VLAN is network topology and methodology which is used to create separate and isolated single or multiple LANs’s over the physical LAN. VLANs are created logically over the LANs and creating VLAN is easy with the help of different network protocols. VLAN is the short form for the Virtual LAN or in a long-form Virtual Local Area Network. VLANs make is very easy to isolate and run multiple different networks inside a single physical network without any extra hardware router, switch, cable, wireless router.

VLAN是网络拓扑和方法,用于在物理LAN上创建单独的隔离的单个或多个LAN。 VLAN是在LAN上逻辑创建的,并且借助不同的网络协议可以轻松创建VLAN。 VLAN是为短期形式Virtual LAN或长形Virtual Local Area Network 。 VLAN使隔离单个物理网络中的多个不同网络并运行它们非常容易,而无需任何额外的硬件路由器,交换机,电缆,无线路由器。

VLANs can work with different types of network devices and environments like Wi-Fi, wireless router, home router, an enterprise switch, etc.


(VLAN Types)

VLANs can be created for different purposes with different methodologies. We can categorize VLANs into 3 different types.

可以使用不同的方法为不同的目的创建VLAN。 我们可以将VLAN分为3种类型。

Protocol VLAN is created to handle packages according to their protocols and process VLAN switching according to this package protocols. 创建Protocol VLAN来根据包协议处理包,并根据该包协议处理VLAN切换。

Static VLAN or Port-Based VLAN is the most used and simplest type of VLAN where the switch, router or related device ports are assigned into a specific VLAN and only these VLAN packages are transmitted over this port. Static VLAN或Port-Based VLAN是最常用和最简单的VLAN类型,其中将交换机,路由器或相关设备端口分配到特定VLAN中,并且仅这些VLAN数据包通过该端口传输。

Dynamic VLAN is created to create and manage VLANs in a dynamic way where the VLANs are created dynamically according to the device characteristics or provided rules dynamically. 创建Dynamic VLAN是为了以动态方式创建和管理VLAN,其中根据设备特性或提供的规则动态创建VLAN。

(Why Use VLAN?)

VLANs provide a lot of advantages to the network administrators and most of the enterprise networks use VLAN technology. Here are some reasons to use VLANs.

VLAN为网络管理员提供了很多优势,大多数企业网络都使用VLAN技术。 这是使用VLAN的一些原因。

  • Isolating unwanted devices from the network
  • Isolating unwanted network traffic隔离不必要的网络流量
  • Preventing broadcast-related network防止广播相关的网络
  • Creating different level secured networks创建不同级别的安全网络
  • Making logical separation for different departments in the same physical location对同一物理位置中的不同部门进行逻辑分离
  • Detailed and granular network traffic management详细细致的网络流量管理
  • Decreasing host count in a single network减少单个网络中的主机数
  • Creating a flexible network topology创建灵活的网络拓扑

LEARN MORE  How to Configure Cisco Device and User Modes


VLAN如何工作?(How VLAN Works?)

VLANs work with physical ports. In the default configuration, all ports in the same switch will work on the same network by default. But VLAN is used to put these ports into different logical switches even they are on the same physical switch.

VLAN与物理端口一起使用。 在默认配置中,默认情况下,同一交换机中的所有端口将在同一网络上工作。 但是,VLAN用于将这些端口放入不同的逻辑交换机,即使它们位于同一物理交换机上也是如此。

VLANs rely on IEEE 802.1Q protocol which will add some Ethernet header to the Ethernet Frames. So VLAN works as a Layer 2 protocol which is mainly handled by the Layer Devices like a switch. Adding 802.1Q protocol into the ethernet header is also called as tagging because the given ethernet frame is tagged as a specific VLAN. If it is not tagged with a 802.1Q information it is called as untagged.

VLAN依赖于IEEE 802.1Q协议,该协议将向以太网帧中添加一些以太网报头。 因此,VLAN用作第2层协议,主要由第2层设备(如交换机)处理。 将802.1Q协议添加到以太网头中也称为标记,因为给定的以太网帧被标记为特定的VLAN。 如果未使用802.1Q信息对其进行标记,则称为未标记。

On a switch, if there is no explicit VLAN configuration it is numbered with the VLAN 1. According to 802.1Q protocol, the maximum count of the VLANs is 4,096. But in practice, this number is around 2000 where other VLANs are used for specific purposes and private VLAN range which are different types of VLAN.

在交换机上,如果没有显式VLAN配置,则将其标记为VLAN1。根据802.1Q协议,VLAN的最大数量为4,096。 但实际上,这个数字约为2000,其中其他VLAN用于特定目的,私有VLAN范围是不同类型的VLAN。

(Standard VLANs)

As on a single physical LAN can be used to create multiple VLANs there are some standard VLANs defined for specific reasons.


  • Native VLAN is used for all untagged traffic coming from the ports. This is like a default VLAN and numbered as VLAN 1 by default. Native VLAN用于来自端口的所有未标记流量。 这就像一个默认VLAN,默认情况下编号为VLAN 1。
  • Management VLAN is a special VLAN where only network administrators can access. This management VLAN includes virtual interfaces to access network devices like router, firewall, switch, etc. A special VLAN number is assigned to this management VLAN which is different from VLAN 1 as a best practice. For example, VLAN 100 can be used for the management VLAN. Management VLAN是仅网络管理员可以访问的特殊VLAN。 该管理VLAN包括用于访问网络设备(如路由器,防火墙,交换机等)的虚拟接口。为此管理VLAN分配了一个特殊的VLAN号,这与最佳实践中的VLAN 1不同。 例如,VLAN 100可以用于管理VLAN。

LEARN MORE  How To Get Mac Address In Windows?


(VLAN Advantages)

VLAN is very popular because it provides a lot of advantages over regular LANs. Here are some of the advantages of implementing and using VLANs.

VLAN非常受欢迎,因为与常规LAN相比,VLAN具有许多优势。 这是实现和使用VLAN的一些优点。

  • Dividing networks into smaller segments
  • Reducing the broadcast traffic减少广播流量
  • Implementing specific network policy for specific hosts为特定主机实施特定网络策略
  • Securing and Isolating hosts 保护和隔离主机
  • Easy security management for a different group of hosts轻松管理不同主机组的安全性
  • Ease of network administration and management易于网络管理
  • Cost-effective network administration and management具有成本效益的网络管理
  • Flexible network administration and management灵活的网络管理和管理

翻译自: https://www.poftut.com/what-is-vlan-virtual-lan/