1. No layer-3 switch or router can be used in different segments
in addition, ACL can also be isolated
2. Yes, the role of VLAN is to limit the broadcast, and ARP is sent relying on the broadcast mechanism, so VLAN can limit the ARP attack within this VLAN, and will not spread to other VLANs.
3. Port based VLAN: when the user's location changes, the network cable should be migrated accordingly. Or reconfigure the switch
static VLAN: because of the inconsistency between port and VLAN, people in a VLAN can't access the original VLAN normally.
Dynamic VLAN: in the early stage of VLAN establishment, it needs a lot of work
different network structures and various methods are used in combination
4. And through the switch supporting VLAN technology to isolate the data exchange between network devices in different groups to achieve the purpose of network security
using VLAN isolation technology also has an obvious disadvantage, that is, the network administrator must be clear about the MAC address or IP address of the device connected to each physical port of the switch, divide different working groups according to the needs, and configure the switch. When the network card, IP address or physical location of a network terminal changes, it is necessary to reconfigure multiple related network devices in the whole network system, which increases the maintenance workload of the network administrator, so it is only applicable to small networks
5. Different VLANs on the layer-2 switch can not access each other, so it is necessary to add one more router for single arm routing to realize the communication between different VLANs on the same switch. For example, vlan1 accesses vlan2 through routing to realize the communication between different VLANs, which is helpful to understand and learn the VLAN principle and sub interface concept, The configuration is a little complicated, which has little practical significance
router-on-a-stick refers to the way of configuring a sub interface (or "logical interface", there is no real physical interface) on an interface of a router to realize the interconnection between different VLANs (virtual local area networks) that are isolated from each other
6. No, your connection method is not right. A network cable is connected between two switches, and the two connection ports are set as the tunrk interface. Then VLAN isolation is realized
If two VLANs want to communicate with each other, they need a layer-3 gateway, a layer-3 switch or router
it is correct to design two VLAN isolation in this way. You can test it. STP spanning tree protocol must be enabled when two switches and two network cables are interconnected, and one port must be blocked. So your method is not good, do not enable the spanning tree protocol must broadcast storm
7. First of all, your switch must support VLAN function, and then through the management port, you can set VLAN. You need to know what brand and model of switch you are using.
8. VLAN is equivalent to a local area network, which divides the conflict domain. Different VLANs cannot communicate with each other, just like different LANs. But if they can communicate with each other through routing, then the virus will have infectious replication. It's also in the meeting.
9. It's not to divide VLANs, it's to isolate the attacked network segments, it's not to be attacked, it can rece the scope of being attacked, that is to say, ARP can still occur in the same VLAN, but other VLANs are not interfered by this ARP attack
10. The long call option has unlimited income but limited loss (it will not blow up the position. The biggest loss is that the option will not be exercised on the exercise date, so the option fee at the time of the call option is lost)
