What are the advantages to having a seperate subnet for every VLAN?

linknetworks
linknetworks used Ask the Experts™
on
From what I understand it is common practice to have a separate range of IP for every VLAN. What are the advantages of doing this? What functionality does subnetting add too a VLAN?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Top Expert 2010

Commented:
What you are referring to is what is typically defined as vlan aggregation, which allows for the efficient use of IP addresses; VLANs are typically configured for network segmentation with the concept that you are also reducing the size of the broadcast domain. If all your hosts (Sales, HR, IT, AP, AR, etc) are in the same broadcast domain using addresses from an rfc1918 block (Say 10.10.100.0/23) then you could possibly run into a scalability issues which can lead into network performance issues as you grow. Having the ability to be scalable (Advantage #1) and by subnetting (VLSM) and VLANs (1:1) allows your network to have efficient use of ip space (Advantage #2). Also, have all your hosts in the same broadcast domain is a security issue (Advantage #3) as well, as this can lead to arp poisoning, MITMA (Man In The Middle Attacks), MAC spoofing, etc. You want your network to be scalable, secure, efficient, manageable, predictable. These are the ones that come to mind; there are other reasons, but I believe these are the most important.

Billy

Author

Commented:
Sorry I have to pick it apart to get full understanding.
Advantage#1: Scalability is an advantage offered by subnetting, particularly VLSM.
Advantage#2: Efficient use of IPs which is what creates advantage #1.
Advantage#3: Break up broadcast domains. (this is an advantage of VLAN not necessarily subnet?)

When used together the vlan increases security and performance and the subnetting adds and element of scalability with ip management?

Top Expert 2010
Commented:
--Advantage#1: Scalability is an advantage offered by subnetting, particularly VLSM.
Correct, This allows your organization to easily grow; if you subnet, each network you create should be in its own vlan (1:1 ratio)

--Advantage#2: Efficient use of IPs which is what creates advantage #1
Correct

--Advantage#3: Break up broadcast domains. (this is an advantage of VLAN not necessarily subnet?)
Kind of, I was more or less talking about security; not directly to a vlan. VLANs should not be though of as a security mechanism. It does lower your risk that when you do subnet, that each network is in its own vlan which allows you to lower your risk of any type of layer 2 attacks. Also, by segmenting your network with subnets and vlans, you typically will introduce a layer 3 device to do some type of inter-vlan routing with ACL/Routing policies to limit what segments can communicate with each other.

All 3 combined offer the the advantages of a efficient, scalable, predictable, and secure network.

Billy

Author

Commented:
I see the light!! Thanks

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial