VLAN vs Subnet - too many ambiguous answers online
Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
VLAN vs Subnet - too many ambiguous answers online
I've been trying to get a feel for the difference between VLANs and Subnetting for a while now, but all of the discussions online are pretty similar and don't really get the the bottom of my questions...
First, does either provide any REAL security?
Second, how does each effect network performance? Does either minimize traffic for the router (or do they actually increase router traffic for inter vlan/subnet communication). Do they minimize the work done by the switch or increase it? I'm pretty sure they both remove significant broadcast traffic at individual computers.
Anything special about multiple subnets within a vlan?
Anything special about multiple vlans within a subnet?
I'm sure I'll come up with more questions, I'll append them as I think of them...
neither are about security, used inconjunction with layer 3 security devices, i.e. a firewall, then they are what defines the seperations, but they are not about security themselves.
in general you have a 1:1 mapping of subnets and vlans. they are used in compliment to each other in the vast majority of effectively designed networks. multiple subnets on a single vlan, or rather no vlan is very dumb, that's for sure. generally you'd probably have /24 subnets each with their own matching vlan, e.g. subnet 192.168.123.0/24 would quite likely be switched on vlan 123.
vlans allow isolated smaller subnets on a single (or mulitple) devices, so with a smaller subnet, you have fewer devices and therefore less broadcast traffic. by segregating traffic though, you do substantially increase unicast traffic volumes when going between networks, i.e. traffic goes from one pc to a router and then back to the destination pc, which would most likely be a more cpu intensive and further route than if they were on the same subnet and therefore not using a router in the middle.
Is it ever useful to use VLANs to span a single subnet across multiple switches? Or is that unnecessary because you can just connect the switches together?
So if I have a large office with a small web server used by the outside world, a data server, mail server, anti virus box, etc, and also ~300 workstations that mostly use the internet, data, and mail servers, which could probably be divided into vlans/subnets of ~20-50, would it make sense to have 5 or 6 workstation vlans, and a server vlan? Or should the data server be on the same subnet/vlan as the workstations?
a vlan would certainly span across multiple switches, that's one of the main points - a logical seperation of a network and the arbitrary pieces of hardware that do the switching. the connections between these switches would be a trunk - check out 802.1q on wikipedia or something like that.
in your example i'd probably have 1 server subnet with a /24 mask and a couple of workstation subnets, split by floor, building, department or something like that. no need to have too many for the sake of it.
Well, it's a county building which means there's extreme disorganization. I've helped out a little there and have been trying to come up with some simple solutions to their problems. The main problem is the way government purchasing works. But the equipment they have, even though the service agreements are running out, can still be salvaged. The internet connection itself is actually a T1, a dsl, and cable line (maybe other but I'm not sure). There are also T1 lines running to other satellite offices. I'm not sure but I think internet is provided through those T1's as well.
Luckily most people of similar positions are located in the same area of the building. Having "too many" network segments would help to find bandwidth hogs, etc. Basically each vlan/subnet would be scaled for its traffic to be handled by an old machine running Wireshark.
Also, what about DHCP servers. Do you need one per subnet/vlan or can one exist above all of the lans?
A single DHCP server can work for however many subnets you have.
You just have to make sure you have the proper command in place to allow the DHCP broadcast to reach those subnets. On Cisco equipment, this is attained with the "IP Helper" command on your VLAN Interface (or SVI).