Ukucushwa kwe-VLAN kanye nokuphepha kwenethiwekhi: umhlahlandlela ophelele

Informatec Digital » Izinsiza » Ukucushwa kwe-VLAN kanye nokuphepha kwenethiwekhi: umhlahlandlela ophelele

Uma uphatha inethiwekhi yenkampani, uzokwazi ukuthi ukuyifinyelela Konke kusebenza ngokushesha nangokuphephile Ngesikhathi esifanayo, akuwona umsebenzi olula. Njengoba amaqembu, izinsizakalo, kanye nezinhlelo zokusebenza zikhula, ukusakazwa, izithiyo, kanye nezinkinga zokuphepha ziqala ukuvela yonke indawo.

Elinye lamathuluzi anamandla kakhulu okuletha ukuhleleka kulolo nxushunxushu... I-VLAN (i-Virtual LAN)Njengoba ziklanywe kahle futhi zihlelwe kahle, zikuvumela ukuthi uhlukanise inethiwekhi, unciphise ithrafikhi engenamsebenzi, uhlukanise iminyango futhi uvikele izinsizakalo ezibalulekile... kodwa zingahlelwa kabi zingaba yisivikelo sokuphepha noma iphupho elibi lokuphatha.

Iyini ngempela i-VLAN futhi kungani ibalulekile kwezokuphepha?

I-VLAN, ngokuyisisekelo, iyi- inethiwekhi ye-logic ezimele ezihlala engqalasizinda efanayo: amaswishi afanayo, izintambo ezifanayo, izindawo zokufinyelela ze-Wi-Fi ezifanayo. Ezingeni elinengqondo, amadivayisi aku-VLAN aziphatha sengathi aku-LAN ehlukile, noma ngabe asatshalaliswe ezitezi noma ezakhiweni ezahlukene.

Lokhu kuvumela iqembu lama-PC, amaseva, amafoni e-IP, amaphrinta, noma amakhamera e-IP ukuthi akhe isizinda sakho sokusakazazihlukaniswe namanye amaqembu. Amaphakethe okusakaza kanye nama-multicast ahlala ngaphakathi kwe-VLAN yawo esikhundleni sokugcwala yonke inethiwekhi, okuthuthukisa ukusebenza futhi kwenza kube lula ukulawula ukuthi ubani ongabona ukuthi ubani.

Ezindaweni zebhizinisi, kuvamile ukudala ama-VLAN ukuze iminyango (ezokubalwa kwezimali, ubunjiniyela, ukumaketha)ukuhlukanisa ithrafikhi yabaphathi, izwi, izivakashi, i-IoT, noma ngisho ne-VLAN eyisipele ezinikele. Ngayinye inemithetho yayo yomzila, ukuphepha, kanye nekhwalithi yesevisi.

Ngaphezu kwalokho, ama-VLAN ayisici esibalulekile emasu okusebenza. Ukuhlukaniswa kanye ne-Zero TrustAmanethiwekhi awasabhekwa “njengathembekile ngokuphelele,” futhi izindawo zokuhlasela ziyachazwa. Ukwehluleka noma ukutheleleka ku-VLAN eyodwa akufanele kubangele ukuthi yonke inhlangano iwele ngomphumela we-domino.

Imiqondo eyisisekelo: amachweba okufinyelela, ama-trunk, kanye ne-VLAN yomdabu

Ukuze uqonde ngokugcwele ukucushwa kwe-VLAN kanye nokuphepha, kunemibono emithathu ebalulekile okumele icace bha: amachweba okufinyelela, amachweba e-trunk, kanye ne-VLAN yomdabuUma uwazi kahle la maphuzu amathathu, konke okunye kuhlangana kangcono kakhulu.

Un imbobo yokufinyelela Kuyi-switch port ethwala ithrafikhi kusuka ku-VLAN eyodwa kuya kudivayisi yokugcina: i-PC, iphrinta, ikhamera ye-IP, ifoni, njll. Ithrafikhi igeleza kusuka ku-switch iye kuleyo divayisi. Ayikho ilebula 802.1Q (ayinawo amathegi). Ngaphakathi, iswishi iyazi ukuthi ingeyeyiphi i-VLAN, kodwa imishini ayiboni ithegi.

Un imbobo yesiqu Kuyisixhumanisi phakathi kwamadivayisi enethiwekhi (i-switch-switch, i-switch-router, i-switch-AP) lapho idatha ihamba khona ama-VLAN amaningi ngesikhathi esisodwaKulokhu, ozimele baphethe ithegi engu-802.1Q ekhombisa ukuthi bangobani i-VLAN. Lokhu kuvumela ama-VLAN ukuthi anwetshwe kulo lonke i-topology kanye namanethiwekhi amaningi anengqondo ukuze adluliselwe ngesixhumanisi esifanayo somzimba.

La I-VLAN yomdabu Lena yi-VLAN esetshenziselwa ithrafikhi engafakwanga amathegi kusixhumanisi se-802.1Q. Uhlaka ngalunye olungena echwebeni le-trunk ngaphandle kwethegi lunikezwa le VLAN yomdabu. Ngokuzenzakalelayo, kumadivayisi amaningi yi-VLAN 1, futhi yilapho izinkinga zokuphepha ziqala khona uma lokhu kulungiselelwa kungashintshwa.

Ukwakhiwa kwenethiwekhi kanye nokuklama ngama-VLAN

Kumanethiwekhi aphakathi namakhulu kuvamile ukusebenzisa i-topology enezingqimba ezintathuIzendlalelo eziyinhloko, ukusatshalaliswa, kanye nokufinyelela. Isendlalelo ngasinye sinendima, futhi indlela ezihlangana ngayo nama-VLAN inokubaluleka okubalulekile okusebenzayo.

Isendlalelo sokufinyelela siqukethe amaswishi Baxhumanisa abasebenzisi ngqo kanye namadivayisi okugcina. Lawa anamachweba okufinyelela kakhulu futhi yilapho kuchazwa khona ama-VLAN amaningi abasebenzisi, izwi, i-IoT, njll.. Yilapho ukwabiwa kwamachweba kanye nemikhuba emihle yokuphepha ngokomzimba (ukuqinisekisa ukuthi akekho ongamane axhume izintambo) kudinga ukunakwa okukhulu.

Isendlalelo sokusabalalisa siqukethe amaswishi Bahlanganisa ithrafikhi evela kumaswishi amaningi okufinyelelaNgokuvamile yilapho kwenziwa khona umzila phakathi kwama-VLAN, kusetshenziswa ama-ACL amahle, kusetshenziswa izixhumanisi zefayibha, kufakwa izixhumanisi (i-EtherChannel), futhi kusetshenziswa izinqubomgomo ezithuthukisiwe kakhulu (i-QoS, ukulawula isiphepho, njll.).

Isendlalelo esiyinhloko siqukethe izixhumanisi zokusabalalisa kanye nesango eliya kwi-inthanethi noma amanethiwekhi angaphandle. Kumanethiwekhi amakhulu kakhulu, kuvamile ukuthi Ingqikithi iyona kuphela enesibopho sokushintsha ngesivinini esikhulungezici ezimbalwa kakhulu ezengeziwe, ukunciphisa ukubambezeleka kanye nobunzima.

Uma uklama inethiwekhi ngama-VLAN, kungcono ukuthi uqale uchaze ukuthi yimaphi amaqembu anengqondo adingekayo (ngomsebenzi, ukubucayi, izinga lokuzethemba, njll.) bese uyibeka ohlelweni lwe-IP oluhlelwe kahle (ama-subnet, ama-masks, i-VLSM, ububanzi obuguquguqukayo nobuqinile) kanye nokwabiwa okucacile kwama-port kuswishi ngayinye.

Izinhlobo ze-VLAN kanye nokusetshenziswa okuvamile

Indinganiso ebanzi kakhulu yokubeka amafreyimu ezinhlotsheni zesiqu yile IEEE 802.1QIngeza amabhayithi angu-4 ku-header ye-Ethernet nge-VLAN ID kanye nezinye izinkambu, ukuze iswishi yazi kahle ukuthi uhlaka ngalunye lungolwaluphi i-VLAN ngaphandle kokuhlanganisa lonke uhlaka.

Uma ama-VLAN ehlelwe ngama-switch angu-802.1Q, imbobo ngayinye ingaphawulwa ngokuthi okumakiwe noma okungamakiwe ye-VLAN ethile. Imbobo ingafakwa amathegi kuma-VLAN amaningana (ajwayelekile esiqu) kodwa ingafakwa amathegi kwenye yawo (leyo idivayisi yokugcina ezoyibona uma iyimbobo yokufinyelela).

Ngaphezu kwama-VLAN "avamile" asekelwe ku-802.1Q, kunezinye izindlela ezisetshenziswa kabanzi ezindaweni zezinkampani: Ama-VLAN asekelwe echwebeni, ama-VLAN asekelwe ku-MAC, ama-VLAN okuphatha, ama-VLAN okulawula, ama-VLAN endabuko enziwe ngokwezifiso, ama-VLAN ahlanganisiwe, noma ngisho nama-VXLAN ezindaweni zedatha kanye nezindawo zamafu lapho kudingeka khona izigidi zamanethiwekhi anengqondo. Kuhle futhi ukucabangela ubuchwepheshe obufana no I-802.1X kanye nama-VLAN ashukumisayo ukuze kwabiwe futhi kuvikelwe ngendlela ethuthukisiwe.

La Ukuphatha VLAN Isetshenziselwa kuphela ukufinyelela kokuphatha kuma-switch, ama-router, izindawo zokufinyelela, ama-firewall, kanye nezinhlelo zokuqapha. Ngokuvamile ine-subnet yayo ye-IP kanye nama-ACL aqinile alawula ukuthi ubani ongayifinyelela. Ukuphatha amadivayisi avela kuma-VLAN afanayo nabasebenzisi kungumqondo omubi kakhulu.

Ikholi lawula i-VLAN Inikezelwe kuthrafikhi yephrothokholi yenethiwekhi yangaphakathi: i-STP, amaphrothokholi okuqondisa, i-CDP, i-LLDP, i-VTP, njll. Ukuhlukanisa le thrafikhi kuthrafikhi yedatha noma yokuphatha kunciphisa umsindo, kuthuthukisa ukuzinza, futhi kuvumela ukusetshenziswa kwezinyathelo ezithile zokuphepha.

I-VLAN 1, i-VLAN yomdabu, nokuthi kungani iyinkinga yokuphepha

Kumaswishi amaningi, i-VLAN 1 iza ilungiselelwe kusengaphambili njenge-VLAN ezenzakalelayo neyomdabu kuzo zonke izimbobo. Lokhu kusho ukuthi, uma kungashintshi lutho, yonke ithrafikhi engena ku-trunk ifakwa ku-VLAN 1, futhi zonke izimbobo ziyingxenye yayo.

Inkinga ukuthi noma yimuphi umhlaseli ohlakaniphe ngokulingene uyakwazi lokhu. I-VLAN 1 ingenye yezinhloso eziyinhloko zokuhlasela. Ukuhlasela kwe-VLAN okugxumagxumayo, ukukhwabanisa ngokushintsha kanye nezinye izinto ezisunguliwe ezisebenzisa ukucushwa okuzenzakalelayo ukuze zingene kwamanye ama-VLAN.

Ngokwesibonelo, ekuhlaselweni kokukhwabanisa kweswishi, umhlaseli uxhuma idivayisi yakhe echwebeni lapho i-DTP isebenza khona kumodi eguquguqukayo futhi xoxisana ngesixhumanisi se-trunk ngeswishi, ukuthola ukufinyelela kuma-VLAN amaningi okungafanele afinyelele kumphathi.

Ekuhlaselweni kokumaka okuphindwe kabili, amathegi amabili angu-802.1Q axutshwa kufreyimu efanayo, kusetshenziswa iqiniso lokuthi i-VLAN yomdabu ihamba inganamaki, ukuze izame ukugxuma isuka kwenye i-VLAN iye kwenye ngesiqu esiqinile.

Ngakho-ke, izincomo zokuphepha zamanje zicacile: Ungasebenzisi i-VLAN 1 kubasebenzisiUngayishiyi njenge-VLAN yomdabu kuma-trunks, ungayiniki ikheli le-IP lokuphatha, futhi uma kungenzeka, yihlukanise noma uyihlunge ukuze ingathwali ithrafikhi yokukhiqiza.

Izindlela ezinhle kakhulu zokuklama nokwabiwa kwechweba

Esinye sezinqumo ezibalulekile lapho uhlela ama-VLAN yi- ama-switch port anikezwa kanjani nge-VLAN ngayinye nokuthi yini okufanele uyenze ngamachweba angasetshenziswanga. Kubonakala kungasho lutho, kodwa kokubili ukusebenza kanye nokuphepha kuncike kuyo.

Kuhlale kungumqondo omuhle ukushiya amachweba okufinyelela evulekile. i-VLAN eyodwa njengengafakwanga amathegi (lowo msebenzisi noma idivayisi) bese umaka okunye njengokungafakiwe. Lokhu kuvimbela isikhombimsebenzisi ukuthi "sibone" ama-VLAN angewona awaso, noma ngabe othile ushintsha izilungiselelo ngengozi.

Kuzixhumanisi ze-trunk, kunconywa ukuthi ulungiselele ngokucacile yiziphi i-VLAN ezivunyelwe (isb., i-switchport trunk ivunyelwe i-vlan 10, 20, 99) esikhundleni sokudlulisa wonke ama-VLAN kunethiwekhi. I-trunk ngayinye kufanele ithwale ama-VLAN kuphela ayidingayo ngempela.

Kumachweba angasetshenziswa, umkhuba ophephile kakhulu ukwenza kanjalo zicime (zivale)Zinike i-VLAN "embobeni emnyama" engenalo isango noma i-DHCP, futhi uqinisekise ukuthi aziphawulwanga njengesiqu noma i-DTP ivuliwe. Lokhu kuvimbela othile ekuxhumeni idivayisi futhi avele ngokuzumayo kunethiwekhi yokukhiqiza.

Ezindaweni lapho inani lamachweba liphezulu kakhulu, kuyalulekwa ukuthi ubhale phansi kahle. yini exhunywe ku-interface ngayinyeFaka ilebula kukhebula bese ugcina imidwebo yakho isesikhathini. Izinkinga eziningi zokuxhumeka kwe-VLAN zibangelwa nje ukuthi izintambo zithuthwa ngaphandle kwemibhalo ebuyekeziwe; umhlahlandlela wokuxhuma izintambo Kuyasiza ukugwema amaphutha.

Ama-VLAN "angaphumi" kanye namachweba angasetshenziswanga

Indlela elula nephumelelayo kakhulu yokuvikela amachweba amahhala ihlanganisa ukudala "Akukho ukuphuma" i-VLANOkusho ukuthi, i-VLAN engenayo i-DHCP, engenayo i-routing futhi engenazo izinsizakalo, bese ifaka wonke ama-access port angasetshenziswa kuyo.

Umqondo uwukuthi noma umuntu exhuma idivayisi kwenye yalezo zimbobo, lowo msingathi ngeke athole ikheli le-IP, ngeke abe nesango, ngeke akwazi ukufinyelela amanye amadivayisi, futhi ithrafikhi yayo izohlala ihlukanisiwe ngokuphelele. Kuluhlobo lwe-limbo yenethiwekhi.

Ezindaweni eziningi kusetshenziswa i-ID ebonakalayo, njengokuthi I-VLAN 777, 999 noma 4094Ngale njongo, iswishi ilungiselelwe ukukhipha amanye ama-VLAN kulawo machweba, akukho interface ye-Layer 3 echazwe kuleyo VLAN, futhi ayikhangiswa kunoma iyiphi i-router.

Ngaphezu kwalokho, kunconywa ukuthi i-DTP ikhutshazwe kuma-port okufinyelela azo zonke izinkinobho nge switchport nonegotiateukuze bangalokothi bazame ukuba yimigqa ye-trunk ngokuzenzakalelayo ngokuxoxisana nomakhelwane.

Ama-VLAN ezwi, idatha, namadivayisi akhethekile

Kumanethiwekhi lapho kukhona khona Ucingo lwe-IP kanye nethrafikhi yezwiUmkhuba ojwayelekile ukuhlukanisa ithrafikhi yezwi ibe yi-VLAN ethile, ehlukile kweyama-PC. Lokhu kungenxa yezizathu ezimbili: ikhwalithi yezidingo zesevisi kanye nokuphepha.

Ithrafikhi yezwi ibucayi kakhulu ekubambezelekeni, ekujikeni, nasekulahlekelweni kwamaphakethe. Uma ixubene ngokungalawuleki nokulanda okunzima, ukusakaza ividiyo, noma ama-backup, izingcingo ziwohloka ngokushesha. Ukuhlukanisa izwi ku-VLAN yakho kukuvumela ukuthi wenze lokho kanye. beka phambili nge-QoS futhi usebenzise izinqubomgomo ezinembile kakhudlwana.

Ngaphezu kwalokho, amafoni e-IP ngokuvamile anamakhono awo okufaka amathegi e-VLAN (802.1Q): afakwe ku-PC, i-port eya kunethiwekhi isebenza njenge-trunk (izwi elimakiwe, idatha engamakiwe) kanye ne-port eya ku-PC isebenza njenge-access port. Lokhu kudinga ukulungiselelwa kwembobo okucolekile kancane ukugwema ukushiya izikhala zokuphepha.

Kungumqondo omuhle futhi ukuhlukanisa [okungacacile] ngama-VLAN athile. Amadivayisi e-IoT, ukuzenzekela kwasekhaya, amakhamera e-IP, amathelevishini, ama-smart plugnjll. Lawa amadivayisi avame ukuba nezinga eliphansi lokuphepha kanye ne-firmware enganakekelwa kahle, futhi kuyanconywa ukuthi angabi kunethiwekhi efanayo enengqondo nama-PC okuphatha noma amaseva abalulekile.

Ezweni le-WiFi, izindawo eziningi zokufinyelela zobungcweti zikuvumela ukuthi uhlangane i-SSID eyodwa ye-VLAN ngayinyeNgale ndlela, ukuhlukaniswa kwenethiwekhi enezintambo kudlulela kunethiwekhi engenantambo: ukuphathwa kwe-VLAN, i-VLAN yenkampani, i-IoT VLAN, i-VLAN yezivakashi, ngayinye ine-SSID yayo kanye nemithetho.

Umzila phakathi kwama-VLAN, ama-ACL, kanye nama-firewall

Ngokuklama, ama-VLAN "Ababonani" ezingeni lesi-2Uma ufuna amadivayisi akuma-VLAN ahlukene axhumane, udinga ukuya ku-Layer 3: i-inter-VLAN routing. Lokhu kuvame ukwenziwa ku-router, i-firewall, noma i-Layer 3 switch.

Kunezindlela ezimbili eziyinhloko. Eyokuqala ukusebenzisa i-router noma i-firewall enokusekelwa kwe-802.1Q ixhunywe ku-trunk yokushintsha. I-router idala ama-subinterface (eyodwa nge-VLAN ngayinye), iwabela ama-IP, futhi isebenza njengesango. firewallNgaphezu kwalokho, isebenzisa imithetho emihle mayelana nokuthi ubani ongakhuluma nobani.

Iphethini yesibili ukusebenzisa Iswishi ephethwe yi-Layer 3 ekusatshalalisweni noma ungqimba oluyinhloko. Kudalwe ama-interface e-VLAN (ama-SVI) kuwo, asebenza njengezindlela zokungena ze-subnet ngayinye. Iswishi ngokwayo iphatha umzila wangaphakathi kanye nama-ACL ahambisanayo, ilayisha umsebenzi kusuka ku-router enqenqemeni.

Kuzo zombili izimo, kubalulekile ukuhambisana nalolu hlelo kanye uhlu lokulawula ukufinyelela (ama-ACL) noma imithetho yomlilo Okuqinile. Ukuba khona kwendlela ye-IP phakathi kwama-VLAN akusho ukuthi yonke ithrafikhi kufanele ivunyelwe. Ukuhlunga kumele kwenziwe ngokusekelwe emthonjeni, endaweni oya kuyo, emachwebeni, kumaphrothokholi, kanye nesiqondiso sokuxhumana.

Isibonelo esijwayelekile: i-VLAN yesivakashi ingafinyelela i-inthanethi kuphela, i-IoT VLAN ingaxhumana kuphela namaseva athile (njenge-NTP, i-syslog, noma umthengisi we-MQTT), i-VLAN yomfundi ayikwazi ukufinyelela i-VLAN yokuphatha, i-VLAN yesipele iqala kuphela ukuxhumana neseva yesipele, njll.

Izinqubo zokuphatha i-VLAN: i-VTP kanye nenkampani

Kumanethiwekhi amakhulu anamaswishi amaningi, ukudala ama-VLAN ngesandla kudivayisi ngayinye akunakwenzeka futhi kuvame ukuba namaphutha. Yingakho amaphrothokholi afana nalawa I-VTP (Iphrothokholi Yokunquma Ye-VLAN) ezweni le-Cisco, elivumela ukusatshalaliswa okuphakathi kohlu lwe-VLAN.

I-VTP ichaza izindlela ezintathu zokusebenza kuswishi: iseva, iklayenti, kanye nokusobalaAmaseva angadala, aqambe kabusha, noma asuse ama-VLAN bese ethumela lolo lwazi kumakhasimende angaphakathi kwesizinda esifanayo. Amakhasimende athola futhi asebenzise izinguquko, kodwa awazishintshi. Amaseva acacile awacubunguli isizindalwazi se-VLAN; adlulisela ulwazi kuphela.

Lezi zinhlobo zamaphrothokholi zenza impilo ibe lula kakhulu, kodwa zinezinkinga zazo: iphutha kuswishi yeseva, iphasiwedi ye-VTP engaphathwanga kahle, noma iswishi endala ephinde yafakwa kunethiwekhi enesizindalwazi esiphelelwe yisikhathi ingabangela izinkinga. ukubhubhisa ngokuphelele ukucushwa kwe-VLAN kuyo yonke inhlangano.

Ngakho-ke, emiklamo eminingi yamanje, imodi ye-VTP iyathandwa. okusobala noma ungayisebenzisi nje, ukuphatha ama-VLAN ngamathuluzi e- ezenzakalelayo (Okusebenziseka kalula, amathempulethi, abalawuli abaphakathi, njll.) noma ngomklamo ongaguquki futhi olawulwayo.

Ukuphepha okuthuthukisiwe: i-VACL, i-PVLAN kanye nokunciphisa ukuhlaselwa

Njengoba inethiwekhi ikhula futhi ubucayi bukhula, ama-VLAN wodwa ayasilela. Ukulawula ithrafikhi ngokuningiliziwe ngaphakathi kwe-VLAN, ezinye izindlela zingasetshenziswa. I-VACL (amamephu e-VLAN ACL noma e-VLAN)okuvumela ukuhlunga noma ukuqondisa kabusha ithrafikhi ezingeni le-VLAN, hhayi nje kuma-interface athile.

Ama-VACL ahlelwa ngokuchaza Amamephu okufinyelela e-VLAN Basebenzisa uhlu lokufinyelela lwe-IP noma lwe-MAC futhi bachaza ukuthi benzeni ngethrafikhi efanayo: bayivumele idlule, bayivimbe, bayithumele echwebeni lokuqapha, bayiqondise kabusha… Bese besetshenziswa emhlabeni wonke ku-VLAN eyodwa noma ngaphezulu kuswishi.

Ezimweni lapho ufuna ukuhlukanisa khona ama-host ngaphakathi kwe-subnet efanayo, kukhona Ama-VLAN Azimele (ama-PVLAN)Iqala nge-VLAN eyinhloko, okuvame ukuba lapho isango likhona, futhi idala ama-VLAN esibili ahlobene ezinhlobo ezimbili: okuhlukanisiwe kanye nomphakathi.

Ama-VLAN esibili ohlobo elingalodwa Zivumela i-host ngayinye ukuthi ibone isango kuphela, kodwa hhayi amanye ama-host, noma ngabe aku-VLAN yesibili efanayo. Lawa angohlobo umphakathi Zivumela iqembu lababungazi ukuthi libonane kanye nesango, kodwa hhayi amanye amaqembu asohlwini olufanayo.

Ngokuphathelene nokuhlaselwa okuthile, ngaphezu kwalokho osekushiwo kakade nge-VLAN 1 kanye ne-DTP, kubalulekile ukunciphisa I-VLAN igxuma ngokumaka kabiliUkuze wenze lokhu, kunconywa ukuthi ushintshe i-VLAN yasendaweni ibe yi-VLAN engasetshenziswa nama-host, ususe leyo VLAN yasendaweni kuma-trunk uma kungenzeka, ukhubaze i-DTP, uchaze ngokucacile ama-port njengokufinyelela noma i-trunk, bese usebenzisa imiyalo ukuze i-VLAN yasendaweni ihlale ihamba i-tag, ilahle ithrafikhi engenamathegi.

Ukuxilongwa nokugcinwa kwamanethiwekhi ane-VLAN

Ukusetha inethiwekhi ngama-VLAN kuyingxenye yomsebenzi kuphela; enye ingxenye iwumsebenzi gcina futhi ulungise izigameko Ngaphandle kokuhlanya. Izinkinga ezivamile zokuxhumeka kwe-VLAN zivame ukuba nezimbangela ezivamile. Ukuze uthole iziqondiso nezinqubo ezisebenzayo, bheka izinsiza ku- ukuxilongwa kwenkinga yenethiwekhi.

Ngakolunye uhlangothi, kukhona amaphutha angokwenyama: izintambo ezithuthelwe kusuka kwelinye ichweba ziye kwelinye ngaphandle kokubuyekeza amadokhumenti, amachweba ahlelwe njengokufinyelela lapho kufanele kube khona isiqu, noma okuphambene nalokho, izixhumanisi ezingafuneki kahle eziphela ngezihibe uma i-STP ingalungiswanga kahle.

Ngakolunye uhlangothi, kukhona ukwehluleka okunengqondo: Ama-VLAN adalwe kwezinye izinkinobho kodwa hhayi kwezinye, kuvunyelwe uhlu lwe-VLAN kuma-trunk angalungiselelwe kahleUbubanzi be-DHCP obungahambisani namamaski noma amasango abekwe ngendlela engafanele kumadivayisi okugcina.

Amathuluzi ayisihluthulelo okuxilonga yimiyalelo evamile: bonisa i-vlan, bonisa izixhumi ze-interface trunk, bonisa i-spanning-tree, bonisa i-ip interface brief, i-ping, i-traceroutenjll. Ukuzihlanganisa nokuqoshwa kwethrafikhi emachwebeni athile kanye nohlelo oluhle lokuqapha kusiza kakhulu.

Kunconywa futhi ukuthi ubuyekeze njalo Ama-ACL, imithetho yomlilo, i-PVLAN, ama-VACL, kanye nokucushwa kokuphatha ukuqinisekisa ukuthi azikho izikhala ezishiywe zivulekile ngemva kokushintsha kwephrojekthi, ukwanda, noma ukufuduka.

Amadokhumenti acacile (ama-VLAN schemes, ama-IP ranges, ama-port assignments, incazelo yezinqubomgomo zokufinyelela phakathi kwe-VLAN) kanye nokubhalisa izinguquko okuqinile cishe kubaluleke kakhulu njengoba ukucushwa kuziyala.

Ngokuhlukaniswa okucatshangelwe kahle, ama-VLAN anelebula efanele, ukuphathwa kwe-VLAN okuhlakaniphile, umzila we-inter-VLAN ovikelwe yi-ACL, kanye nemikhuba yokulungisa eqhubekayo, inethiwekhi yebhizinisi ingathola intuthuko enkulu ekusebenzeni. ukuphepha, ukusebenza kanye nokulawula ngaphandle kwesidingo sokwakha kabusha yonke ingqalasizinda ebonakalayo.