CN101035052B - Port separation method based on the virtual LAN - Google Patents
Port separation method based on the virtual LAN Download PDFInfo
- Publication number
- CN101035052B CN101035052B CN2007100982700A CN200710098270A CN101035052B CN 101035052 B CN101035052 B CN 101035052B CN 2007100982700 A CN2007100982700 A CN 2007100982700A CN 200710098270 A CN200710098270 A CN 200710098270A CN 101035052 B CN101035052 B CN 101035052B
- Authority
- CN
- China
- Prior art keywords
- vlan
- port
- packet
- access interface
- isolation
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Abstract
The invention advances a VLAN (virtual local-area network) port isolating method, firstly building a look-up table stored with the isolation VLAN corresponding to an access port and the uplink port corresponding to the access port, and when the access port receives data packet, making the treatments of: according to the look-up table, judging whether the data packet will be transmitted to the isolation VLAN: if no, processing the data packet by normal two-layer transmission. And the method makes access ports isolated in some VLANs but not isolated in others, saving VLAN resources and besides, bringing about more flexibility to port isolation and simplifying the rules that access equipment connects to VLANs and isolates ports, and perfectly meeting isolation requirements of access-layer switcher users.
Description
Technical field
The present invention relates to ether switch device switching technology, realize a kind of port separation method that flows based on the Layer 2 data of VLAN (vlan).
Background technology
Along with the develop rapidly of ethernet technology, the broadband user increases rapidly.At present, used two-layer switching equipment to provide service in a large number in access layer network operator as the user.Fail safe for network, and the risk that reduces network storm, vlan (VLAN) technology has extensively been adopted in two layers of exchange field, different users is divided among the different vlan, thereby isolated two layers communication between the user, avoided broadcast storm between the user, to produce and influenced each other.
Along with increasing of user, the restriction of vlan resource is obvious day by day, and the vlan configuration management is also pretty troublesome, so a kind of isolation technology based on port has been carried.Even the characteristics of this partition method be the port of isolating in same vlan, can not communicate with one another (as shown in Figure 1), do not influence each other even access interface vlan is identical yet, thereby saved the vlan resource.
The port of isolating is called access interface mutually, and the port that can communicate by letter with access interface is called first line of a couplet port.But the shortcoming that is based on the isolation technology of port is that two laminar flows of all vlan are all isolated out between isolated port, can't communication.The flexibility of the network planning is poor like this, and for access interface, the vlan that the port that the user wishes to isolate has isolates, and the vlan that has is intercommunication, and for the needs of link redundancy, access interface can with the intercommunication of a plurality of first line of a couplet port.
Summary of the invention
The technical problem to be solved in the present invention provides a kind of port separation method, solves in the prior art that two laminar flows of all vlan are all isolated out between isolated port, can't communication, and the problem that network planning flexibility is relatively poor.
In order to solve the problems of the technologies described above, the present invention proposes a kind of port separation method based on VLAN, at first set up look-up table, the isolation VLAN of preserving this access interface correspondence in this table is promptly isolated vlan, and the first line of a couplet port of this access interface correspondence, when described access interface receives packet, carry out following processing: judge according to look-up table whether this packet will send among the isolation vlan of this access interface, if not, transmit this packet of processing according to normal two layers.
Further, said method also can have following characteristics: if this packet will send among the isolation vlan of described access interface, carry out following processing:
A, the described packet of judgement are unicast stream or broadcasting stream, if unicast stream changes step b over to; If broadcasting stream is searched the first line of a couplet port of access interface correspondence in look-up table, transmit this packet, finish;
Whether b, the destination address of checking this packet are the first line of a couplet port study from the access interface correspondence, are not then to abandon this packet, otherwise, be forwarded to corresponding first line of a couplet port, end.
Further, said method also can have following characteristics: described packet carries vlan sign, if in look-up table, find and the corresponding vlan of this vlan sign, illustrate that then this packet will send among the isolation vlan of access interface, otherwise this packet does not send among the isolation vlan of access interface.
Further, said method also can have following characteristics: the corresponding one or more first line of a couplet ports of described access interface.
The present invention proposes a kind of port isolation technology of the one-to-many based on vlan, uses the vlan+ port to isolate.Transmit by designing a vlan+ port, will isolate vlan and be kept at during this transmits, the vlan that has between the access interface isolates, and the vlan that has can intercommunication, and an access interface can corresponding a plurality of first line of a couplet ports.So both saved the vlan resource, simultaneously, also brought greater flexibility, simplified the planning of vlan on the access device and isolated port, satisfied access-layer switch user's isolation requirement well to port isolation.
Description of drawings
Fig. 1 is based on the schematic diagram of the partition method of port in the prior art;
Fig. 2 is the port separation method flow chart that the present invention is based on the one-to-many of vlan;
Fig. 3 is the port separation method schematic diagram that the present invention is based on the one-to-many of vlan.
Embodiment
The present invention proposes a kind of port isolation technology of the one-to-many based on vlan, uses the vlan+ port to isolate.That vlan of configuration isolation is called and isolates vlan on the isolated port, only isolates in isolating vlan between the access interface, and other vlan do not isolate.
In the inventive method,, design a vlan+ port (port) and transmit at first to each access interface, if access interface has disposed isolation at certain vlan, preserve this in the table and isolate vlan, and preserve the first line of a couplet port of this access interface correspondence in the table, the inventive method is seen Fig. 2, and step is as follows:
Step 210: when access interface is received packet, vlanId (vlan sign) according to the data band, searching the vlan+ port transmits, if the vlan of the vlanId correspondence that packet carries has disposed isolation, promptly this packet will send among the isolation vlan of this access interface, changes step 220 over to; If there is not configuration isolation, change step 270 over to;
Step 220: judge that the packet receive is broadcasting stream or clean culture,, change step 230 over to if isolated port receives is broadcasting stream; If what isolated port was received is clean culture, change step 240 over to;
Step 230: from vlan+ port look-up table, search first line of a couplet port, transmit packet, finish to all first line of a couplet ports;
Step 240: check whether the packet rs destination address comes from corresponding first line of a couplet port study, if, change step 250 over to, otherwise, change step 260 over to;
When the corresponding a plurality of first line of a couplet port of access interface, check each first line of a couplet port, see whether destination address is learnt to come from described first line of a couplet port.
Step 250: packet is forwarded to corresponding first line of a couplet port, finishes;
Step 260: abandon this packet, finish;
Step 270: transmit the processing said data bag, end according to normal two layers.
Whether communication can realize that the vlan that has isolates by the vlan of configuration between the access interface like this, and the vlan that has can intercommunication, realizes the port isolation based on the one-to-many of vlan.From the data message that first line of a couplet port is received, do not need to isolate, as long as just passable according to normal two layers of forwarding.
Below with the configuration instruction scheme implementation procedure of Fig. 3:
Suppose access interface customerA, customerB, first line of a couplet port have two to be respectively uplinkA, uplinkB.They are configured among the vlan 10,20, and wherein the data flow among the vlan10 is isolated at access interface, and intercommunication among the vlan20.
Up broadcasting packet (packet of receiving from access interface):
1) if what receive in the customerA port is that label is 10 broadcasting, the unknown or multicast packet, searches the vlan+ port table when then transmitting, find to have disposed isolation, then transmit and be broadcast to first line of a couplet port, do not broadcast to access interface customerB;
2) if what receive in the customerA port is that label is 20 broadcasting, the unknown or multicast packet, search the vlan+ port table when then transmitting, finding does not have configuration isolation, then is broadcast to ports all among the vlan20, both to the broadcasting of first line of a couplet port, also to other access interface broadcasting.
Up unicast message:
1) be that label is 10 unicast packet if the customerA port receives, search the vlan+ port table when then transmitting, isolation has been disposed in discovery, will check further that then the outbound port in purpose medium access control (mac) table is a first line of a couplet port, if then forward from this first line of a couplet port.If purpose mac learns from customerB, then discard processing do not transmit to the customerB port, thereby unicast packet has also realized isolation between two access interface;
2) if the customerA port receives is that label is 20 unicast packet, search the vlan+ port table when then transmitting, finding does not have configuration isolation, then directly carries out common two layers of forwarding.
Equally, broadcasting, unknown multicast or the unicast packet received of customerB also carried out same processing.So just realized isolating according to vlan between the access interface, access interface can communicate with a plurality of first line of a couplet ports.
Claims (3)
1. port separation method based on VLAN, at first set up look-up table, preserve the isolation VLAN of access interface correspondence in this table and promptly isolate vlan, and the first line of a couplet port of this access interface correspondence, when described access interface receives packet, carry out following processing:
Judge according to look-up table whether this packet will be forwarded among the isolation vlan of this access interface,
If this packet will be forwarded among the isolation vlan of described access interface, carry out following processing:
A, the described packet of judgement are unicast stream or broadcasting stream, if unicast stream changes step b over to; If broadcasting stream is searched the first line of a couplet port of access interface correspondence in look-up table, transmit this packet, finish;
Whether b, the destination address of checking this packet are the first line of a couplet port study from the access interface correspondence, are not then to abandon this packet, otherwise, be forwarded to corresponding first line of a couplet port, end;
If this packet is not forwarded among the isolation vlan of described access interface, transmit this packet of processing according to normal two layers.
2. the method for claim 1, it is characterized in that: described packet carries vlan sign, if in look-up table, find and the corresponding vlan of this vlan sign, illustrate that then this packet will be forwarded among the isolation vlan of access interface, otherwise this packet is not forwarded among the isolation vlan of access interface.
3. the method for claim 1 is characterized in that: the corresponding one or more first line of a couplet ports of described access interface.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2007100982700A CN101035052B (en) | 2007-04-25 | 2007-04-25 | Port separation method based on the virtual LAN |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2007100982700A CN101035052B (en) | 2007-04-25 | 2007-04-25 | Port separation method based on the virtual LAN |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101035052A CN101035052A (en) | 2007-09-12 |
| CN101035052B true CN101035052B (en) | 2011-07-13 |
Family
ID=38731368
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2007100982700A Expired - Fee Related CN101035052B (en) | 2007-04-25 | 2007-04-25 | Port separation method based on the virtual LAN |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101035052B (en) |
Families Citing this family (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101631062B (en) * | 2009-08-25 | 2012-01-11 | 北京东土科技股份有限公司 | PVLAN implementation method of trunking port isolation |
| CN101729355B (en) * | 2009-12-08 | 2012-07-18 | 中兴通讯股份有限公司 | Method for realizing particular virtual local area network and device |
| CN103596649B (en) * | 2013-04-25 | 2015-07-29 | 华为技术有限公司 | A kind of method, apparatus and system communicated in VLAN |
| CN103281205B (en) * | 2013-05-23 | 2016-02-03 | 浙江宇视科技有限公司 | A kind of method of configured port isolation information and the network equipment |
| CN104158768B (en) * | 2014-07-01 | 2018-05-04 | 汉柏科技有限公司 | A kind of method and system of extended network interface, the method for receiving and dispatching message |
| CN104734953B (en) * | 2015-03-24 | 2019-07-23 | 福建星网锐捷网络有限公司 | The method, apparatus and interchanger of two layers of message isolation are realized based on VLAN |
| CN105656914A (en) * | 2016-01-29 | 2016-06-08 | 盛科网络(苏州)有限公司 | Multi-user management based method and apparatus for realizing switch forward domain isolation |
| CN107294940A (en) * | 2016-04-12 | 2017-10-24 | 中兴通讯股份有限公司 | Switch ports themselves partition method and device |
| CN106789921A (en) * | 2016-11-28 | 2017-05-31 | 成都广达新网科技股份有限公司 | A kind of exchange method and interchanger for supporting that member port is isolated in VLAN |
| CN111614632B (en) * | 2020-04-30 | 2022-06-14 | 深圳震有科技股份有限公司 | User data packet isolation method, system and storage medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1474564A (en) * | 2002-08-05 | 2004-02-11 | ��Ϊ��������˾ | Communication method between virtual local area webs |
| CN1555165A (en) * | 2003-12-26 | 2004-12-15 | IP multicasting precision port repeat method in three layer exchanging | |
| US7095741B1 (en) * | 2000-12-20 | 2006-08-22 | Cisco Technology, Inc. | Port isolation for restricting traffic flow on layer 2 switches |
-
2007
- 2007-04-25 CN CN2007100982700A patent/CN101035052B/en not_active Expired - Fee Related
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7095741B1 (en) * | 2000-12-20 | 2006-08-22 | Cisco Technology, Inc. | Port isolation for restricting traffic flow on layer 2 switches |
| CN1474564A (en) * | 2002-08-05 | 2004-02-11 | ��Ϊ��������˾ | Communication method between virtual local area webs |
| CN1555165A (en) * | 2003-12-26 | 2004-12-15 | IP multicasting precision port repeat method in three layer exchanging |
Non-Patent Citations (1)
| Title |
|---|
| 图1、2. |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101035052A (en) | 2007-09-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101035052B (en) | Port separation method based on the virtual LAN | |
| US7869432B1 (en) | Peer-to-peer link aggregation across a service provider network | |
| JP3868815B2 (en) | Communications system | |
| US8902757B2 (en) | Method and system for transparent LAN services in a packet network | |
| CN100568853C (en) | Layer 2 forwarding method and forwarding unit | |
| CN101616014B (en) | Method for realizing cross-virtual private local area network multicast | |
| US8189582B2 (en) | Multicast supported virtual local area network switching system and method thereof | |
| CN101877671B (en) | Sending method of mirror image message, switch chip and Ethernet router | |
| CN100450080C (en) | Method and apparatus for astringing two layer MAC address | |
| CN100531138C (en) | Operator's boundary notes, virtual special LAN service communication method and system | |
| CN100407704C (en) | Method of dynamically learning address on MAC layer | |
| CN104869081B (en) | MESSAGE EXCHANGE processing method, business board and internet exchange system | |
| CN101808042A (en) | Access method and device of multiprotocol label switching double-layer virtual private network | |
| US8107474B2 (en) | Method and network node for monitoring traffic in a private VLAN | |
| CN101110764A (en) | Method for Ethernet switchboard data frame partitioning virtual local area network and transmitting | |
| CN101729355B (en) | Method for realizing particular virtual local area network and device | |
| CN100358322C (en) | Method of multilayer VLAN switching | |
| CN106936704B (en) | Multi-path switching using hop-by-hop VLAN classification | |
| CN101778035B (en) | Virtual private LAN service communication method and device | |
| CN100559772C (en) | Mixed virtual private network system and backbone network edge apparatus and collocation method thereof | |
| US20070280266A1 (en) | Method and apparatus for packet switching | |
| CN102480485A (en) | System, method and switching device for realizing cross-device isolation of ports in same VLAN (virtual local area network) | |
| CN100484055C (en) | Method for implementing multicast spanning VLAN | |
| CN101232446A (en) | Message processing method and apparatus | |
| CN106685788B (en) | The chip implementing method of PVLAN under stacking mode |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20110713 Termination date: 20150425 |
|
| EXPY | Termination of patent right or utility model |