| Author |
Vlans v. Subnetting
|
|
|
| Can someone explain to me the difference between vlans and subnetting. Why would you use both in a company????? | |
|
| I'll take a stab at the question.
A subnet is a logical segment of a network. A company might to divide its network into subnets based on the departments, floors, or buildings. This could be done to reduce the size of the broadcast domain. It could be done for security reasons. For example, you might want your accounting department on one segment, while keeping your research department on another. This of course involves routers and layer 3.
VLAN's are groupings of users and resources based on function or need. For instance, I am working on a project in my office that involves people and resources in various locations within my building. We are all on different subnets. A VLAN has been incorporated in this situation so that we have access to our resources without having to physically relocate. When you look at the flow of data for our group it made more sense to keep our traffic confined. This is mostly handled at layer 2 in switches.
Reamer | |
|
| Thanks Reamer..however, if you are on different subnets and in the same vlan don't you still need a router in order to communicate between subnets???? | |
|
|
|
| The Reamer could not have done any better awnsering your question. Good Job Reamer! | |
|
| Great answer I agree.
This is truly a great question too.
The fact that "Savedadogs" asked this means his analysis is better than many here who I see just trade braindumps.
| |
|
| Reamer what do you mean physically relocate..your situation seems the same with or without a vlan...since your users are on differ subnets how does putting them on a vlan benefit them or the network....vlans create logical segments that stop broadcasts from transversing to other vlans (therefore reducing size of broadcast domains)
.....isn't the pupose of a subnet to do that also.....please clarify thank you.... | |
|
| Let me change up on my wording just a little as I try to clarify my previous post. Let's use "physical" for subnets and think of it as coming from a physical interface on a router. VLANs would be "logical" segments of the network.
When I said before that we are on different subnets, I'm referring to physical subnets. By creating a VLAN, we create a new logical subnet without moving to the same physical segment of wire coming from a single router interface.
What we are trying to do is stay with the 80/20 rule by keeping the majority of the teams traffic "local" to the team.
Hope this helps!
Reamer
[This message has been edited by The Reamer (edited 01-12-2001).] | |
|
| Is that mean that two users belonging in the same Vlan but each one in a different subnet (different router's interface and different subnat address) can still comunicate throught layer 2 and not layer 3 ( router)?
Thanks | |
|
| HI,
cisco "recommends" one to one relationship between VLAN & Subnets.
I think if anyone has time please post the same discussion that was held in the CCNP group.
another point is think of the OSI model. VLAN resides at layer 2 & subnetting at layer 3. so the processing terminates at layer 2 for non VLAN members & at for subnets at layer 3.
another case: if there are 6 users in subnet say 10.0.0.0/8 (prefix) & the other 6 users on 11.0.0.0/8 of a 12 port switch. even though they are in different subnets the switch has to process the request as the switch does'nt understand layer 3 ip address. Here is where vlan helps. It gives a lot of control over your entire network.
another example: if you r an administrator. if you have to change guys groups because he has been promoted or he is working in a different programming module group. It would be easier for you to configure VLAN on the switch than moving from your chair & changing IP addresses(lazy administrator, i like this kind of work).
Regards
rstephenp | |
|
| Thank you.
yours was a good point, rstephenp! | |
|
| Thanxs to Reamer for doing major portion of the explanation
rstephenp | |
|
| How can you put two different subnets on the same vlan? and Why would you do that?
Let's say
10.0.0.0 255.255.255.0 and
11.0.0.0 255.255.255.0 are on the same vlan
how does that work, it does not make any sense to me. Please help!!! | |
|
| "How...?" is easy. You have switch SW. Configure ports 0/1 and 0/2 on SW in VLAN2. Configure PC1 with IP address 10.0.0.2/8. Plug it into port 0/1. Configure PC2 with IP address 11.0.0.2/8. Plug it into port 0/2. Bingo! You have networks 10.0.0.0/8 and 11.0.0.0/8 in VLAN2.
"Why...?", you tell me. Why would you want to have two subnets on the same physical ethernet (with a secondary address)? Probably for the same reason you would want two subnets in one VLAN.
What you can NOT do is "spread" one subnet across multiple VLANs.
Cheers!
| |
|
| To add a second subnet to a VLAN use the IP ADDRESS x.x.x.x secondary command on the VLAN interface on the layer 3 device. It really doesn't make much sense to do this and as previously stated Cisco recommends against it.
One reason for having a secondary address on an ethernet is for a public block that has firewall exemptions on a private network. Another reason, though less good, is that your network grew larger then you guessed and you needed more addresses then the current block provides. It is much easier to add the second then readdress your poorly designed network
Yankee
[This message has been edited by Yankee (edited 01-27-2001).] |
|
|
|