Esimeni esisheshayo sokuxhumana kwesimanje, ukuvela kwe-Local Area Networks (LANs) kuvule indlela yezixazululo ezintsha zokuhlangabezana nobunzima obukhulayo bezidingo zenhlangano. Esinye sezixazululo esinjalo esigqamayo yi-Virtual Local Area Network, noma i-VLAN. Lesi sihloko sidingida ubunkimbinkimbi bama-VLAN, inhloso yawo, izinzuzo, izibonelo zokusetshenziswa, izinqubo ezingcono kakhulu, kanye nendima ebalulekile ayidlalayo ekuzivumelaniseni nezimfuno ezihlala zivela zengqalasizinda yenethiwekhi.
I. Ukuqonda ama-VLAN kanye Nenhloso Yawo
I-Virtual Local Area Networks, noma ama-VLAN, achaza kabusha umqondo wendabuko wama-LAN ngokwethula isendlalelo esibonakalayo esivumela izinhlangano ukuthi zilinganise amanethiwekhi azo ngosayizi okhulayo, ukuguquguquka, nokuba yinkimbinkimbi. Ama-VLAN empeleni amaqoqo wamadivayisi noma amanodi enethiwekhi axhumana sengathi ayingxenye ye-LAN eyodwa, kuyilapho empeleni, akhona engxenyeni eyodwa noma ezimbalwa ze-LAN. Lawa masegimenti ahlukaniswa nayo yonke i-LAN ngamabhuloho, amarutha, noma amaswishi, okuvumela ukukhushulwa kwezinyathelo zokuphepha kanye nokubambezeleka kwenethiwekhi okunciphile.
Incazelo yobuchwepheshe yamasegimenti e-VLAN ibandakanya ukuhlukaniswa kwawo ne-LAN ebanzi. Lokhu kuhlukaniswa kulungisa izinkinga ezivamile ezitholakala kuma-LAN avamile, njengezinkinga zokusakaza nokushayisana. Ama-VLAN asebenza "njengezizinda zokushayisana," ehlisa izehlakalo zokushayisana nokuthuthukisa izinsiza zenethiwekhi. Lokhu kusebenza okuthuthukisiwe kwama-VLAN kudlulela ekuvikelekeni kwedatha nasekuhlukaniseni okunengqondo, lapho ama-VLAN angaqoqwa ngokusekelwe eminyangweni, amaqembu ephrojekthi, nanoma yimuphi omunye umgomo wenhlangano onengqondo.
II. Kungani Sebenzisa ama-VLAN
Izinhlangano zizuza kakhulu ezinhlelweni zokusetshenziswa kwe-VLAN. Ama-VLAN anikeza ukusebenza kahle kwezindleko, njengoba izindawo zokusebenza ezingaphakathi kwama-VLAN zixhumana ngokushintsha kwe-VLAN, kunciphisa ukuthembela kumarutha, ikakhulukazi ekuxhumaneni kwangaphakathi ngaphakathi kwe-VLAN. Lokhu kunikeza ama-VLAN amandla okuphatha kahle imithwalo yedatha eyengeziwe, kunciphisa ukubambezeleka kukonke kwenethiwekhi.
Ukunwebeka okuguquguqukayo ekucushweni kwenethiwekhi kungesinye isizathu esiphoqayo sokusebenzisa ama-VLAN. Angahlelwa futhi anikezwe ngokusekelwe ku-port, protocol, noma i-subnet criteria, okuvumela izinhlangano ukuthi ziguqule ama-VLAN futhi ziguqule imiklamo yenethiwekhi njengoba kudingeka. Ngaphezu kwalokho, ama-VLAN anciphisa imizamo yokuphatha ngokukhawulela ngokuzenzakalelayo ukufinyelela kumaqembu athile abasebenzisi, okwenza ukucushwa kwenethiwekhi nezindlela zokuphepha zisebenze kahle.
III. Izibonelo zokusetshenziswa kwe-VLAN
Ezimweni zomhlaba wangempela, amabhizinisi anezikhala ezibanzi zamahhovisi kanye namaqembu amakhulu athola izinzuzo ezinkulu ekuhlanganisweni kwama-VLAN. Ubulula obuhlotshaniswa nokulungiselela ama-VLAN bukhuthaza ukuqaliswa okungenazihibe kwamaphrojekthi ahlukahlukene futhi kukhuthaza ukubambisana phakathi kweminyango eyahlukene. Isibonelo, amaqembu asebenza ngobuchwepheshe kwezokumaketha, ukuthengisa, i-IT, nokuhlaziywa kwebhizinisi angasebenzisana kahle uma enikezwe i-VLAN efanayo, ngisho noma izindawo zawo ezibonakalayo zithatha iphansi elihlukile noma izakhiwo ezihlukile. Naphezu kwezixazululo ezinamandla ezinikezwa ama-VLAN, kubalulekile ukuqaphela izinselele ezingaba khona, njengokungafani kwe-VLAN, ukuze kuqinisekiswe ukuqaliswa okuphumelelayo kwalawa manethiwekhi ezimeni ezihlukahlukene zenhlangano.
IV. Imikhuba Engcono Kakhulu Nokunakekela
Ukucushwa okufanele kwe-VLAN kubaluleke kakhulu ekusebenziseni amandla abo aphelele. Ukusebenzisa izinzuzo zesegimenti ye-VLAN kuqinisekisa amanethiwekhi asheshayo navikelekile, abhekelela isidingo sokuzivumelanisa nezimfuneko zenethiwekhi eziguqukayo. Abahlinzeki Besevisi Abaphethwe (ama-MSP) badlala indima ebalulekile ekwenzeni ukunakekelwa kwe-VLAN, ukuqapha ukusatshalaliswa kwedivayisi, nokuqinisekisa ukusebenza okuqhubekayo kwenethiwekhi.
| 10 Izindlela Ezinhle Kakhulu | Incazelo |
| Sebenzisa ama-VLAN ukuze uhlukanise i-Traffic Segment | Ngokuzenzakalelayo, amadivayisi enethiwekhi axhumana ngokukhululekile, okubeka engcupheni yokuvikeleka. Ama-VLAN abhekana nalokhu ngokuhlukanisa ithrafikhi, avale ukuxhumana kumadivayisi angaphakathi kwe-VLAN efanayo. |
| Dala i-VLAN Ehlukene Yokuphatha | Ukusungula i-VLAN yokuphatha ezinikele iqondisa ukuphepha kwenethiwekhi. Ukuhlukaniswa kuqinisekisa ukuthi izindaba ezingaphakathi kwe-VLAN yokuphatha azithinti inethiwekhi ebanzi. |
| Nikeza amakheli e-IP amile okuphatha i-VLAN | Amakheli e-IP aqinile adlala indima ebalulekile ekuhlonzweni kwedivayisi nasekuphathweni kwenethiwekhi. Ukugwema i-DHCP yabaphathi be-VLAN kuqinisekisa ukusingathwa okungaguquki, nokwenza lula ukuphathwa kwenethiwekhi. Ukusetshenziswa kwama-subnets ahlukene we-VLAN ngayinye kuthuthukisa ukuhlukaniswa kwethrafikhi, kunciphisa ubungozi bokufinyelela okungagunyaziwe. |
| Sebenzisa I-Private IP Address Space for Management VLAN | Ithuthukisa ukuphepha, i-VLAN yokuphatha izuza endaweni yekheli le-IP yangasese, ivimbela abahlaseli. Ukusebenzisa ama-VLAN okuphatha ahlukene ezinhlobo ezahlukene zedivayisi kuqinisekisa indlela ehlelekile nehlelekile yokuphatha inethiwekhi. |
| Ungasebenzisi i-DHCP ku-Management VLAN | Ukweqa i-DHCP ku-VLAN yokuphatha kubalulekile ekuvikelekeni. Ukuthembela kuphela kumakheli e-IP amile kuvimbela ukufinyelela okungagunyaziwe, okwenza kube inselele kubahlaseli ukuthi bangene kunethiwekhi. |
| Vikela Izimbobo Ezingasetshenzisiwe futhi Khubaza Izinsizakalo Ezingadingekile | Izimbobo ezingasetshenzisiwe ziveza ubungozi bokuphepha obunamandla, obumema ukufinyelela okungagunyaziwe. Ukukhubaza izimbobo ezingasetshenzisiwe kanye nezinsizakalo ezingadingekile kunciphisa ama-vectors okuhlasela, kuqinisa ukuphepha kwenethiwekhi. Indlela esebenzayo ibandakanya ukuqapha nokuhlolwa kwezinsizakalo ezisebenzayo. |
| Sebenzisa ukuqinisekiswa kwe-802.1X ku-Management VLAN | Ukuqinisekiswa kwe-802.1X kungeza isendlalelo esengeziwe sokuvikela ngokuvumela amadivayisi agunyaziwe kuphela ukufinyelela ku-VLAN yokuphatha. Lesi silinganiso sivikela amadivayisi enethiwekhi abalulekile, sinqanda ukuphazamiseka okungaba khona okubangelwa ukufinyelela okungagunyaziwe. |
| Nika amandla Ukuphepha Kwembobo ku-VLAN Yokuphatha | Njengezindawo zokufinyelela ezisezingeni eliphezulu, amadivayisi aku-VLAN yokuphatha adinga ukuvikeleka okuqinile. Ukuphepha kwembobo, okulungiselelwe ukuvumela amakheli e-MAC agunyaziwe kuphela, kuyindlela esebenzayo. Lokhu, kuhlanganiswe nezinyathelo zokuphepha ezengeziwe ezifana ne-Access Control Lists (ACLs) nama-firewall, kuthuthukisa ukuvikeleka kwenethiwekhi kukonke. |
| Khubaza i-CDP ku-Management VLAN | Nakuba i-Cisco Discovery Protocol (CDP) isiza ukuphathwa kwenethiwekhi, yethula ubungozi bokuphepha. Ukukhubaza i-CDP kubaphathi be-VLAN kunciphisa lezi zingozi, kuvimbela ukufinyelela okungagunyaziwe kanye nokuvezwa okungenzeka kolwazi lwenethiwekhi olubucayi. |
| Lungiselela i-ACL ku-Management VLAN SVI | Uhlu Lokulawula Ukufinyelela (ACLs) ekuphathweni kwe-VLAN Switch Virtual Interface (SVI) lukhawulela ukufinyelela kubasebenzisi abagunyaziwe namasistimu. Ngokucacisa amakheli e-IP avunyelwe nama-subnets, lo mkhuba uqinisa ukuphepha kwenethiwekhi, uvimbela ukufinyelela okungagunyaziwe emisebenzini yokulawula ebalulekile. |
Sengiphetha, ama-VLAN avele njengesixazululo esinamandla, anqoba imikhawulo yama-LAN endabuko. Ikhono labo lokuzivumelanisa nesimo senethiwekhi esiguqukayo, kuhambisana nezinzuzo zokukhuphuka kokusebenza, ukuguquguquka, kanye nemizamo encishisiwe yokuphatha, kwenza ama-VLAN abaluleke kakhulu ekuxhumaneni kwesimanjemanje. Njengoba izinhlangano ziqhubeka nokukhula, ama-VLAN ahlinzeka ngezindlela ezinwebekayo nezisebenzayo zokuhlangabezana nezinselele eziguquguqukayo zengqalasizinda yenethiwekhi yesimanje.
Isikhathi sokuthumela: Dec-14-2023
