The difference of VLANs and subnets
Can two VLANs be on a subnet? What about the other way around?
I met some people who think that VLANs and subnets are the same thing or to put it differently: They are the same thing. But in fact, VLANs and subnets are both separate things.
VLANs operate on layer 2 of the OSI-model whereas subnets operate on layer 3 of the OSI-model.
In this post I will explain what defines a VLAN and a subnet, what VLAN untagging and tagging is and how one subnet can pass through two or even more VLANs.
This post is meant for people that don’t really grasp the difference between subnets and VLAN’s. This post is thus also helpful for people studying for their CCT/CCNA!
What is a VLAN?
VLAN is the abbreviation for ‘Virtual Local Area Network’.
Imagine your own network, there’s physically just, but with VLANs we can split up this physical network into multiple virtual ones. This means you can separate devices from each other. For example you could have a network that would contain all the printers of the office, another one with all the computers and another with all the IP phones.
Look at the images below here to see an example of VLANs.
A VLAN operates on layer 2 of the OSI-model. IP addresses and ports are not relevant here as they fall under layer 3 of the OSI-model.
The network on the left has no VLAN’s meaning that all devices share the same network and can reach each other directly.
The network same network on the right does have VLAN’s implemented. Each device is segmented for their own purpose and the router can be configured to prohibit traffic from entering one VLAN to another.
What is a subnet?
A subnet is a subdivision of a network. When you are subnetting you’re basically dividing a bigger IP range into smaller ones, which can then be used for different physical or logical networks. A subnet has both a ‘network-ID’ and ‘host-ID’. The subnet mask defines what portion of the IP is part of the network and what portion defines the host.
A subnet operates on layer 3 of the OSI-model. Meaning that IP addresses are important here.
The network on the left uses a single subnet meaning that all devices are in the same network.
The network on the right with multiple VLANs must use multiple subnets in order to communicate with each other.
Though multiple subnets CAN run on the same VLAN but hosts in each unique subnet CANNOT talk to each other within the same VLAN.
Situations with two VLANs for one subnet or vice versa
One subnet with multiple VLANs
The example I am going describe is one I had to perform at my job. Do note that all the IP information is made up and the actual situation was physically larger.
A1=172.16.10.0/24 — A2=172.16.20.0/24
B1=172.17.10.0/24 — B2=172.17.20.0/24
Figure 1:
For a long time, we had two logical sites in a single physical one. When we upgraded our voice VLAN for ‘panic’ buttons, we had to connect devices on site B to site A. These buttons were meant for purposes that site A was built for in the first place. Normally by standard for us, we already had the same voice VLAN on site B. This would cause an IP conflict on the VLAN since you have two subnets on a single VLAN.
Figure 2:
To solve this problem, I had to make a new VLAN on site B, this example being VLAN 21. The panic buttons would be connected to this VLAN on site B. If you’re familiar with VLAN’s you should be aware that VLAN21 on site B cannot work with VLAN20 on site A if it’s trunked.
Figure 3:
To solve this problem I made VLAN21 on site B connecting to site A on access port, also known as untagged.
I also did this the other way around by making the interface connecting site A to site B an access port, also known as untagged, in VLAN 20.
Doing it vice versa would basically mean you have two subnets on one single VLAN but doing that has practically no use case.
This would result in more broadcast traffic and it’s a bigger pain to manage and troubleshoot in general.
Why do we use VLAN's?
You probably wonder after reading this why to even bother using VLANs.
The simple reason behind it is to surpress costs. A 48 port switch can cost around 30-50% more than a 24 port switch. Meaning that buying two 24 port switches would cost you more in the end. Using VLAN’s by splitting the single physical switch into two logical ones doesn’t come with extra costs!
External sources
Here are some great and useful external sources to better understand what a VLAN and subnet are; and how to implement them into your network:
Cisco’s ‘IP addressing and subnetting for new users’. Cisco does recommend having a basic understanding of binary so, it’s best to read the binary part on my webpage about subnetting first.