LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 04-09-2008, 01:02 PM   #1
Meson
Member
 
Registered: Oct 2007
Distribution: Arch x86_64
Posts: 606

Rep: Reputation: 67
VLAN vs Subnet - too many ambiguous answers online


I've been trying to get a feel for the difference between VLANs and Subnetting for a while now, but all of the discussions online are pretty similar and don't really get the the bottom of my questions...

First, does either provide any REAL security?

Second, how does each effect network performance? Does either minimize traffic for the router (or do they actually increase router traffic for inter vlan/subnet communication). Do they minimize the work done by the switch or increase it? I'm pretty sure they both remove significant broadcast traffic at individual computers.

Anything special about multiple subnets within a vlan?

Anything special about multiple vlans within a subnet?

I'm sure I'll come up with more questions, I'll append them as I think of them...
 
Old 04-09-2008, 02:42 PM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985
neither are about security, used inconjunction with layer 3 security devices, i.e. a firewall, then they are what defines the seperations, but they are not about security themselves.

in general you have a 1:1 mapping of subnets and vlans. they are used in compliment to each other in the vast majority of effectively designed networks. multiple subnets on a single vlan, or rather no vlan is very dumb, that's for sure. generally you'd probably have /24 subnets each with their own matching vlan, e.g. subnet 192.168.123.0/24 would quite likely be switched on vlan 123.

vlans allow isolated smaller subnets on a single (or mulitple) devices, so with a smaller subnet, you have fewer devices and therefore less broadcast traffic. by segregating traffic though, you do substantially increase unicast traffic volumes when going between networks, i.e. traffic goes from one pc to a router and then back to the destination pc, which would most likely be a more cpu intensive and further route than if they were on the same subnet and therefore not using a router in the middle.
 
Old 04-09-2008, 03:14 PM   #3
Meson
Member
 
Registered: Oct 2007
Distribution: Arch x86_64
Posts: 606

Original Poster
Rep: Reputation: 67
Is it ever useful to use VLANs to span a single subnet across multiple switches? Or is that unnecessary because you can just connect the switches together?

So if I have a large office with a small web server used by the outside world, a data server, mail server, anti virus box, etc, and also ~300 workstations that mostly use the internet, data, and mail servers, which could probably be divided into vlans/subnets of ~20-50, would it make sense to have 5 or 6 workstation vlans, and a server vlan? Or should the data server be on the same subnet/vlan as the workstations?
 
Old 04-09-2008, 03:51 PM   #4
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985
a vlan would certainly span across multiple switches, that's one of the main points - a logical seperation of a network and the arbitrary pieces of hardware that do the switching. the connections between these switches would be a trunk - check out 802.1q on wikipedia or something like that.

in your example i'd probably have 1 server subnet with a /24 mask and a couple of workstation subnets, split by floor, building, department or something like that. no need to have too many for the sake of it.
 
Old 04-09-2008, 04:22 PM   #5
Meson
Member
 
Registered: Oct 2007
Distribution: Arch x86_64
Posts: 606

Original Poster
Rep: Reputation: 67
Well, it's a county building which means there's extreme disorganization. I've helped out a little there and have been trying to come up with some simple solutions to their problems. The main problem is the way government purchasing works. But the equipment they have, even though the service agreements are running out, can still be salvaged. The internet connection itself is actually a T1, a dsl, and cable line (maybe other but I'm not sure). There are also T1 lines running to other satellite offices. I'm not sure but I think internet is provided through those T1's as well.

Luckily most people of similar positions are located in the same area of the building. Having "too many" network segments would help to find bandwidth hogs, etc. Basically each vlan/subnet would be scaled for its traffic to be handled by an old machine running Wireshark.

Also, what about DHCP servers. Do you need one per subnet/vlan or can one exist above all of the lans?

Last edited by Meson; 04-09-2008 at 04:51 PM.
 
Old 04-09-2008, 05:35 PM   #6
ARC1450
Member
 
Registered: Jun 2005
Location: Odenton, MD
Distribution: Gentoo
Posts: 290

Rep: Reputation: 30
A single DHCP server can work for however many subnets you have.

You just have to make sure you have the proper command in place to allow the DHCP broadcast to reach those subnets. On Cisco equipment, this is attained with the "IP Helper" command on your VLAN Interface (or SVI).
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
VLAN configuration - native VLAN and setting PVID kumarwaiting Linux - Networking 0 07-24-2006 03:51 AM
C# Ambiguous reference problem mrobertson Programming 2 02-27-2006 04:31 PM
Ambiguous output redirect XFox Linux - Newbie 5 10-17-2003 08:29 PM
Ambiguous Redirect Error AMMullan Linux - General 1 10-01-2003 09:39 PM
ambiguous redirect? cuss Linux - General 4 03-06-2003 11:58 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 07:14 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration