Applied Study of Layer 3 Switching Configuration Based on VLAN Among

Colleges Library Network Systems

Zhang Yaojun, Liu Hao, Ren Feng
Department of Computer Science
Xinyang Agriculture College
Xinyang, Henan, China
[email protected]


AbstractAlong with the unceasing expansion of colleges
library network scale, the problems of network security are
obviously increased. This thesis describes the advantages of
VLAN and its practical significance on library local area
network, and analyses the library network application and
structure in colleges and universities. Based on the design of
the library network in Xinyang Agricultural College, coping
with unsafe factor and the colleges libraries individual
features, the paper proposes the available solution on the
security issue and the library network partitioning strategy.
Keywords-library; network security; VLAN technology;
layer 3 switching

I. INTRODUCTION
With the development of the library automation
construction in colleges and universities, the current
libraries not only provide the borrowing of traditional
paper books but also undergo the changing from ancient
management model to a new service form, digital library
in computer network. Only with the smooth network and
data security can the current library work normally in
borrowing service and information resources sharing.
Under new situation, how to construct and optimize library
network system, improve network management efficiency
and ensure network information security has become the
focus question that people gradually pay close attention to.
At present, the number of computers in colleges and
universities has unceasingly increased, so each computer
can take the same or different tasks, such as the working
computer supports the local inner net accessing, the
retrieval machine provides retrieval service, computer in
electronic reading room can only access internet and so on.
Therefore, people can use VLAN in computer network to
deal with the problem, which is how to organize the
computers to assume their respective roles, avoid unrelated
interruption, and work together to fulfill their
responsibilities.
II. VLAN INTRODUCTION
VLAN, a virtual local area network, is a soaring
technology for dividing the devices in LAN into various
network segments in a logical way and finally realizing
virtual working group. IEEE enacted 802.1Q Protocol
Standard on the basis of the standard VLAN
implementation scheme in 1999. By means of VLAN
technology, network managers can logically divide the
physical LAN into various broadcast domains (or virtual
LAN, i.e. VLAN). Each VLAN contains a group of
computer work station with the same demand, which has
the same attribute as physical LAN
[1]
. However, the
partition is logical, not physical, so each workstation in
one VLAN need not be placed in the same physical space,
which means that the workstations do not come from the
same physical LAN segment. The broadcast and unicast
flow in a VLAN cannot transmit to other VLANs. Even
though two computers have the same network segments,
they do not have the same VLAN number, and their own
broadcast flow do not do mutual forwarding, which is
conducive to control flowing, reduce device investment,
simplify network management and improve network
security.
Generally speaking, the main features of VLAN can be
summarized as follows: 1. All the members in the same
virtual network organize a broadcast domain, which is
independent of the physical location and with the same
logic, sharing a VLAN ID; 2. All the members in VLAN
can receive the broadcast packets from other members in
the same VLAN, but they cannot receive the broadcast
packets from other VLANs; 3. The members
communication in the same VLAN need not the supporting
of the routing, while the communication among different
VLAN members need the supporting of the routing.
III. THE PARTITION METHOD OF VLAN
In the view of technology and on the basis of different
principles, VLAN can be divided in terms of the following
three ways
[2]
:
A. VLAN partition based on ports
The ports in one or various switches are divided into
different logical group and the partition is the simplest and
the most efficient way. By means of the switches ports,
many users can make the VLAN members division. The
set ports are in the same broadcast domain. Based on
switches ports, the configuration process for division is
simple. From current situations, this partition is still the
most common method for VLAN division.
B. VLAN partition based on MAC addresses
The MAC address is actually a network card identifier,
and the MAC address of each network card is the only one
fixed on the network card. This kind of partition is on the
basis of the MAC address of each host computer, which
means that each host computer with a MAC address can be
allocated to a certain group.
978-1-4577-0860-2/11/$26.00 2011 IEEE

C. VLAN partition based on routing
In the network level, the corresponding working
devices in routing protocol work include route and routing
switch (i.e. layer 3 switch). The method allows that one
VLAN spans multiple switches, or one port locates in
various VLANs.
IV. THE COMMUNICATION AMONG VLANS AND THE
LAYER 3 SWITCHING TECHNOLOGY
The communication among VLANs needs the routing
forwarding. Each VLAN is an independent logical network
segment, and its broadcast domain is only restricted in the
internal VLAN. Through external router, the
communication among VLANs can be realized in a simple
way. The router contains the following functions in the
network, such as routing forwarding, firewall, and
broadcast segregation. People should take use of router for
routing once on each data packet. With the development of
the large network scale and data quantity, the router would
go overboard and become the bottleneck of the network.
Therefore, a soaring network technology layer 3
switching has emerged to solve those problems.
Layer 3 switching is a technology combining the
routing with switching. After the routing for the first data
flow, the layer 3 switches can produce a map table of
MAC address and IP address. When the same data flow
passing again, according to the map table, the data flow
can directly pass through layer 2, not routing again, which
can avoid the network delay because of routing selection
and improve the packets forwarding efficiency. Therefore,
the layer 3 switches can combine routing with switching.
In the internal switches, the routing can be realized, and
the flows can be selectively transmitted to suitable network
segments through routing. It also can control broadcasting
storm and improve the whole network performance
[3]
. The
appearance of layer 3 switches can solve the problems that
the subnet in the segment should rely on the router
management and the network bottleneck causing by the
low speed and complex structure of traditional router. With
the unceasing development of network technology, layer 3
switches will replace the current router in the large-scale
network.
V. THE APPLICATION OF VLAN
In order to guarantee the library data resources and
network security, people can make a reasonable division in
network and allocate the corresponding communication
permission, and then implement the network security
protection in detail to realize the clear presentation, good
order and efficiency of the user authority in the whole
network. People can realize the logical segregation of
internal subnet by means of VLAN technology. Through
the division of trust net segment and distrust net segment
in different VLAN segments, people can restrict the effect
of part network security problem on the whole network
[4]
.
The various function departments in our library have
different tasks. At the beginning of the network
construction, the VLAN technology is not considered. The
whole library network belongs to one network segment, so
it brings many unsafe factors such as, the damage from the
inner user in the library, especially the illegal access of the
student user in electronic reading room. In order to make
the departments assume their respective roles and avoid
mutual interruption, people can divide two Cisco switches
into 4 VLANs in the actual application. According to
different function departments, the library users belong to
different VLANs, and the VLAN members are not limited
by the address location. In terms of connecting layer
switch ports, people can make static VLAN division
[5]
.
VI. IMPLEMENTATION SCHEME
According to the actual information stations allocation
in each library floor, people can draw the distribution table
of the network nodes in the library, and mark the building
floor, department name, room number and the number of
nodes in the table. The space is reserved for IP network
segment column of node net connection computer network
configuration, which is for the IP address filling and
allocation on the computer interconnection of the whole
network in the future. As shown in figure 1, according to
the network device connection in the standard cabinet, we
can draw the network structure topology of the library.

Figure 1. Network structure topology of the library
According to the function features of the library
network, the partition can be divided into the following
four kinds. Firstly, the library inner net VLAN 10. It
is the intranet of the library, which only provides for the
internal task in library. The inner integrated management
system is installed in the network segment server. The
officials can do the relative work on interviewing,
cataloguing, circulation, and periodicals reading.
Considering for the inner network security, the network
segment should be isolated with the outer network and
forbidden to access the Internet. Secondly, the outer net
VLAN 11. This network segment can provide electronic
reading service for the students computers in library
electronic reading room. The students can use the
computers in the network segment to retrieval materials
but cannot access the library intranet. Thirdly, hybrid
accessing net VLAN 12. The library director and
technique personnel need entry into the intranet to access
the library integrated management system and Internet at
the same time. The hybrid accessing net can provide both
the inner net and outer net accessing functions. Fourthly,
public service net VLAN 13. In order to provide the
accessing speed of library electronic book reading, the
electronic book server, which connecting the disk array

devices, is divided a separate VLAN to build the high-
speed access net and enhance the data service performance
in library network. The public net server has a independent
IP, which can be accessed without routing. In order to
solve the limitation of IP resources, people can use
enterprise-oriented router to connect the college network
center. All the online projects of computers are through
routing except the computers in the public net segment.
Coping with the network application demand in the
library, in order to manage the users network access
authorities in a more efficient way, people can make a
VLAN partition for the intranet switches according to the
actual network situation. as shown in table 1.
TABLE I. VLAN APPLICATION AUTHORITY ALLOCATION TABLE

VLAN 10
(inner net
VLAN 11
(outer net
VLAN 12
(hybrid net
VLA 13
(public service net
Network
Segment
192.168.0.X 192.168.2.X 192.168.1.X 211.67.160.1
Master
interviewing, cataloguing,
circulation, periodicals reading
students computers in
electronic reading room
Library Director
office, Technique
Department

Server
library integrated management
system server
management server in
electronic reading room

electronic book
server


VII. INTERNET CONNECTION TEST
After the installation and adjustment of server and
network devices, the connection with the college network
system, and the installation and adjustment of all the
computer network cards, people can start internet
connectivity test and adjustment for the devices in the
whole network.
A. Preparations
The personnel should make a reasonable layout and
installation for the network devices in the standard cabinet
in the central computer room in the beginning, and then
fasten the device installation and bind the network
transmission line in multiplex for better maintenance.
B. Observation and detection
Based on the LED indicator working provided by
switches, people can observe the connection status
between computer workstation and network. According to
the LED indicator working description in the table, people
can have a rudimentary knowledge of the whole network
connection status.
C. Making a further connectivity test
First, in an Internet connecting computer, which is the
closest computer to the center switch (the computer
directly connects the center switch without through other
network devices), under the DOS mode, people can use
Ping command to do the connectivity test on the network
devices such as the main server, database server and router
and detect the backbone network connection and the
operation of the above devices; Second, people should
select a net connecting computer in another floor, which
connects the center switch with optical fibre cable through
the central switch. Under the DOS mode, people can use
Ping command to do the connectivity test on the subnet,
and detect the subnet devices and the connection of optical
fibre cables among buildings and fibre pigtail welding,
and fill in the connectivity test table of library network,
as shown in table 2.

TABLE II. THE CONNECTIVITY TEST TABLE OF LIBRARY NETWORK
source object to switch to hybrid net to inner net to outer net to public net to router
main switch
Ping
connect
Ping connect Ping connect Ping connect Ping connect Ping connect
router
Ping
connect
Ping connect
Ping
unconnected
Ping connect Ping connect Ping connect
outer net
workstation
Ping
connect
Ping connect
Ping
unconnected
Ping connect Ping connect Ping connect
inner net
workstation
Ping
connect
Ping connect Ping connect
Ping
unconnected
Ping
unconnected
Ping
unconnected
hybrid net
workstation
Ping
connect
Ping connect Ping connect Ping connect Ping connect Ping connect
public net
workstation
Ping
connect
Ping
unconnected
Ping
unconnected
Ping
unconnected
Ping connect
Ping
unconnected

People should select the net connecting computers in
various places to do several connectivity tests. If the
demanding communication parts can connect with Ping
command, the network in the library is basically
connected; while the Ping unconnected illustrates the
requirements of the inner net users cannot access other
net segments users and the outer users cannot access the
inner net users and so on.

CONCLUSION
Therefore, VLAN technology can not only solve the
problem on which network or master access the special
server, but also solve the problem on which network or the
host computer can only be accessed by the master. In the
increasing comprehensive library network in colleges and
universities, people can use VLAN technology to divide
library network and the network partition can improve the
network performance, ensure data security, and enhance
the flexibility and expandability. The VLAN application
in our college library has efficiently controlled the
problems of broadcast storm and IP conflict attack,
improved the network efficiency and safety, strengthened
the secrecy and cooperation among the library
departments in colleges, which cause the result that the
college library can serve the readers in a better way.
REFERENCES
[1] Marina Smith. Virtual Local Area Network [M]. Huang Xiwei,
Wang Taoyi. Beijing: Tsinghua University press, 2003
[2] Gan Shoufei, Zhou Guoxiang. Application Study of Institutes
Library Network Based on VLAN Technology[J]. Journal of
Suzhou University, 2008, 5
[3] Tang Lihua, Fang Luming. Research on the Application of Layer 3
switching and VLAN Technology in Campus Network [J]. Journal
of Zhejiang A & F University,2002,19(1):86-89.
[4] Zeng Qiaohong. Creating 1000M VLAN With Cisco6509 Switch
[J]. Journal of Library and Information Sciences in Agriculture,
200415(5)12-15
[5] Li Ruijiang, Zhang Yihong. Application of Policy Routing Based
on VLAN[J]Electronic Design Engineering200917(8)
95-96