Tổng Quan Về Chuyển Mạch Vlan

ti : Tm hiu v VLAN
Bo co
1 thc tp
ti : Tm hiu v VLAN
MC LC
1. Tng quan v chuyn mch................................................................3

1.1. Chuyn mch lp 2 v lp 3.........................................................................3
1.2. Chuyn mch i xng v bt i xng.......................................................4
1.3. Phng php chuyn mch...........................................................................6
1.4. Hot ng ca switch....................................................................................8
2. Mng LAN o Vlan (Vitrual Local Area Network).............10
2.1. Gii thiu v Vlan.......................................................................................10
2.2. Cu trc v hot ng ca Vlan..................................................................12
2.2.1. Cch thc to lp Vlan.........................................................................13
2.2.2. Cc Vlan u cui.................................................................................15
2.2.3. Cc Vlan cc b....................................................................................16
2.2.4. Cc loi Vlan........................................................................................17
2.2.5. Nhn dng VLAN frame......................................................................18
2.2.6. Giao thc VTP (Vlan Trunking Protocol)............................................19
2.3. Mt s vn tn cng v bo mt trong Vlan..........................................23
3. Tng kt.......................................................................................................27
3.1. Tng kt......................................................................................................27
3.2. Tm quan trng v ng dng VLan vo thc t.........................................29
Bo co
2 thc tp
ti : Tm hiu v VLAN
1. Tng quan v chuyn mch

Chuyn mch l chc nng chuyn tip thng tin da trn nh tuyn, chuyn
mch gip gim tc nghn trong mng . Chuyn mch thc hin bng cch gim
giao thng v tng bng thng LAN Switch.
Switch thc hin hot ng chnh nh:
Chuyn mch frame

Bo tr hot ng chuyn mch
Kh nng truy cp ting trn tng port
Loi tr ng tng thng lng ng truyn
H tr nhiu phin giao dch cng lc
Truyn frame da trn bng chuyn mch
Truyn frame da trn a ch MAC
1.1. Chuyn mch lp 2 v lp 3
Chuyn mch l tin trnh nhn frame vo t mt cng v chuyn frame ra ti

mt cng khc. Router s dng chuyn mch Lp 3 chuyn cc gi c
nh tuyn xong. Switch s dng chuyn mch Lp 2 chuyn frame.
S khc nhau gia chuyn mch Lp 2 v Lp 3 l loi thng tin nm trong

frame c s dng quyt nh chn cng ra l khc nhau. Chuyn mch Lp
2 da trn thng tin l a ch MAC. Cn chuyn mch Lp 3 l da trn a ch
lp mng (v d nh: a ch IP).
Chuyn mch Lp 2 nhn vo a ch MAC ch trong phn header ca

frame v chuyn frame ra ng cng da theo thng tin a ch MAC trn bng
chuyn mch. Bng chuyn mch c lu trong b nh a ch CAM (Content
Addressable Memory - nh ni dung a ch). Nu switch lp 2 khng bit gi
frame vo port no, c th th n gin l n qung b frame ra tt c cc port ca
n. Khi nhn c khi nhn c gi tr li v, switch s nhn a ch mi vo
CAM.
Bo co
3 thc tp
ti : Tm hiu v VLAN
Chuyn mch Lp 3 l mt chc nng ca Lp mng. Chuyn mch Lp 3

kim tra thng tin nm trong phn header ca Lp 3 v a vo a ch IP
chuyn gi.
Dng giao thng trong mng chuyn mch ngang hng hon ton khc vi dng
giao thng trong mng nh tuyn hay mng phn cp. Trong mng phn cp
dng giao thng trong mng c uyn chuyn hn trong mng ngang hang
1.2. Chuyn mch i xng v bt i xng
Chuyn mch LAN c phn loi thnh i xng v bt i xng da trn bng
thng ca mi cng trn Switch:
Chuyn mch i xng l chuyn mch gia cc cng c cng bng thng (v d
gia hai cng c cng bng thng l 10/10Mbps hay 100/100 Mbps). Trong chuyn
mch i xng, thng lng cng tng khi s lng thng tin lin lc ng thi ti
mt thi im cng tng.
Hnh 1. Chuyn mch i xng
Bo co
4 thc tp
ti : Tm hiu v VLAN
Chuyn mch bt i xng l chuyn mch gia cc cng c bng thng khc
nhau (v d gia hai cng khng cng bng thng 10/100 Mbps). Chuyn mch bt
i xng cho php dnh nhiu bng thng hn cho cng ni vo server trnh nghn
mch trn ng ny khi c nhiu client truy cp server cng mt lc. Chuyn mch
bt i xng cn c b m gi frame c lin tc gia hai tc khc nhau ca
hai cng.
Hnh 2. Chuyn mch bt i xng
Ethernet Switch s dng b m gi v chuyn frame. B m cn c s

dng khi cng ch ang bn. C hai loi b m c th s dng chuyn
frame l b m theo cng v b m chia s.
B m theo cng : Frame c lu thnh tng hng i tng ng vi tng

cng nhn vo. Sau frame ch c chuyn sang hng i ca cng ch khi tt c
cc frame trc n trong hng i c chuyn ht. Nh vy mt frame c th lm
cho tt c cc frame cn li trong hng i phi hon li v cng ch ca frame ny
Bo co
5 thc tp
ti : Tm hiu v VLAN
ang bn. Ngay c khi cng ch cn ang trng th cng phi ch mt khong thi
gian chuyn ht frame .
B m chia s : Tt c cc frame c lu vo chung mt b nh. Tt c cc

cng ca Switch chia s cng mt b m. Dung lng b m c t ng phn b
theo nhu cu ca mi cng ti mi thi im. Frame trong b m c t ng a
ra cng pht. Nh c ch chia s ny, mt frame nhn c t cng ny khng cn
phi chuyn hng i pht ra cng khc. Trong b m chia s, tt c cc frame
c lu vo chung mt b nh. Tt c cc cng ca Switch chia s cng mt b
m. Dung lng b m c t ng phn b theo nhu cu ca mi cng ti mi
thi im. Frame trong b m c t ng a ra cng pht. Nh c ch chia s
ny, mt frame nhn c t cng ny khng cn phi chuyn hng i pht ra
cng khc.
Switch gi mt s cho bit frame no tng ng vi cng no v s ny s

xa i sau khi truyn frame thnh cng. B m c s dng theo dng chia s
nn lng frame trong b m b gii hn bi tng dung lng ca b m ch khng
ph thuc vo vng m ca tng cng nh dng b m theo cng. V frame ln c
th chuyn i c v t b rt gi hn. iu ny rt quan trng i vi chuyn mch
khng ng b v frame c chuyn mch gia hai cng c tc khc nhau.
1.3. Phng php chuyn mch
C 2 phng php chuyn mch:
- Store - and forward : Nhn vo ton b frame xong ri mi bt u chuyn

i. Switch c a ch ngun, ch v lc frame nu cn trc khi quyt nh
chuyn frame ra. V switch phi nhn xong ton b frame ri mi bt u tin
trnh chuyn mch frame nn thi gian tr i vi frame cng ln. Tuy nhin
nh vy switch mi kim tra li cho ton b frame gip kh nng pht hin li
cao hn.
Bo co
6 thc tp
ti : Tm hiu v VLAN
Hnh 3. Chuyn mch theo phng php store-and-forward
- Cut through : Frame c chuyn i trc khi nhn xong ton b

frame. Ch cn a ch ch c th c c ri l c th chuyn frame ra.
Phng php ny lm gim thi gian tr nhng ng thi lm gim kh nng
pht hin li frame.Phng php ny gm 2 ch :
Fast forward : Chuyn mch nhanh c thi gian tr

thp nht. Chuyn mch nhanh s chuyn frame ra ngay sau
khi c c a ch ch ca frame m khng cn phi ch
nhn ht frame. Do c ch ny khng kim tra c frame
nhn vo c b li hay khng d iu ny khng xy ra
thng xuyn v my ch s hy gi tin nu gi tin b li.
Trong c ch chuyn mch nhanh, thi gian tr c tnh t
lc switch nhn vo bit u tin cho n khi switch pht ra bit
u tin.
Fragment free : c ch chuyn mch ny s lc b cc
Bo co
7 thc tp
ti : Tm hiu v VLAN
mnh gy do ng gy ra trc khi bt u chuyn gi.

Hu ht cc frame b li trong mng l do b ng . Trong
mng hot ng bnh thng, mt mnh frame gy do ng
gy ra phi nh hn 64 byte. Bt k trong frame no ln
hn 64 byte u xem l hp l v thng khng c li. Do c
ch chuyn mch khng mnh gy s ch nhn 64 byte
u tin ca frame bo m frame nhn c khng phi
l mt mnh gy do b ng ri mi bt u chuyn frame
i. Trong ch chuyn mch ny, thi gian tr cng c
tnh t switch nhn c bit u tin cho n khi switch pht
switch pht i bit u tin .
Thi gian tr ca mi ch chuyn mch ph thuc vo cch m switch chuyn

frame nh th no. chuyn frame c nhanh hn, switch gim bt thi
gian kim tra li frame i nhng lm nh vy li lm tng d liu cn truyn li.
Ngoi ra tn ti mt ch chuyn mch khc, l s kt hp gia cut through

v store and forward. Kiu kt hp ny gi l cut through thch nghi. Trong ch
ny Switch s s dng chuyn mch cut through cho n khi no n pht hin
ra mt lng frame b li nht nh. Khi s lng frame b li vt qu mc
ngng th khi Switch s chuyn sang dng chuyn mch store and forward.
1.4. Hot ng ca switch
Chc nng ca switch:
Switch l mt thit b chn la ng dn gi frame n ch, switch

hot ng Lp 2 ca m hnh ISO.
Switch quyt nh chuyn frame da trn a ch MAC, do switch c
Bo co
8 thc tp
ti : Tm hiu v VLAN
xp vo thit b hot ng Lp 2. Chnh nh switch la chn ng dn

quyt nh chuyn frame nn mng LAN c th hot ng hiu qu hn.
Switch nhn bit my no kt ni vo cng ca n bng cch c a ch MAC
ngun trong frame m n nhn c. Khi hai my thc hin lin lc vi nhau,
switch ch thit lp mt mch o gia hai cng tng ng m khng lm nh
hng n lu thng trn cc cng khc. Do , mng LAN c hiu sut hot
ng cao thng s dng chuyn mch ton b.
Switch tp trung cc kt ni v quyt nh chn ng dn truyn d liu

hiu qu. Frame c chuyn mch t cng nhn vo n cng pht ra. Mi
cng l mt kt ni cung cp bng thng cho my.
chuyn frame hiu qu gia cc cng, switch lu gi mt bng a ch. Khi

switch nhn vo mt frame, n s ghi a ch MAC ca my gi tng ng vi
cng m n nhn frame vo.
c im chnh ca Switch:
- Tch bit giao thng trn tng on mng : Ethernet Switch chia h
thng mng ra thnh cc n v cc nh gi l microsegment. Cc segment
nh vy cho php cc ngi dng trn nhiu segment khc nhau c th gi
d liu cng mt lc m khng lm chm cc hot ng ca mng.
Bng cch chia nh h thng mng, s lm gim s lng ngi dng v

thit b cng chia s mt bng thng. Mi segment l mt min ng
ring bit. Switch gii hn lu lng bng thng ch chuyn gi tin n
ng cng cn thit da trn a ch MAC Lp 2.
- Tng nhiu hn lng bng thng dnh cho mi ngi dng bng cch
to ra min ng nh hn : Switch bo m cung cp
bng thng nhiu hn cho ngi dng bng cch to ra cc min ng
nh hn. Switch chia nh mng LAN thnh nhiu on mng (segment)
nh. Mi segment ny l mt kt ni ring ging nh mt ln ng ring
100 Mbps. Mi server c th t trn mt kt ni 100 Mbps ring.
Bo co
9 thc tp
ti : Tm hiu v VLAN
Trong cc h thng mng hin nay, Fast Ethernet Switch c s dng lm

ng trc chnh cho mng LAN, cn Ethernet Switch, Ehternet Hub hoc
Fast Ethernet Hub c s dng kt ni xung cc my tnh. Khi cc ng
dng mi nh truyn thng a phng tin, video hi ngh ngy cng
tr nn ph bin hn th mi my tnh s c mt kt ni 100 Mbps ring
vo Switch.
2. Mng LAN o Vlan (Vitrual Local Area Network)

2.1. Gii thiu v Vlan
VLAN l cm t vit tt ca virtual local area network (hay virtual LAN) hay
cn c gi l mng LAN o. VLAN l mt k thut cho php to lp cc mng
LAN c lp mt cch logic trn cng mt kin trc h tng vt l. Vic to lp
nhiu mng LAN o trong cng mt mng cc b (gia cc khoa trong mt trng
hc, gia cc cc trong mt cng ty,...) gip gim thiu min qung b (broadcast
domain) cng nh to thun li cho vic qun l mt mng cc b rng ln.
M hnh mng khng c VLAN l mt mng phng (flat network) v n hot

ng chuyn mch lp 2 . Mt mng phng l mt min qung b (broadcast)
mi gi qung b l mt host no n cc host cn li trong mng. Mi cng
trong hub l mt min ng collision domain (min xung t cc on mng
nm gia 1 cp Bridge hay cc thit b lp 2 khc do ton b lu lng chia s
chung ng tuyn kt ni n thit b lp 2) , khi 1 thit b gi tn hiu th tt c
cc thit b khc u nhn c ( c ch ca hub ) , trong khi cc Bridge v
Bo co
10 thc tp
ti : Tm hiu v VLAN
switch to ra cc collisison domain khin cho mng b nghn, cc gi tin u b

hy v tt c cc hot ng truyn ti b gin on trong 1 khong thi gian.
Hnh 4. M hnh kt ni ca Switch v HUB
V vy ngi ta s dng switch chia nh min collision, nhng n khng

ngn c min qung b.
Vn bng thng : Trong trng hp s ngi dung

trong 1 ta nh tng ln th nhu cu s dng bang thng cng
tng ln do kh nng thc thi ca mng gim
Vn bo mt : Mi ngi dung no cng c th
thy cc ngi dung khc trong cng 1 mng phng (flat
work ) do rt kh bo mt
Vn cn bng ti : Trng mng phng (flat work) ta
khng th thc hin truyn trn nhiu ng i , v lc d
b vng lp nh hng n bang thng nn khng th chia ti
Bo co
11 thc tp
ti : Tm hiu v VLAN
gii quyt vn trn, ngi ta a ra gii php VLAN c nh ngha l

mt nhm logic cc thit b mng, v c thit lp da trn cc tiu ch nh chc
nng , b phn , ng dng ca mt t chc. Mi VLAN coi nh l 1 mng con
logic dc to ra trn switch.
2.2. Cu trc v hot ng ca Vlan
- Cu trc ca mt mng cc VLAN gm 3 tng thit b nh hnh 5:
Hnh 5. Cu trc VLAN
Tng 1 : L router lm nhim v nh tuyn gia cc VLAN
Tng 2 : L cc switch. Trn cc cng ca mi switch chia thnh cc VLAN
Tng 3 : L cc workstation
Bo co
12 thc tp
ti : Tm hiu v VLAN
2.2.1. Cch thc to lp Vlan
Mi mt cng trn switch c th chia cho mt VLAN. Nhng cng c

chia s cho cng mt VLAN th chia s broadcast. Cng no khng thuc VLAN
th s khng chia s broadcast. Nhng ci tin ca VLAN l lm gim bt
broadcast v s lng ph bng thng.
C 2 phng thc to lp VLAN:
VLAN tnh (Static VLAN)

VLAN ng (Dynamic VLAN)
2.2.1.1. Static Vlan
Phng thc ny c m ch nh l port-base membership. Vic gn

cc cng switch vo mt VLAN l to mt static VLAN. Ging nh mt
thit b c kt ni vo mng, n t ng tha nhn VLAN ca cng . Nu
user thay i cc cng v cn truy cp vo cng mt VLAN, th ngi qun tr
mng cn phi khai bo cng ti VLAN cho kt ni ti.
2.2.1.2. Dynamic Vlan
VLAN c to thng qua vic s dng cc phn mm nh Ciscowork

2000. Vi mt VMPS (VLAN Management Policy Server) c th ng k cc
cng cu switch vo cc VLAN mt cch t ng da trn a ch MAC ngun
ca thit b c ni vo cng. Dynamic VLAN hin thi tnh n thnh vin
ca n da trn a ch MAC ca thit b. Nh m thit b trong mng, n truy
vn mt c s d liu trn VMPS ca cc VLAN thnh vin.
Bo co
13 thc tp
ti : Tm hiu v VLAN
Hnh 6. M hnh VLAN Management
Trn switch cng c gn cho mt VLAN c th th c lp vi user hoc

h thng gn vi cng . iu c ngha l tt c cc user nm trn cc
cng nn l thnh vin ca cng mt VLAN. Mt workstation hay mt HUB
c th kt ni vo mt cng VLAN.
Ngi qun tr mng thc hin gn cc VLAN. Cng m c cu hnh l

Static th khng th thay i mt cch t ng c ti VLAN khc khi m
cu hnh li switch. Khi cc user gn vi cng mt phn on mng chia s, tt
c cc user cng chia s bng thng ca phn on mng.
Mi mt user c gn vo mi trng chia s, th s c t bng thng sn

c cho mi user, bi v tt c cc user u nn trn mt min xung t. Nu
chia s tr nn qu ln, xung t c th sy ra qu mc v cc trnh ng dng
c th b mt cht lng.
Cc switch lm gim xung t bng cch cung cp bng thng gia cc

thit b s dng Micro segmentation (Vi phn on), tuy nhin cc switch ch
chuyn cc gi tin dng ARP (Address Resolution Protocol Giao thc
Bo co
14 thc tp
ti : Tm hiu v VLAN
phn gii a ch). VLAN a ra nhiu bng thng hn cho user trong mt
mng chia s bng cch hn ch min qung b c th. VLAN mc nh cho tt
c cc cng trn switch l VLAN1 hoc l management VLAN. VLAN mc
nh khng th xo, tuy nhin cc VLAN thm vo c th to ra v cc cng c
th gn li ti cc VLAN sen k.
Mi mt cng giao din trn switch ging nh cng ca bridge v switch

n gin l mt bridge nhiu cng. Cc bridge lc ti mng m khng cn
quan tm n phn on mng ngun m ch cn quan tm n phn on
mng ch. Nu mt frame cn chuyn qua bridge , v a ch MAC ch l
bit c, th bridge s chuyn frame ti cng giao din chnh xc.
Nu bridge hoc switch khng bit c ch n, n s chuyn gi tin qua

tt c cc cng trong vng qun b (VLAN) tr cng ngun. Mi mt VLAN
nn c mt a ch lp 3 duy nht hoc a ch subnet oc ng k. iu
gip Router chuyn mch gi gia cc VLAN. Cc VLAN c th tn ti nh
cc mng End to-end (T u cui n u cui).
2.2.2. Cc Vlan u cui
Cc End-to-end VLAN cho php cc thit b trong mt nhm s dng

chung ti nguyn. Bao gm cc thng s nh server lu tr, nhm d n v cc
phng ban. Mc ch ca cc End-to-end VLAN l duy tr 80% thng lng trn
VLAN hin thi. Mt End-to-end VLAN c cc c im sau:
Cc user c nhm vo cc VLAN c lp v v tr vt l

nhng li ph thuc vo nhm chc nng hoc nhm c th
cng vic.
Bo co
15 thc tp
ti : Tm hiu v VLAN
Tt c cc user trong mt VLAN nn c cng kiu truyn d

liu 80/20 (80% bng thng cho VLAN hin thi/ 20% bng
thng cho cc truy cp t xa).
Nh mt user di chuyn trong mt khun vin mng, VLAN

dnh cho user khng nn thay i.
Mi VLAN c nhng bo mt ring cho tng thnh vin. Nh

vy, trong End-to-end VLAN, cc user s c nhm vo
thnh nhng nhm da theo chc nng, theo nhm d n
hoc theo cch m nhng ngi dng s dng ti nguyn
mng.
2.2.3. Cc Vlan cc b
Nhiu h thng mng m cn c s di chuyn ti nhng ni tp trung ti

nguyn, End-to-end VLAN tr nn kh duy tr. Nhng user yu cu s dng
nhiu ngun ti nguyn khc nhau, nhiu trong s khng cn trong VLAN
ca chng na.
Bi s thay i v a im v cch s dng ti nguyn. Cc VLAN

c to ra xung quanh cc gii hn a l hn l gii hn thng thng. V tr
a l c th rng nh ton b mt to nh, hoc cng c th nh ch nh nh 1
ci t.
Trong mt cu trc VLAN cc b, l mt cch tm ra nguyn tc

20/80 trong hiu qu vi 80% ca thng lung truy cp t xa v 20% thng
lng hin thi ti user. iu ny tri ngc vi End-to-end VLAN. mc d
hnh thi mng ny user phi i qua thit b lp 3 t c 80% ti nguyn
khai thc. Thit k ny cho php cung cp cho mt d nh, mt phng thc
chc chn ca vic xc nhn ti nguyn.
Bo co
16 thc tp
ti : Tm hiu v VLAN
2.2.4. Cc loi Vlan
C 3 m hnh c bn xc nh v iu khin mt gi tin c gn nh th

no vo mt VLAN:
VLAN da trn cng port base VLANs : Mi

cng (Ethernet hoc Fast Ethernet ) c gn vi mt VLAN xc nh.
Do mi my tnh hoc thit b host kt ni mt cng ca switch u
ph thuc vo VLAN . y l cch cu hnh VLAN n gin v ph
bin nht.
VLAN da trn a ch MAC MAC address base VLANs : Mi

a ch MAC c gn ti 1 thit b nht nh. Cch cu hnh ny rt
phc tp v kh khn trong vic qun l.
VLAN da trn giao thc Protocol base VLANs :

Tng t vi VLAN da trn a ch MAC nhng s dng a ch IP
thay cho a ch MAC, cch ny cu hnh khng kh dng
S lng cc VLAN trong mt switch c th rt khc nhau, ph thuc vo

mt vi yu t. Nh: cc kiu lu lng, kiu ng dng, nhu cu qun l
mng v nhm thng dng. Thm na phi xem xt mt vn quan trng
trong vic xc ng r kch c ca switch v s lng cc VLAN l sp xp
dy a ch IP.
2.2.5. Nhn dng VLAN frame
Vi cc VLAN s dng nhiu switch, frame header c ng gi hoc s

dng li phn hi li mt VLAN Id trc khi Frame c gi i vo ni kt
gia cc switch. Trc khi chuyn gi tin n im cui, Frame header c
Bo co
17 thc tp
ti : Tm hiu v VLAN
thay i tr li vi nh dng ban u. VLAN nhn dng bng cch: gi tin no

th thuc VLAN .
Hnh 7. Qu trnh truyn frame
Hnh 8. Cu trc frame
Gn th cho Frame (Frame tagging): l mt phng thc chun ca IEEE dnh

cho vic nhn dng cc VLAN bng cch thm vo Frame header c im ca mt
VLAN. Hnh 5 minh ho mt nh dng Frame 802.1q vi VLAN Id. Giao thc
802.1Q chn vo 4 bytes vo u ngay pha sau phn a ch ngun, c gi l tag.
Cc a ch ban u ca frame khng b nh hng. Vi dng kiu lm vic ca
Bo co
18 thc tp
ti : Tm hiu v VLAN
802.1Q, hai bytes u tin trong phn a ch cha mt gi tr l 0x8100, c ngha l

ch ra frame bao gm hearder ca trunking 802.1Q
2.2.6. Giao thc VTP (Vlan Trunking Protocol)

2.2.6.1. Khi nim
VTP l giao thc hot ng lp 2 trong m hnh OSI s dng cc Trunk

frame qun l ng nht khi thm hoc xa ,sa thng tin v VLAN trong h
thng mng .
Hin nay c 2 k thut Trunking l Frame Filtering v Frame Tagging. Trong bo

co ch tm hiu v Frame Tagging.
Giao thc Trunking Frame Tagging phn bit cc Frame v d dng qun l
v phn pht Frame nhanh hn. Cc tag c thm vo trn ng gi tin i ra
hoc i vo ng trunk, cc gi tin c gn tag khng phi l gi tin qung b .
Mt ng vt l duy nht kt ni gia 2 switch th c th truyn ti cho mi

VLAN. lu tr, mi frame c gn tag nhn dng trc khi gi i, frame
ca VLAN no th i v VLAN .
2.2.6.2. Hot ng
Li ch ca VTP:
VTP c th b cu hnh khng ng, khi s thay i c to ra. Cc cu

hnh khng ng c th tng hp trong trng hp thg k cc vi phm
nguyn tc bo mt. Bi v cc kt ni ca VLAN b chng cho khi cc
VLAn b t trng tn. Cc cu hnh khng ng ny c th b ct kt ni
khi chng c nh x t mt kiu LAN ti mt kiu LAN khc. VTP cung
cp cc li ch sau:
Bo co
19 thc tp
ti : Tm hiu v VLAN
Cu hnh ng cc VLAN qua mng
H thng nh x cho php 1 VLAn c trunk qua cc mi trng

truyn hn hp. Ging nh nh x cc VLAN Ethernet ti ng
cp trc tc cao nh ATM, LANE hoc FDDI.
Theo di chnh xc v kim tra VLAN Bo co ng v vic thm

vo cc VLAN
D dng cu hnh khi thm mi VLAN Trc khi thit lp cc

VLAN trn switch, ta phi setup mt management domain trong
phm vi nhng th m ta c th kim tra cc VLAN trong mng.
Cc switch trong cng mt management domain chia s thng tin
VLAN vi cc VLAN khc v mt switch c th tham gia vo ch
mt VTP management domain. Cc switch domain khc khng
chia s thng tin VTP.
Cc switch s dng giao thc VTP th trn mi cng trunk ca n c:
Management domain
S cu hnh
Bit c VLAN v cc thng s c th
VTP domain:
Hot ng chuyn mch VTP hot ng trn mt trong ba ch sau:
Server
Client
Transparent
Bo co
20 thc tp
ti : Tm hiu v VLAN
Hnh 9. Cc mode VTP
- VTP Server : C th to , chnh sa , xa VLAN. VTP server lu cu

hnh VLAN vo trong NVRAM . VTP server gi thng ip ra tt c cc port
trunk ca n.
- VTP Client : Khng to , chnh sa v xa thng tin. VTP Client c chc

nng p ng theo mi s thay i ca VLAN t server v gi thng ip ra tt c
cc port trunk ca n. VTP Client khng lu cu hnh trong NVRAM m ch t
trn RAM v n c th hc cu hnh VLAN t server . Do ch client rt h
dng khi switch khng b nh lu mt lng ln thng tin VLAN.
Bo co
21 thc tp
ti : Tm hiu v VLAN
- VTP Transparent : Ch nhn v chuyn tip cc VTP update do cc switfch

khc gi n m khng quan tm n ni dung ca cc thng ip ny. Nu
transparent switch nhn thng tin cp nht VTP n cng khng cp nht vo c s
ca n , ng thi nu cu hnh VLAN ca n c g thay i , n cng khng gi
thng tin cp nht cho cc switch khc. Trn transparent switch ch c mt vic
duy nht l chuyn tip thng ip VTP. Switch hot ng ch transparent ch
c th to ra VLAN cc b. Cc Vlan ny s khng qung b n cc switch khc
2.3. Mt s vn tn cng v bo mt trong Vlan
Tn cng VLAN hopping cho php lu lng t mt VLAN truy cp ti nhng

vlan khc m khng cn nh tuyn. Mt attacker c th s dng vlan hopping
attack nghe trm traffic trn cc vlan khc. C 2 kiu tn cng VLAN hopping
l: Switch spoofing v double tagging.
- Switch Spoofing : Nu switch mang tt c nhng traffic ca tt c cc vlan.

V vy nu mt haker c th thm nhp vo mt switch i vo trunking
mode, attacker c th nhn thy tt c cc traffic trn tt c cc vlan. Trong
mt vi trng hp kiu tn cng ny c th s dng tm kim username
v password credential, hacker s dng cho ln tn cng sau. Mt vi
dng switch cicso mc nh auto mode trunking. Ci ny c ngha rng
nhng port t ng tr thnh trunking port nu n nhn DTP frame
( Dynamic trunking protocol). Mt haker c th thc hin bin cng switch
thnh cng trunking mode. Bng cch ci phn mm trn my tnh la gt
DTP frame hoc kt ni 1 switch gi ti cng ca switch tht .
Bo co
22 thc tp
ti : Tm hiu v VLAN
o chng li switch spoofing, bn c th tt trunking trn tt c

nhng port khng yu cu thc hin mode trunks v tt DTP trn
nhng cng khng cn tr thnh trunk port.
Lnh cu hnh:
Disable Trunking :
Switch (config)# interface gigaethernet 0/3

Switch (config if)# switchport mode access
Ngn nga s dng DTP :

Switch(config-if)#switchport trunk encapsulationg dot1q
Switch (config-if)#swtichport mode trunk
Switch (config-if)#swtichport nonegotiate
- Double Tagging : Trn ng Trunk chun IEEE 802.1Q ,mt VLAN c

thit k l native VLAN. Native vlan khng thm bt k tagging no ti
frame trong qu trnh truyn frame t mt switch ny n nhng switch
khc.
Nu my tnh ca hacker thuc cng native vlan, hacker c th ang c th

ca native vlan lm n by gi traffic, ci m c hai tag chun 802.1q.
c trng ring, traffic `s outer tag cho native vlan v traffic inner tag cho
vlan ch, ci m attacker mun gi traffic.
M hnh: Attacker(VLAN 1) => sw1; sw1=> sw2; sw2 => victim(VLAN

100). Attacker gi d liu t my mnh vlan1 n my victim vlan 100. Do
attacker kt ni n sw1 thuc native vlan, nn khi d liu qua sw1 s ko b
gn tag, y outer tag s b g b trn frame ca sw1.Khi frame ca sw1
c gi n sw2, sw2 s ng inner tag cho frame. Inner tag y l vlan
100 , vlan ca my victim. Sw2 gi traffic out ti vlan ch(vlan 100).
Bo co
23 thc tp
ti : Tm hiu v VLAN
o ngn nga mt tn cng VLAN hopping s dng double tagging,

khng s dng native vlan gi traffic ngi dung. Bn c thc
hin iu ny bng cch to 1 native vlan trn t chc ca bn khng
c bt k port no. Vlan ny khng s dng l duy nht cho mc
ch gn native vlan.
Lnh cu hnh
SW(config-if)# switchport trunk native vlan 400
Ngoi cc kiu tn cng lm trn MAC v VLAN hopping, cn c mt s kiu tn

cng khc nh spanning-tree, ARP spoofing, tn cng DHCP, u c th xy ra ti
lp 2. Ngoi ra nn ch thc hin mt s iu sau:
- Hn ch cc hot ng truy nhp qun l switch sao cho nhng khu

vc khng tin cy trong mng khng th li dng cc giao din v cc giao
thc qun l nh SNMP (Simple Network Management Protocol).
- Ngn chn cc kiu tn cng t chi dch v v cc kiu li dng tn cng

khc bng cch kho cc giao thc spanning-tree v cc giao thc ng
khc.
- S dng phn cng ACL ti nhng v tr c th chn cc lu lng

khng mong mun. S dng cc VLAN ID dnh ring cho tt c cc
trunk port.
- Tt tt c cc cng khng s dng trong VLAN S dng cc bin php

an ninh cho port gp phn bo v h thng trc cc cuc tn cng
switch.
Mt s tnh nng bo mt cn c cc thit b lp 2 :
Bo co
24 thc tp
ti : Tm hiu v VLAN
- Port security : Gii hn s lng thit b

c php kt ni vo port.
- Private LANs : Cung cp bin php an

ninh v kh nng phn vng cc port trn switch m cc port ny l thnh
vin ca cng mt VLAN. Tnh nng ny m bo rng user c th giao
tip ch vi gateway mc nh ca h m khng phi vi gateway ca
ngi khc. Private VLAN thng c s dng hiu qu trong cc mi
trng trung lp gia mng ni b v internet DMZ (Delimitized Zone).
- STP root guard/BPDU guard : Loi b cc cuc tn cng

theo kiu spanning-tree bng cch tt tt c cc port c th gy ra s thay
i cu trc mng lp 2.
- SSH support : Cung cp mt kt ni t

xa an ton n cc thit b lp 2 v lp 3. i vi cc kt ni t xa, SSH
cung cp mc bo mt cao hn Telnet do cung cp phng php m ho
mnh.
- VMPS (VLAN Membership Policy Server) : Cho php cc a ch

MAC nht nh tng ng vi cc VLAN nht nh. Tnh nng nycho
php ngi s dng di ng trong mng campus lun c kh kt ni vi
cng mt bin php an ninh mng.
- Chng thc IEEE 802.1X : Bo v mng bng cch

chng thc ngi s dng theo mt c s d liu trung tm trc khi bt c
mt hnh thc kt ni no c php thc hin. Ngc li, phn ln ngi
Bo co
25 thc tp
ti : Tm hiu v VLAN
s dng bn trong cc mng cc b thng c th truy nhp ch bng cch

s dng mt kt ni Ethernet m khng cn phi nhn thc g.
- Wire-rate ACLs : Cho php cc danh sch

iu khin truy nhp c thc hin m khng lm gim hiu nng h
thng.
3. Tng kt
3.1. Tng kt
Vic s dng VLAN nhm gii quyt c phn no vn v bo mt , tnh
ring t , tc nghn khi mng chu ti cao, trnh b sp do tc nghn m vn m
bo c kh nng phc v ca ton mng v p ng c nhu cu s dng ca
ngi dng.
- Tit kim bng thng ca h thng mng : VLAN chia mng LAN thnh
nhiu on (segment) nh, mi on l mt vng qung b (broadcast domain).
Khi c gi tin qung b (broadcast), n s c truyn duy nht trong VLAN
tng ng. Do vic chia VLAN gip tit kim bng thng ca h thng mng.
- Tng kh nng bo mt : Do cc thit b cc VLAN

khc nhau khng th truy nhp vo nhau (tr khi ta s dng router ni gia cc
VLAN). Nh trong v d trn, cc my tnh trong VLAN k ton (Accounting) ch
c th lin lc c vi nhau. My VLAN k ton khng th kt ni c vi
my tnh VLAN k s (Engineering).
- Tnh linh ng cao : C th thm, xa v thay i v

tr ngi s dng mng mt cch linh hot. Quy hoch kt ni mng ca 1 cng
ty hay t chc theo phng ban , chc nng ch khng khng ph thuc vo v tr
a l, tt c s dng chung 1 h tng duy nht
Bo co
26 thc tp
ti : Tm hiu v VLAN
Hnh 10. VLAN cc phng ban ca cc tng trong 1 ta nh
3.2. Tm quan trng v ng dng VLan vo thc t
Vi mng LAN thng thng, cc my tnh trong cng mt a im (cng

phng...) c th c kt ni vi nhau thnh mt mng LAN, ch s dng mt
thit b tp trung nh hub hoc switch. C nhiu mng LAN khc nhau cn rt
nhiu b hub, switch. Tuy nhin thc t s lng my tnh trong mt LAN thng
khng nhiu, ngoi ra nhiu my tnh cng mt a im (cng phng) c th
thuc nhiu LAN khc nhau v vy cng tn nhiu b hub, switch khc nhau. Do
va tn ti nguyn s lng hub, switch v lng ph s lng port Ethernet.Vi
Bo co
27 thc tp
ti : Tm hiu v VLAN
nhu cu tit kim ti nguyn, ng thi p ng nhu cu s dng nhiu LAN trong
cng mt a im, gii php a ra l nhm cc my tnh thuc cc LAN khc
nhau vo cng mt b tp trung switch.
Cu hnh VLAN cho 1 mng doanh nghip:
M hnh mng doanh nghip A kt ni vi chi nhnh B.
Tr s chnh gm 4 phng ban: Gim c, nhn s, kinh doanh, k ton:
Vlan 2 phng Gim c 192.168.2.0/24 default-gateway: 192.168.2.252
Vlan 3 phng Nhn s 192.168.3.0/24 default-gateway: 192.168.3.252
Vlan 4 phng K ton 192.168.4.0/24 default-gateway: 192.168.4.252
Vlan 5 phng Kinh doanh 192.168.5.0/24 default-gateway: 192.168.5.252
Bo co
28 thc tp
ti : Tm hiu v VLAN
Hnh 7. M hnh mng doanh nghip
Phn Vlan :Cu hnh SW1 lm SW server cp Vlan cho SW3, SW4 :
SW1(config)#vtp domain mangdoanhnghiep
SW1(config)#vtp password 123
SW1(config)#vtp mode server
Bo co
29 thc tp
ti : Tm hiu v VLAN
SW1(config)#vlan 2
SW1(config-vlan)#name giamdoc
SW1(config)#vlan 3
SW1(config-vlan)#name nhansu
SW1(config)#vlan 4
SW1(config-vlan)#name ketoan
SW1(config)#vlan 5
SW1(config-vlan)#name kinhdoanh
Cu hnh SW2, SW3, SW4 lm client :
SW2(config)# vtp domain mangdoanhnghiep
SW2(config)#vtp mode client
Gn port cho cc VLAN :
Bo co
30 thc tp
ti : Tm hiu v VLAN
SW3(config)#interface range f0/3 8
SW3(config-if-range)#switchport mode access
SW3(config-if-range)#switchport access vlan 2
SW3(config-if-range)#exit
Bo co
31 thc tp
ti : Tm hiu v VLAN
SW3#show vlan
Bo co
32 thc tp
ti : Tm hiu v VLAN
M Trunk trn cc port :
SW1(config)#interface f0/3
SW1(config-if)#switchport trunk encapsulation dot1q
SW1(config-if)#switchport mode trunk
Bo co
33 thc tp
ti : Tm hiu v VLAN
Bo co
34 thc tp
ti : Tm hiu v VLAN
SW2#show interfaces trunk
Bo co
35 thc tp

Tổng Quan Về Chuyển Mạch Vlan

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Tổng Quan Về Chuyển Mạch Vlan

Uploaded by

Copyright:

Available Formats

ti : Tm hiu v VLAN

1. Tng quan v chuyn mch................................................................3

1. Tng quan v chuyn mch

Switch thc hin hot ng chnh nh:

Chuyn mch frame

1.1. Chuyn mch lp 2 v lp 3

Chuyn mch l tin trnh nhn frame vo t mt cng v chuyn frame ra ti

S khc nhau gia chuyn mch Lp 2 v Lp 3 l loi thng tin nm trong

Chuyn mch Lp 2 nhn vo a ch MAC ch trong phn header ca

Chuyn mch Lp 3 l mt chc nng ca Lp mng. Chuyn mch Lp 3

1.2. Chuyn mch i xng v bt i xng

Hnh 1. Chuyn mch i xng

Hnh 2. Chuyn mch bt i xng

Ethernet Switch s dng b m gi v chuyn frame. B m cn c s

B m theo cng : Frame c lu thnh tng hng i tng ng vi tng

B m chia s : Tt c cc frame c lu vo chung mt b nh. Tt c cc

Switch gi mt s cho bit frame no tng ng vi cng no v s ny s

1.3. Phng php chuyn mch

C 2 phng php chuyn mch:

- Store - and forward : Nhn vo ton b frame xong ri mi bt u chuyn

Hnh 3. Chuyn mch theo phng php store-and-forward

- Cut through : Frame c chuyn i trc khi nhn xong ton b

Fast forward : Chuyn mch nhanh c thi gian tr

Fragment free : c ch chuyn mch ny s lc b cc

mnh gy do ng gy ra trc khi bt u chuyn gi.

Thi gian tr ca mi ch chuyn mch ph thuc vo cch m switch chuyn

Ngoi ra tn ti mt ch chuyn mch khc, l s kt hp gia cut through

1.4. Hot ng ca switch

Chc nng ca switch:

Switch l mt thit b chn la ng dn gi frame n ch, switch

Switch quyt nh chuyn frame da trn a ch MAC, do switch c

xp vo thit b hot ng Lp 2. Chnh nh switch la chn ng dn

Switch tp trung cc kt ni v quyt nh chn ng dn truyn d liu

chuyn frame hiu qu gia cc cng, switch lu gi mt bng a ch. Khi

Bng cch chia nh h thng mng, s lm gim s lng ngi dng v

Trong cc h thng mng hin nay, Fast Ethernet Switch c s dng lm

2. Mng LAN o Vlan (Vitrual Local Area Network)

M hnh mng khng c VLAN l mt mng phng (flat network) v n hot

switch to ra cc collisison domain khin cho mng b nghn, cc gi tin u b

Hnh 4. M hnh kt ni ca Switch v HUB

V vy ngi ta s dng switch chia nh min collision, nhng n khng

Vn bng thng : Trong trng hp s ngi dung

gii quyt vn trn, ngi ta a ra gii php VLAN c nh ngha l

2.2. Cu trc v hot ng ca Vlan

- Cu trc ca mt mng cc VLAN gm 3 tng thit b nh hnh 5:

Hnh 5. Cu trc VLAN

Tng 1 : L router lm nhim v nh tuyn gia cc VLAN

Tng 2 : L cc switch. Trn cc cng ca mi switch chia thnh cc VLAN

2.2.1. Cch thc to lp Vlan

Mi mt cng trn switch c th chia cho mt VLAN. Nhng cng c

C 2 phng thc to lp VLAN:

VLAN tnh (Static VLAN)

2.2.1.1. Static Vlan

Phng thc ny c m ch nh l port-base membership. Vic gn

2.2.1.2. Dynamic Vlan

VLAN c to thng qua vic s dng cc phn mm nh Ciscowork

Hnh 6. M hnh VLAN Management

Trn switch cng c gn cho mt VLAN c th th c lp vi user hoc

Ngi qun tr mng thc hin gn cc VLAN. Cng m c cu hnh l

Mi mt user c gn vo mi trng chia s, th s c t bng thng sn

Cc switch lm gim xung t bng cch cung cp bng thng gia cc

Mi mt cng giao din trn switch ging nh cng ca bridge v switch

Nu bridge hoc switch khng bit c ch n, n s chuyn gi tin qua

2.2.2. Cc Vlan u cui