+ Reply to Thread
Results 1 to 4 of 4
  1. Member
    Join Date
    Jul 2015
    Posts
    50
    #1

    Default VLAN and subnetting question

    Hello everyone,
    I am studying for the CCENT ICND 100-105 and using the Wendell Odom book. This is my second time going through this material, since I first studied last summer before the test was changed. I am puzzled about something that is in the VLAN chapter (chapter 11). Odom says that "Without VLANs a switch considers all its interfaces to be in the same broadcast domain." I have used packet traces many times and used subnetting to create multiple broadcast domains on one switch, so I have to disagree with this statement. Am I missing something here? Is this just assuming you are working within the same subnet? Also the bigger picture for me here is why are VLANs so important, since I can create various broadcast domains just by subnetting? Any help greatly appreciated. Thank you,

    Benny
    Reply With Quote Quote  

  2. SS -->
  3. Woohoo! It's over 1000!
    Join Date
    Aug 2015
    Location
    Australia
    Posts
    1,680

    Certifications
    RHCSA, Linux+, ACSA, ACTC, ACSP, MCSA:7, MCTS, ITIL F, Prince2 Pract, AgilePM Practioner, VCP-DCV, Storage+, CCNA R+S, CCNA Sec, Security+, CEH, CASP
    #2
    Yeah, the layer 3 broadcast (eg 10.255.255.255, 192.168.0.255 etc) is not the same as the layer 2 broadcast (eg ffff:ffff:ffff). So you can have multiple layer 3 (subnets) on one switch, but they will all share the same layer 2 broadcast address. Layer 2 broadcasts are what is used when sending to an address that isn't in the switch's MAC table yet.

    VLANs keep the layer 2 stuff separate. So if you are looking for 192.168.0.26, it will only flood out the ports that are in the VLAN associated with that subnet. This reduces the number of broadcasts, which reduces the number of packets on your network reducing congestion and work for end devices dealing with packets.

    Of course, you could put multiple subnets on one VLAN, but that would be stupid.
    2017 Goals - MCSA 2008, CISSP, CCNP:R+S, Agile PM
    Reply With Quote Quote  

  4. Senior Member dontstop's Avatar
    Join Date
    Dec 2011
    Posts
    514

    Certifications
    CompTIA IT Fundamentals, CCENT, CCNA:R&S, BInfoTech
    #3
    You may find what you have witnessed in the lab is a result of MAC Address learning at Layer 2. Subnets on a switch will not isolate layer 2 broadcasts. The switch itself has no concept of IP and only understands frames.

    If I have 4 hosts connected to a switch two of which are in Subnet A and two of which are in Subnet B. If the switch has not learnt the MAC Addresses of the devices, it will flood frames for unknown unicasts and all devices will see the frames (regardless of IP Addressing). After this initial flooding behavior the switch will learn the ports on which devices are connected and this may give you the impression that the devices are isolated. This is definitely not the case.

    With VLANs configured only the devices in the appropriate VLANs will see these broadcast/flooded unicasts regardless of the state of MAC Address learning.

    Edit: With your packet captures what method did you use to verify isolation? Did you have a device generate broadcasts or just unicast traffic (ping/traceroute/etc)
    Last edited by dontstop; 04-20-2017 at 11:28 AM.
    Reply With Quote Quote  

  5. Member
    Join Date
    Jul 2015
    Posts
    50
    #4
    Thanks for the response. I was saying that the subnets were isolated because I can't ping from one subnet to the next. So maybe the criteria that I'm using to decide if the different subnets are separate broadcast domains is wrong. I get the picture now that subnetting is not the same as VLAN creation. Thanks again,

    Benny
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks