I often hear people saying that each VLAN is a subnet (or is associated with a subnet) but is that really true? Assume I have 10 big offices. I will have a subnet for each office but only 2 VLANs grouping some computers, e.g. finance workers to be separated. Is that correct or I really should have subnets and VLANs in 1:1?
Asked
Active
Viewed 805 times
2 Answers
6
There is generally a 1:1 mapping between subnets and VLANs because there isn't a very good reason not to. You could have a big network with 1 VLAN, but why have a huge broadcast domain where all hosts see every broadcast when you can just separate each subnet with a VLAN? It's a waste of resources.
Subnets/VLANs are, more often than not, focused around similar uses (i.e. printer VLANs, workstation VLANs, etc.) and allowing for a single entry/exit point makes policy much easier to enforce on the VLAN/subnet as a whole. There are also security implications that sprout up in shared layer 2 domains, so you would stand to benefit from segmenting traffic as much as possible.
Ryan Foley
- 5,539
- 4
- 25
- 44
1
Technically there is not a direct link between VLAN and Subnet.
"Assume I have 10 big offices."
I think this may be the confusion.
When you have offices connected with routers, the traffic flows through a L3 device.
Two network's on different sides of a L3 device is on different VLAN's(Physical) networks.
They may have the same vlan ID but they are not the same vlan.
If this was not the case every vlan in every company in the world would be the same vlan if they had the same vlan ID.
Pieter
- 1,437
- 10
- 14