+ Reply to Thread
Results 1 to 4 of 4

Thread: VLANs & Subnets

  1. Senior Member teancum144's Avatar
    Join Date
    Jun 2012
    Location
    Pacific Northwest, USA
    Posts
    227

    Certifications
    CISSP, CISA, CPA (inactive), Network+, Security+
    #1

    Default VLANs & Subnets

    It seems like VLANs and subnets are often used together in a 1-to-1 relationship. What about the following scenarios?
    • A single subnet that is segmented with VLANs. Given that switch ports keep these separate, how are communications between two different VLANs handled? Even though they are on the same subnet, would they require a router to communicate? What are the security implications?
    • A single VLAN (or LAN) with multiple subnets. This case is more obvious to me and I realize that communications between subnets would require a router or layer 3 device. In this case, is the security implication that a host could be configured to be on either subnet (or both with two NICs) and can't easily be locked out of one or the other?
    Any additional thoughts/implications are welcome.
    Reply With Quote Quote  

  2. SS -->
  3. Senior Member teancum144's Avatar
    Join Date
    Jun 2012
    Location
    Pacific Northwest, USA
    Posts
    227

    Certifications
    CISSP, CISA, CPA (inactive), Network+, Security+
    #2

    Default Multiple VLANS on a single subnet

    After doing some research, here is some additional information on the first bullet in the original question:

    Segmenting a single subnet into two separate VLANs is unlikely unless you don't want the segmented subnet parts to communicate with each other (if you do, why would you segment the subnet with VLANS?). More likely is the desire to join two separate networks that use the same address space. An example might be the merging of companies. However, you want to avoid having to re-address one of the networks. The two networks must be joined by a VLAN capable (via Multiple VLAN Registration Protocol) bridge or router. Proxy ARP is used to communicate between VLANs that are on the same subnet.

    Source: Understanding and Configuring VLAN Routing and Bridging on a Router Using the IRB Feature - Cisco Systems
    Source: Multiple Registration Protocol - Wikipedia, the free encyclopedia
    Source: Inter-VLAN Routing vs multiple VLAN inside the same subnet vs private VLAN | HOWTO's and Tutorials

    Here is an animated Proxy ARP Simulation that I found helpful:
    http://www.youtube.com/watch?v=njDZPIFgYzQ
    Last edited by teancum144; 11-02-2012 at 06:34 AM.
    Reply With Quote Quote  

  4. Solutions Architect saspro's Avatar
    Join Date
    Sep 2011
    Location
    London, UK
    Posts
    114

    Certifications
    MCSA: Messaging, MCSE, MCITP:SA, MCITP:EA, CCENT, MCSA 2008
    #3
    A VLAN= a subnet = a broadcast domain

    1) You can't split a subnet across multiple vlans and have them communicate at all. You need a VLAN for each subnet (& a routing device to route between them)
    2) If you put multiple subnets on one vlan then it's just messy as broadcast traffic for one subnet goes out of ports used by other subnets, the entire purpose of vlans is to separate broadcast domains
    Reply With Quote Quote  

  5. Member
    Join Date
    Oct 2005
    Location
    Sydney, Australia
    Posts
    62

    Certifications
    A+, Network+, Security+, CNST, HDI/HDA, MCSA 2K3 +Messaging, MCSE 2K3
    #4
    Normally you use VLANs to split a subnet over multiple switches so that hosts are in the same broadcast domain, even though they are on different physical switches.
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks