上有多少個其他 VLAN。出于安全考慮，可以將特定端口分配給管理 VLAN，以便只有管理員才能登錄該端口?？梢粤谐鼍哂性L問權限的特定 MAC 地址（設備）。這可以防止入侵者僅通過連接新設備即可訪問網絡。請注意，如果管理 VLAN 配置錯誤，管理員或技術人員可能會失去對該交換機的訪問權限，并且必須將交換機重置為出廠默認設置才能再次訪問。

The management VLAN is a single network shared by all switches, no matter how many other VLANs exist on the network. For security, a specific port can be assigned to the management VLAN so that only the administrator is able to log in to that port. Specific MAC addresses (devices) can be listed to have access. This prevents an intruder for gaining access to the network just by connecting a new device. Note that if a management VLAN is misconfigured, the administrator or technician can lose access to that switch and the switch will have to be reset to factory default settings in order to access it again.

VLAN 分段的優(yōu)勢

Benefits of VLAN segmentation

? 優(yōu)化網絡性能：

VLAN 通過縮小廣播域的規(guī)模來提升網絡性能。在廣播域中，每個設備都可以向其他所有設備發(fā)送數據包，并且每個數據包都必須接收和處理。當廣播域變得非常大時，這就會成為一個問題，因為大量的廣播數據會導致交換機性能下降。使用 VLAN，這些問題得到了緩解，因為它將網絡劃分為更小、更易于管理的單元。這種優(yōu)化可以顯著提高整體網絡效率。

? 增強安全性：

VLAN 提供了額外的安全保障。例如，可以為具有特定安全許可的用戶創(chuàng)建特定的 VLAN。這意味著敏感數據和系統(tǒng)可以與常規(guī)網絡隔離，從而降低未經授權訪問的風險。通過創(chuàng)建這些安全特定的 VLAN，組織可以更好地保護其關鍵資產。

? 簡化設備管理：

VLAN 使設備管理更加輕松。如果用戶移動到新的物理位置，則無需重新配置該用戶的物理工作站。此外，如果用戶停留在同一地點但更換工作，則只需更改工作站的 VLAN 成員資格。

? Optimizing Network Performance:
VLANs improve network performance by reducing the size of broadcast domains. In a broadcast domain, every device can send packets to every other device, and every packet must be received and processed. This becomes problematic when a broadcast domain becomes very large, leading to degraded switch performance due to the high volumes of broadcast data. With VLANs, these issues are mitigated, as they segment the network into smaller, more manageable units. This optimization leads to a significant boost in overall network efficiency.

? Enhancing Security:
VLANs offer an additional layer of security. For instance, a specific VLAN can be created for users with specific security clearances. This means that sensitive data and systems can be isolated from the general network, reducing the risk of unauthorized access. By creating these security-specific VLANs, organizations can better safeguard their critical assets.

? Simplified Device Management:
VLANs make device management easier. If a user moves to a new physical location, the physical workstation of that user does not need to be reconfigured. Also, if a user stays in the same location but changes jobs, only the VLAN membership of the workstation needs to be changed.

總而言之，VLAN 通過抑制廣播流量和增強安全性來增強交換網絡的性能。它們通過中繼端口擴展到單個交換機之外，并適應各種端口配置。對于企業(yè)和組織而言，VLAN 可以簡化網絡效率、安全性和設備管理，使其成為現代網絡策略中不可或缺的一部分。通過將網絡劃分為單獨的 VLAN，可以實現更強大的控制和優(yōu)化。

In summary, VLANs enhance switched network performance by curbing broadcast traffic and bolstering security. They extend beyond a single switch through trunk ports and accommodate various port configurations. For businesses and organizations, VLANs streamline network efficiency, security, and device management, making them essential in modern networking strategies. By segmenting your network into separate VLANs, you can achieve even greater control and optimization.