With the rapid growth of computer network, the planning and setting of computer network become more and more crucial, wherein VLAN is a LAN having the advantages of smart planning and flexible setting. VLAN is to logically connect network devices that may not be physically connected, thereby enabling the communication behaviors among the network devices to be acted as if the network devices are physically connected, so that the protocol and configuration setting of VLAN are quite different from those of conventional LANs.
The so-called VLAN configuration setting means setting the configuration of each member inside a VLAN. Currently, there are five widely- adopted approaches as listed below: 1. VLAN based on connection ports (Port-based VLAN); 2. VALN based on MAC (Media Access Control Address) addresses (MAC-based VLAN); 3. VLAN based on IP (Internet Protocol) subnets; 4. VLAN based on network layer protocols; 5. VLAN based on principles. The port-based VLAN and the MAC-based VLAN will be roughly explained hereinafter.
1. Port-based VLAN: A basic unit of VLAN member is a connection port of a network device such as a hub, a bridge and a switch, etc. Management software is used for planning what connection ports have to be included in each of the VLANs, and what members should be included in the connection ports.
Referring to FIG. 1, FIG. 1. is a schematic diagram showing conventional port-based VLANs, wherein VLAN 50, VLAN 52 and VLAN 54 are connected via a network device 10 (such as a switch), a network device 12 and a network device 14. The members of VLAN 50 comprise network devices 60, 62, 64 and 66 respectively connected to a second port 20, a third port 22, a fourth port 24 and a fifth port 26, wherein those ports are located on the network device 10. The members of VLAN 52 comprise network devices 72 and 74 respectively connected to an eleventh port 36 and a twelfth port 38, wherein those ports are located on the network device 10; and network devices 88 and 90 respectively connected to a ninth port 108 and an eleventh port 110, wherein those ports are located on the network device 14. The members of VLAN 54 comprise network devices 68 and 70 respectively connected to an eighth port 32 and a ninth port 34, wherein those ports are located on the network device 10; network devices 76, 78, 80 and 82 respectively connected to a second port 92, a fourth port 94, a sixth port 96 and an eighth port 98, wherein those ports are located on the network device 12; network devices 84 and 86 respectively connected to a fourth port 104 and a sixth port 106, wherein those ports are located on the network device 14. Moreover, a sixth port 28 of the network device 10 is connected to a twelfth port 100 of the network device 12, and, a seventh port 30 of the network device 10 is connected to a first port 102 of the network device 14.
Although it is not difficult to practice the port-based VLAN, yet there are serious defects in network security and management. For example, if the network device 60 originally configured to the second port 20 of the network device 10 is switched to the twelfth port 38, and the network device 74 originally configured to the twelfth port 38 is switched to the second port 20, then it is apparently known that the network device 60 originally associated with the VLAN 50 now belongs to the VLAN 52, and likewise, the network device 74 originally associated with the VLAN 52 now belongs to the VLAN 50. Accordingly, the VLANs with which the network devices 60 and 74 are associated are totally different from the original settings, thus causing serious loopholes occurring in network security and management.
2. MAC-based VLAN: A basic unit of VLAN member is a unique MAC address (generally is a 48-bit address) owned by each of the network devices. Similarly, management software is used for planning what MAC addresses have to be included in each of the VLANs (i.e. what network devices should be included).
Referring to FIG. 2, FIG. 2 is a schematic diagram showing conventional MAC-based VLANs, wherein a network device 200 (such as a switch) and a control device 202 are used for linking and controlling a VLAN 210 and a VLAN 212. Besides, the network device 200 has a storing device 204 used for storing the related information concerning VLANs 210 and 212 (such as VLAN configuration information). On the other hand, the storing device 204 and the control device 202 can also be built inside the network device 200, or in another network device 206.
Such as shown in FIG. 2, the VLAN 210 comprises twenty network devices connected to a second port 216 of the network device 200. Each of the twenty network devices has a different MAC address, such as the one from MAC21 to MAC40. The VLAN 212 comprises twenty network devices connected to a first port 214 of the network device 200 each of which has a different MAC address, such as from MAC1 to MAC20; and twenty network devices connected to a third port 218 of the network device 200 each of which has a different MAC address, such as from MAC41 to MAC60, wherein the VLAN 212 has forty network devices in total.
Since the information related to the layout and linking status concerning each of the network devices is stored in the network device 200, those sixty network devices can communicate to each other in accordance with various protocols. However, let's say the twenty network devices connected to the third port 218 of the network device 200 are switched to being connected to the fifth port 220 of the network device 200 or to a port of any other network device, or are directly pulled out of the third port 218 of the network device 200. Since the corresponding VLAN configuration information record inside the network device 200 is not updated dynamically, the connections among certain network devices would be interrupted, so that breakdown occurs on the logic structure of VLAN 212, thus lowering the reliability of VLAN 212 and making the maintenance and management of VLAN more difficult.