It is quite troublesome of IP plan for large networking. There many doubts about how to set IP address for over 1000 channels monitoring system or networking.
The usual way of IP plan for large networking is through VLAN segmentation, with the benefits of convenient management and improving the security of network. Are there any other ways except the VLAN segmentation? Definitely yes, one of them is the port isolation. These two ways are most commonly used in the IP plan.
VLAN SEGMENTATION
The function of VLAN is used to isolate broadcast. It could achieve communication between different VLANs through VLAN segmentation in layer 3 managed switch.
Eg.:
There are 1000pcs PC in a company but in different department. How to plan for IP address to ensure communication between all departments?
We can set up 6 IP segments for these 1000pcs PC with a view to the future expansion. Of course, you can also set up 5 IP segments in here. Then the IP address plan can be as follows:
Vlan1:192.168.1.1/24
Vlan2:192.168.2.1/24
Vlan3:192.168.3.1/24
Vlan4:192.168.4.1/24
Vlan5:192.168.5.1/24
Vlan6:192.168.6.1/24
BENEFITS OF VLAN
1.Improve the network processing capacity through limiting the broadcast to a VLAN.
2.Enhance the security of LAN. The internal broadcast and unicast traffic within a VLAN will not be forwarded to other VLANs, therefore, it helps to control network traffic, reduce equipment investment, simplify network management, and improve network security.
3.Flexible construction of virtual work group. VLAN can be used to divide users into different work groups, users of a work group are not limited by their physical locations.
PORT ISOLATION
It wastes VLAN resources to set different ports into different VLANs, but if using port isolation, users can isolate ports which are in the same VLAN, through setting ports into the isolation groups.
Eg.:
The methods and application scenarios for port isolation are shown in the following figure. PC1, PC2 and PC3 are belonging to VLAN 10.
It requires the implementation of pc2 and pc3 can not communicate with each other, but can communicate with PC3 respectively.
Pc 1 10.10.10.1 255.255.255.0 Connect to Port GE1/0/1
Pc 2 10.10.10.2 255.255.255.0 Connect to port GE1/0/2
Pc 3 10.10.10.3 255.255.255.0 Connect to port GE1/0/3
Gateway address is 10.10.10.4
The port isolation is widely used in the practical networking due to its security and flexibility. The ports in same isolation group can not communicate with each other while can communicate with the ports of different group.
It seems the same way of VLAN, but it is not! Both VLAN and port isolation are used to make part of devices independent in a space for protection, but VLAN is used to isolate broadcast, and the IP segment of users in the same VLAN is the same and share the data. If make the port isolation, they can not communicate even if they are in the same IP segment.
CONCLUSION
1. The isolated ports can not communicate with each other, but can communicate with Uplink port. The port in same VLAN can communicate with each other, but can not communicate with the ports in different VLANs.
2. The isolated ports are still in the same IP segment, while there is a separate IP segment for each VLAN.
3. Port isolation is limited to a single switch, if there are two or more switches, it can not work. VLAN can work even there are multiple switches as long as the VLAN ID is different.
4. The connected Uplink port can not distinguish the data is from which isolated port, but can distinguish which VLAN the data belongs to.
+86-755-83898016-863
+86-1501-2669-765
info@utepo.net
Note: To speed up our service to you, please make sure the field with " * " mark is filled before you click on "Submit" button, Thank you!