How to use Layer 3 switches to build enterprise VLANs

The expansion of enterprise scale has led to the continuous expansion of enterprise network scale. When expanding the network scale, many enterprises have adopted the method of directly adding computers to the original network. As a result, the network system has become more and more complex, the management of the network has become more and more difficult, the security index within the network has become lower and lower, and the utilization rate of network resources has also been greatly reduced. How to effectively manage the network and reasonably use network resources has become the biggest problem for enterprises.

[[185917]]

Using VLAN to divide the network system allows administrators to manage the enterprise network more conveniently, and the flexible expansion capability of the VLAN network also allows the enterprise network scale to continue to expand without network chaos. The ability of the VLAN network to control broadcast storms greatly improves the performance of enterprise network resources, and the VLAN network also has the characteristics of simple management and high security.

Therefore, using VLAN in the initial network design can bring great benefits to the future expansion of the network.

In ordinary small enterprises, using routers to divide VLANs is a cost-saving method. However, in large and medium-sized enterprises, using routers to divide VLANs will seriously affect the performance of the enterprise network, and communication between VLANs must be achieved through routing. Therefore, three-layer switches with routing functions are widely used in VLAN networks of large and medium-sized enterprises.

But we must be clear that the VLAN network using a three-layer switch also requires a router, but the router is only a connection tool between the enterprise network and the Internet, and communication between VLANs will not be achieved by a router.

The VLAN network structure constructed by the three-layer switch The biggest feature of VLAN network division is its flexibility. There are two main VLAN division methods: static VLAN and dynamic VLAN. Static VLAN is actually based on port VLAN. This division method is very complicated because the administrator has to configure each switch port, so it is generally not used.

Dynamic VLAN is divided into three types: subnet-based VLAN, MAC address-based VLAN, and user-based VLAN.

These three methods have their own characteristics. Therefore, we can flexibly match them when dividing VLAN networks. For example, since the external wireless network card of mobile users may be replaced at any time, we can use the user VLAN division method for mobile users and divide this part into a user-based VLAN. For some fixed users, we can use the subnet-based VLAN method, that is, divide a segment of IP into a VLAN. Therefore, VLAN division is very flexible.

In the network shown in the figure above, we still use a router in the first layer, because the router itself is the only tool to connect the internal network and the external network, so the router is indispensable, but the communication routing between VLANs is not implemented in the router. However, we must also pay attention to the fact that large VLAN networks have very high requirements for routers due to the large amount of data transmission, so we cannot simply think that the requirements for routers are not high with the three-layer switch.

Therefore, we still need to choose a router based on the scale of the entire network. The third-layer switch is used at the second layer, which is also the key to the entire large-scale VLAN network. The third-layer switch has two functions: routing and switching. The routing function is the key technology to achieve inter-VLAN communication.

When the first data stream enters the three-layer switch, the three-layer switch will route the data stream. While routing, the three-layer switch will generate a mapping table between MAC addresses and IP addresses. The advantage of this is that when the same data stream enters the three-layer switch, the three-layer switch does not need to route the data stream again. The data stream only needs to pass directly through the three-layer switch to achieve inter-VLAN communication, thereby effectively eliminating the network bottleneck caused by the router.

The three-layer switch is also the key to dividing the VLAN network. The administrator only needs to configure the three-layer switch to complete the division of the VLAN network. Therefore, when choosing a three-layer switch, we must make a reasonable choice based on our actual situation to more effectively ensure the normal operation of the entire VLAN network.

At the third layer of the network, we choose a layer 2 switch. The role of the layer 2 switch in the VLAN network is actually just to ensure the normal operation of the entire network base. If the network scale is very large, then it is best to choose a gigabit switch at this layer, so that the next layer of the network can continue to connect to the switch for expansion. If the network scale is not very large (the number of computers connected by a layer 3 switch is at least 200), you can directly choose an ordinary switch at this layer.

At the bottom layer of the network is the foundation of the entire network and also the standard by which we decide how to divide VLAN networks. They are composed of the company's computer terminals, servers, etc.

400-node enterprise network design scheme Let's design a 400-node enterprise VLAN network. We assume that the enterprise is divided into sales department, after-sales service department, design department, finance department, and server area. Among them, the sales department has 20 computers, the after-sales service department has 20 computers, the finance department has 20 computers, the server area has 20 servers, and the design department has 320 computers.

We can divide the entire enterprise network into 6 VLANs. If the user feels that the number of computers in the design department is a bit large, the computers in this department can be divided into VLANs. The figure below is the VLAN division structure diagram of this 500-node network.

Once again, the division of VLAN network needs to be configured on the three-layer switch. The above figure is a VLAN structure diagram after configuration. We can see that the three VLANs of the sales department, after-sales service department and finance department in the above figure all use the two-layer switch. Since these departments do not require much network bandwidth and have a small number of computers, each VLAN has only 20 computers. In fact, we can choose a 24-port switch to implement VLAN. Users can decide according to their actual situation.

Since the design department has a large number of computers, we used a gigabit switch plus multiple ordinary switches to implement VLAN. We also chose a gigabit switch for connection to the server. This is mainly because the server itself has very high requirements for network bandwidth.

The choice of three-layer switches and routers also depends on actual conditions.