[SOLVED] VLANs and Subnets

[Terpinator]

Hello everyone,

So I am going through some networking books and it is my first time really diving into VLANs. My current understanding (and please correct me if I am incorrect) is that subnets allow a single LAN to be divided up into separate LANs through the use of subnetting. VLANs allow you to make one switch essentially operate as if it were multiple switches. (Ex: Using multiple subnets on the same switch while maintaining separate layer 2 broadcast domains).

My question is, is it possible to separate addresses within the same subnet into separate VLANs? For example if I had a 192.168.1.x network with no subnetting. Can I split them up into different VLANs on a single switch? Or does each VLAN need its own distinct subnet?

 

[bill001g]

It is best to think of vlan and subnet as the same thing even though one is layer 2 and the other is layer 3.

I am not sure how you would configure it, most equipment would complain. Lets look at it this way. A packet comes into the router to go to 192.168.1.100. The router does not have the mac so it needs to issue arp. Which switch does it send it on. Now lets say 2 machines on different switches/vlans want to talk. They are on the same subnet so assume they can talk directly. They will issue arp and get no response since arp will not pass the router interface so will not pass to the other switch.

You can do lots of crazy non standard stuff so if you hard code arp entries etc you might get it to work but there really is no reason other than messing around to even think to do it.

 

[anotherdrew]

Maybe I am reading the question differently than bill. One switch can turn one network into multiple VLANs. If subnetting is required, remember that the smallest subnet is not 256 addresses.

 

[TJ Hooker]

My question is, is it possible to separate addresses within the same subnet into separate VLANs? For example if I had a 192.168.1.x network with no subnetting. Can I split them up into different VLANs on a single switch? Or does each VLAN need its own distinct subnet?

Sure. Eg. device 192.168.1.1 is connected to port 1 on the switch, which is configured on VLAN 1. 192.168.1.2 is connected to port 2, which is on VLAN 2, etc. None of these devices would be able to talk to each other. But if you were to connect a device to the trunk it could talk to all the other devices (and vice versa),

 

[Terpinator]

It is best to think of vlan and subnet as the same thing even though one is layer 2 and the other is layer 3.

I am not sure how you would configure it, most equipment would complain. Lets look at it this way. A packet comes into the router to go to 192.168.1.100. The router does not have the mac so it needs to issue arp. Which switch does it send it on. Now lets say 2 machines on different switches/vlans want to talk. They are on the same subnet so assume they can talk directly. They will issue arp and get no response since arp will not pass the router interface so will not pass to the other switch.

You can do lots of crazy non standard stuff so if you hard code arp entries etc you might get it to work but there really is no reason other than messing around to even think to do it.

Sure. Eg. device 192.168.1.1 is connected to port 1 on the switch, which is configured on VLAN 1. 192.168.1.2 is connected to port 2, which is on VLAN 2, etc. None of these devices would be able to talk to each other. But if you were to connect a device to the trunk it could talk to all the other devices (and vice versa),

Ah ok so in theory it is possible but it is essentially an exercise in futility. Good to know. (I was more or less just trying to conceptually understand if it would be possible)

So a follow up question. If I have VLAN 1 and VLAN 2 configured on one switch and both have different subnets, do they both need individual router interfaces? (I would assume yes since a default gateway in one subnet would be unreachable for the other subnet). Disclaimer: I haven't gotten into the finer details such as trunking or even really gotten into multi-layer switches yet so I am assuming that something there may be the answer instead of using multiple router interfaces?

 

[anotherdrew]

Router
|
managed switch _ VLAN1 (or subnet1)
|___ VLAN2 (or subnet2)

In this configuration you would not need any special router configuration. The router sends data to the switch and the switch forwards it to the proper VLAN. Devices on the VLANs send data to the switch which forwards them to the router, thus you only need 1 default gateway address (the router). If you want devices on VLAN1 to able to talk to devices on VLAN2, that would be configured on the switch.

VLANs and subnets have the same goal. They divide up networks for better security and control. The VLANs are supposed to be an easier and more flexible way of doing it.

 

[bill001g]

Ah ok so in theory it is possible but it is essentially an exercise in futility. Good to know. (I was more or less just trying to conceptually understand if it would be possible)

So a follow up question. If I have VLAN 1 and VLAN 2 configured on one switch and both have different subnets, do they both need individual router interfaces? (I would assume yes since a default gateway in one subnet would be unreachable for the other subnet). Disclaimer: I haven't gotten into the finer details such as trunking or even really gotten into multi-layer switches yet so I am assuming that something there may be the answer instead of using multiple router interfaces?

Yes and no. If the switch is a simple layer 2 switch then the router must perform the function to move data between the 2 vlans. The router does not have to have actual physical interfaces it can be done virtually but they function the same. It is much more common to use vlan tagging share a single connection to the router. This is what cisco calls a trunk but other vendor use this term related to port aggregation.

In most cases though you use a multi-layer switch... which very technically is a router to have virtual interfaces on each vlan and be the gateway for those subnets. Layer 3 switches tend to be wire speed where many routers are still cpu based. This is where things get very complex because many layer 3 switch do not support NAT or VPN or other things a "router" does. It has become much less clear the difference between a router and a layer 3 switch. In older days where connections were delivered on things other ethernet or gigabit fiber you used to use a router to support these technologies. Things like OC3 or DS3 or even simple T1/E1 needed special physical interfaces and you could not generally get those interfaces for switch.

 

[failboat]

Hello everyone,

So I am going through some networking books and it is my first time really diving into VLANs. My current understanding (and please correct me if I am incorrect) is that subnets allow a single LAN to be divided up into separate LANs through the use of subnetting. VLANs allow you to make one switch essentially operate as if it were multiple switches. (Ex: Using multiple subnets on the same switch while maintaining separate layer 2 broadcast domains).

My question is, is it possible to separate addresses within the same subnet into separate VLANs? For example if I had a 192.168.1.x network with no subnetting. Can I split them up into different VLANs on a single switch? Or does each VLAN need its own distinct subnet?

Think of the vlan as the exact same as any subnet. You can just make many on one device. You have to route between them to make them connect. The network mask is what determines the number of addresses in any subnet. You can create any vlan as long as you don't overlap ips. It's helpful to have them under a large CIDR for routing purposes. lets say router A routes to 10 vlans inside the same CIDR range. router B doesn't care which vlan it's going to it just sends it to router A if the destination is in the larger CIDR. If router A had many ips not in the same CIDR you would have to fill your routing tables with more lines.