Multiple Broadcast Domain Same VLAN

kepta · ‎01-10-2023

Hello,

I wanted to confirm the behavior of configurations I often see in industrial automation systems. I was taught one broadcast domain per switch(VLAN) but I frequently see 2 separate subnets operating on one physical switch with only the default VLAN configured. The two subnets don't actually need to ever communicate with each other or even have a GW configured. Like a PLC/SCADA system and robot on one /24 subnet and a series of electrical devices on a separate /24 subnet. From my understanding, all devices will see broadcasts from both subnets which is not ideal from an efficiency or security side but the devices can still succesfully communicate within their subnets. Is that correct?

For new set up I will move them off the default VLAN to two seperate VLANs for each subnet with no routing as they do not need to communicate, but the existing set up I want to make sure will still work.

ammahend · ‎01-10-2023

"From my understanding, all devices will see broadcasts from both subnets" this is not correct. 2 subnet means 2 broadcast domain, broadcast from one subnet will not get to other subnet.

-hope this helps-

kepta · ‎01-10-2023

I thought a layer 2 switch sends out a broadcast to all ports besides the one that receives it, except if the ports are on separate VLANs to break up the broadcast domain which they are not here. Both of these IP subnets are on the same VLAN so what logic besides VLAN will the layer 2 switch use to prevent the switch from switching the frame to all ports? I understand the devices will drop the frames not bound and there will be no layer 3 communication without a router but all devices would still receive the layer 2 broadcast on the single VLAN even if they are on different IP subnets. One of the primary reasons for VLANs are to reduce the need for devices to receive unneeded broadcasts which has security and performance implications. At least that's what I was taught.

Joseph W. Doherty · ‎01-10-2023

BTW, within the same L2 domain, on a switch, unknown unicast is also flooded to all hosts and so if multicast, if something like IGMP snooping not being used.

This can be easily confirmed with a app like WireShark if your NIC is promiscuous mode capable.

MHM Cisco World · ‎01-10-2023

Yes it can work, if both subnet share same VLAN, but this return your SW to old time, in that time there was no VLAN and SW will flood broadcast from on PC in one subnet to all PC in all subnet.
but so what ? what different ? friend as your self something here, how broadcast flood ?? broadcast flood meaning that the SW make copy of broadcast and send to all PC,
now image without VLAN and with VLAN, are the copy of frame is SAME ???

Joseph W. Doherty · ‎01-10-2023

""From my understanding, all devices will see broadcasts from both subnets" this is not correct. 2 subnet means 2 broadcast domain, broadcast from one subnet will not get to other subnet."

Sorry, your incorrect is incorrect.

OP is discussing two subnets sharing the same L2 broadcast domain.

Joseph W. Doherty · ‎01-10-2023

"From my understanding, all devices will see broadcasts from both subnets which is not ideal from an efficiency or security side but the devices can still succesfully communicate within their subnets. Is that correct?"

Yes.

"For new set up I will move them off the default VLAN to two seperate VLANs for each subnet with no routing as they do not need to communicate, but the existing set up I want to make sure will still work."

If your two subnets truly don't intercommunicate, yes, you should be able to place each into its own VLAN and they should continue to function as they do currently.