VLAN to subnet Mapping; One-to-One Relationship

aviadvigatel1 · ‎07-23-2011

Dear Forum Members,

I have a simple query, hopefully some one can answer.

Is the mapping between Vlan and the subnet one-to-one (unique) or one-to-many i.e. can we have one vlan id (say for example 2217) mapped to multiple subnets (physically on different switches) or it must be mapped to one unique subnet in the whole network.

Regards,

Amit Aneja · ‎07-23-2011

It should be one to one.

Jon Marshall · ‎07-23-2011

It is best practice to map one vlan to one subnet but there are occasions where that may not be the case -

1) multiple IP subnets mapped to one vlan with secondary ip addressing on the vlan interface. This is usually a temporary measure when for example you are migratng your IP address range or merging with another company. It is generally not a good long term solution

2) 2 vlans mapped to the same IP subnet. This is used when you are running a FWSM (Firewall Service Module) or ACE (Application Control Engine) for example in transparent mode. In transparent mode the device is not a L3 device so the IP subnet on both sides of the device is the same. But you can't use the same vlan on both side because you then get a loop in your network which would cause issues with STP. So you use one vlan one side and one vlan on the other but use the same IP subnet.

But as already mentioned a one-to-one mapping is best practice and makes it easier to manage.

Jon