Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3261
Views
10
Helpful
12
Replies

Subnet vs VLAN, L2 broadcast and L3 broadcast

Go to solution
SJ K
Level 5
Level 5

‎04-07-2015 11:22 AM - edited ‎03-07-2019 11:26 PM

Hi all,
 

I am not sure why my post keep disappearing in the forum, please kindly find the actual thread as below and I hope gurus here can help advise further!

https://supportforums.cisco.com/discussion/12471836/subnet-vs-vlan-l2-broadcast-and-l3-broadcast
 

Thank you!

Regards,

Noob

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to SJ K

‎04-07-2015 12:21 PM

q1) by far the most common setup is a one to one relationship between vlans and IP subnets.

You can have multiple subnets in a vlan and use secondary IP addressing but this is really a temporary measure and is only really useful in certain scenarios.

You can also have one IP subnet and two vlans. This is used for a particular setup where you want to run a device such as a firewall in L2 transparent mode as opposed to L3 routed.

But again this is the exception not the norm.

q2) they wouldn't need a default gateway no and you wouldn't need a L3 routed interface for that subnet.

Yes they still need IPs.

q3) Yes, for example L2 protocols eg STP, can send frames between switches without IP addresses.

But it's not that src and dst IPs are empty, it's that there is no IP header.

But if you are referring to end devices then no because they have TCP/IP stacks and once the L2 header has been removed from the frame and passed up to the IP layer an IP address is needed.

q4) It depends on the vlans. A vlan is a broadcast domain not an IP subnet. So if ab and cd subnets are in the same vlan then yes same broadcast domain.

If ab and cd are each in their own vlan then no, two separate broadcast domains.

q4.1) The arp request is a L2 broadcast so the above still applies ie. it depends on whether you have both subnets in the same vlan or not.

q4.2) Can't think of any off the top of my head but others my be able to add to this.

q5) No not really but broadcasts won't either if each subnet has a different vlan.

Your last few questions really all depend on whether you have a different vlan per IP subnet or not.

Jon

View solution in original post

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to SJ K

‎04-09-2015 11:16 AM

q1) I was thinking of a network card that started sending out lots of broadcasts for example. It's never happened to me but I have heard of it happening.

It was really just an example though of how vlans can help isolate L2 issues because they not do not cross L3 boundaries.

q2) i'll try and answer what I think you are asking but if not then please clarify.

When you say IP subnetting has nothing to do with broadcasts it comes back to that article you read.

And it does directly relate to vlans.

If you have one vlan with lots of IP subnets you have created on big broadcast domain which is not what you want.

If you have multiple vlans using one IP subnet, well you can't really do that other than the specific example I gave where you would use one IP subnet across two vlans and that is only for a specific implementation.

So there is relationship between vlans and IP subnetting even though vlans are L2 and IP subnetting is a L3 concept.

If you didn't subnet then you would need just one vlan and you are back to the broadcast domain issue all over again.

It really comes down to the size of your organisation. For a small company with one site and maybe 100 or so devices you don't necessarily need to subnet and many don't.

But when you get larger it is impractical to use just one IP subnet even within a single building if there are enough users never mind across a WAN.

So technically within a single building you could use one IP subnet together with one vlan but if there were a large number of users it wouldn't work very well at because of the reasons discussed.

And as I say there are other reasons for subnetting ie. many L3 devices including firewalls offer better security features and if you wanted to control traffic between clients and servers for example you would need multiple vlans and IP subnets.

It's difficult to know exactly what to say without knowing your production environment in terms of the size of it etc. because what you are asking may be perfectly sensible if it isn't very large.

So by all means if I haven't directly answered your question please come back.

Jon

View solution in original post

0 Helpful
12 Replies 12

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎04-07-2015 11:24 AM

If I click on that link it tells me I am not authorised to view the page.

Not sure how you are doing that but just cut and paste into this thread.

Jon

0 Helpful

Go to solution
SJ K
Level 5
Level 5
In response to Jon Marshall

‎04-07-2015 11:32 AM

Hi Jon,

 

Glad to see your reply! Done it as above. Can't amend my original thread in this post, once i do so, this post will be gone from the forum, so i posted as a reply!

 

Thanks!

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to SJ K

‎04-07-2015 12:21 PM

No problem, see answers above.

Expecting some more follow up questions :-)

Jon

0 Helpful

Go to solution
SJ K
Level 5
Level 5

‎04-07-2015 11:31 AM

q1) is VLAN and subnet a 1:1 relationship ? can multiple subnets belong to a single VLAN, or multiple VLANs share a same subnet ?

The reason being I have come across a design specs which lay down "Production environment" , inside it has multiple subnets which is okay, but I am not sure are the subnets belonging to the same VLAN ? or rather can they ?

 

q2) if devices are from a same subnet/connected to the same switch does not need to be routable to another other subnet/network. there is no need to set a gateway ip in the devices already am i right ? But do they still need IP addresss to communicate with one another ?

 

q3) Technically, can a frame be send from a device to another device connected to the same switch without "IP addresses" assuming both the source and destination MACs are made known ?  (meaning that the src and dest ip in the frame is empty)

 

q4) If multiple devices from different subnets  (e.g. device a,b are from subnet ab, device c,d are from subnet cd) are connected to the same switch, are they still technically consider to be in the same broadcast domain ? 

 

q4.1)  I would assume that an arp request is a L2 broadcast am i right ? and it will affect all the devices above (a,b,c,d) despite them being in different subnet . e.g. [src mac a.b.c.d] [dst mac f.f.f.f]  [src ip 192.168.1.1] [dst ip 192.68.1.10], am i right ?
 

q4.2) Above arp request is a L2 broadcast with specific L3 destination address but L2 broadcast address,
Is there any example on L3 broadcast (255.255.255.255) which have specific L2 destination mac address ?

 

q5) if mutiple devices from different subnets are connected to the same switch, is there any possibilities that frames from one subnet will inter-cross to devices on other subnet beside L2 broadcast ?  Is there any other impact ?

Hope my questions make sense.

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to SJ K

‎04-07-2015 12:21 PM

q1) by far the most common setup is a one to one relationship between vlans and IP subnets.

You can have multiple subnets in a vlan and use secondary IP addressing but this is really a temporary measure and is only really useful in certain scenarios.

You can also have one IP subnet and two vlans. This is used for a particular setup where you want to run a device such as a firewall in L2 transparent mode as opposed to L3 routed.

But again this is the exception not the norm.

q2) they wouldn't need a default gateway no and you wouldn't need a L3 routed interface for that subnet.

Yes they still need IPs.

q3) Yes, for example L2 protocols eg STP, can send frames between switches without IP addresses.

But it's not that src and dst IPs are empty, it's that there is no IP header.

But if you are referring to end devices then no because they have TCP/IP stacks and once the L2 header has been removed from the frame and passed up to the IP layer an IP address is needed.

q4) It depends on the vlans. A vlan is a broadcast domain not an IP subnet. So if ab and cd subnets are in the same vlan then yes same broadcast domain.

If ab and cd are each in their own vlan then no, two separate broadcast domains.

q4.1) The arp request is a L2 broadcast so the above still applies ie. it depends on whether you have both subnets in the same vlan or not.

q4.2) Can't think of any off the top of my head but others my be able to add to this.

q5) No not really but broadcasts won't either if each subnet has a different vlan.

Your last few questions really all depend on whether you have a different vlan per IP subnet or not.

Jon

0 Helpful

Go to solution
SJ K
Level 5
Level 5
In response to Jon Marshall

‎04-08-2015 10:49 AM

Hi Jon,

 

Thanks for the replies. But a million thanks, not sure why only you have answered my questions , maybe they are just too elementary :(!

But as usual, this forum will be dull without you!

 

Back to the thread ->

q1) I will take it that its 1 subnet per vlan 1st because i still really can't grasp the setup on having 1 subnet in multple vlans and mutiple subnets in a single vlan.

But are you able to share more information with me on secondary ips ? are they something like a floating ip ?

 

q1.5) as per my previous question, i was handed a design doc whereby under the production environment, there are different subnets of devices.
Can all these subnets be under 1 production VLAN (without the use of secondary ips) ?  

 

q1.6) What could be the reason for having mutiple subnets under 1 production environment ?

I am thinking it could be the grouping of devices type according to the application nature. If they are web applications, it is under 1 subnet, if they are middlewares, then it is another subnet and lastly databases on another subnet.

Or rather, why is the basis/logic behind when creating /deciding how many subnets are required ?  since it is nothing to do with broadcasting already as mutiple subnets can still share the same broadcast domain. 

Is it base on routing requirements ? meaning if it is intended for devices to go through firewall/gateway to reach another group of devices, then there is a need to create 2 different subnet.

 

q4) Yeap. Actually i meant it that subnet ab and subnet cd are both connected to a l2 switch with totally no vlan setup (except for the default management vlan). So i believe they will be in the same broadcast domain and affected by arp request - am i right ?

 

q4.1) can an ARP request actually go beyond a subnet  (meaning pass a router to another network) ?  I am thinking that the answer is no.

Because if it needs to go to another network to get a mac address of an external device, it will actually go thorugh the gateway's ip and arp request for the gateway mac address, which supposingly, the gateway will be in the same network/subnet as the device sending out the arp request - am I right ?

 

q5) Assuming that no VLANs are setup, i am reading this article over here

http://searchnetworking.techtarget.com/answer/VLANs-versus-IP-subnets-Why-use-a-VLAN-over-IP-subnetting

on the paragraph 2

"The problem here is that even though you've created different networks, they are all using the same backbone: your switch. Traffic going through the switch can be seen by all other hosts, no matter what logical network they are on."
 

So i am thinking, every traffic has a src and destination. How can it be seen by other hosts connected on the switch ? unless it is a broadcast message.   Hence my question on earlier on

- "is there any possibilities that frames from one subnet will inter-cross to devices on other subnet beside L2 broadcast ?"  &

- "is there anyway a unicast message (1 to 1) in a subet, be seen by another device on another subnet ?

 

================================

 

Thank you Jon

I hope my questions dont bored you as I think no one will ask these in actual implementation. Mine is pure theory ;/

 

Regards,
Noob

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to SJ K

‎04-08-2015 01:53 PM

q1) when you have a L3 interface (SVI or routed port) for a vlan you assign it a primary IP address and this is normally all you do.

But you can add multiple secondary IP addresses as well using the "secondary" keyword after the IP address.

A typical use for this if you are readdressing the devices in the vlan so you can have both IP subnets in the same vlan.

But as I say it is more of temporary measure than anything else.

q1.5) they could be all in the same vlan but you wouldn't do that because it then it is one big broadcast domain and additionally it is easier to control traffic between vlans with acls on the L3 interfaces.

In addition a L2 issue such as a bad network card is isolated to that vlan.

q1.6) again you need to be clear. Are you asking about multiple subnets in one vlan or multiple subnets where it is one subnet per vlan.

Apart from broadcasts there are a couple of reasons above as to why you would want one IP subnet per vlan.

In terms of how many vlans for clients people usually use a /24 as this is a reasonable size although I have used /25s before and then have servers in their own vlans.

You just pick a logical scheme that is applied everywhere and is well understood.

It is not for routing requirements particularly but with your example if you wanted to separate devices from each other with a L3 firewall then yes you would use different vlans.

q4) yes, if there are no vlans all devices will see the arp request.

q4.1) No arp requests do not get forwarded by routers although there is something called proxy arp where the router responds with it's own mac address for a client not on the same subnet.

Yes, if the destination device is on another subnet the client will send the traffic to it's default gateway.

q5) Even the title of the article makes little sense. A vlan is a L2 concept, IP subnetting is L3.

You don't choose one over the other.

You also don't see all the traffic unless, as you say, they are talking about broadcasts because switches don't work like that.

Probably best just to ignore that article to be honest.

Jon

 

 

Go to solution
SJ K
Level 5
Level 5
In response to Jon Marshall

‎04-09-2015 10:52 AM

Hey Jon,

Thanks for replying and sorry for getting back late.

Back to the questions

q1.5) they could be all in the same vlan but you wouldn't do that because it then it is one big broadcast domain and additionally it is easier to control traffic between vlans with acls on the L3 interfaces.

In addition a L2 issue such as a bad network card is isolated to that vlan.


q1) What would be the impact then of a bad network card in the event that all the subnets belong to the same VLAN ? over here do you mean a bad network card of the device connecting to the switch ? or a bad network module in a switch ?

 

q1.6) again you need to be clear. Are you asking about multiple subnets in one vlan or multiple subnets where it is one subnet per vlan.

Apart from broadcasts there are a couple of reasons above as to why you would want one IP subnet per vlan.

In terms of how many vlans for clients people usually use a /24 as this is a reasonable size although I have used /25s before and then have servers in their own vlans.

You just pick a logical scheme that is applied everywhere and is well understood.

It is not for routing requirements particularly but with your example if you wanted to separate devices from each other with a L3 firewall then yes you would use different vlans.

 

q2) Sorry for the confusion Jon. For this question, It has nothing to do with multiple subnets in the same VLAN or different VLAN. It is rather the question why the need to subnet the difference devices which are supposingly to be under the same production environment.

 

The design is like having

Production Environment

Subnet 1 (device a,b,c)  Subnet 2 (device d,e,f)
 

I mean since subnetting has got nothing to do with broadcast domain, why the need to separate them ? 

My wild guess is the devices might be exiting using different gateways to different other environment and hence the need to subnet / separate them out or there is a need to go through the router/firewall for inter-subnet communications
 

What's your thought on this ?

 

================================================================

Well, as I am still new to my role, I didn't raise much queries during the meeting as I do not want to seem stupid :/ but i just can't help myself to figure out why :)

 

Thank you!

 

Regards,
Noob

 

 

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to SJ K

‎04-09-2015 11:16 AM

q1) I was thinking of a network card that started sending out lots of broadcasts for example. It's never happened to me but I have heard of it happening.

It was really just an example though of how vlans can help isolate L2 issues because they not do not cross L3 boundaries.

q2) i'll try and answer what I think you are asking but if not then please clarify.

When you say IP subnetting has nothing to do with broadcasts it comes back to that article you read.

And it does directly relate to vlans.

If you have one vlan with lots of IP subnets you have created on big broadcast domain which is not what you want.

If you have multiple vlans using one IP subnet, well you can't really do that other than the specific example I gave where you would use one IP subnet across two vlans and that is only for a specific implementation.

So there is relationship between vlans and IP subnetting even though vlans are L2 and IP subnetting is a L3 concept.

If you didn't subnet then you would need just one vlan and you are back to the broadcast domain issue all over again.

It really comes down to the size of your organisation. For a small company with one site and maybe 100 or so devices you don't necessarily need to subnet and many don't.

But when you get larger it is impractical to use just one IP subnet even within a single building if there are enough users never mind across a WAN.

So technically within a single building you could use one IP subnet together with one vlan but if there were a large number of users it wouldn't work very well at because of the reasons discussed.

And as I say there are other reasons for subnetting ie. many L3 devices including firewalls offer better security features and if you wanted to control traffic between clients and servers for example you would need multiple vlans and IP subnets.

It's difficult to know exactly what to say without knowing your production environment in terms of the size of it etc. because what you are asking may be perfectly sensible if it isn't very large.

So by all means if I haven't directly answered your question please come back.

Jon

0 Helpful

Go to solution
SJ K
Level 5
Level 5
In response to Jon Marshall

‎04-11-2015 12:23 PM

Hi Jon,

Sorry for the late reply as I  got overnight work in my project the last 2 days.

Yeap. You answered by questions perfectly well!

Althought subnet and VLAN are 2 different thing, but somehow they are related in terms of broadcast domain as you normally assign a subnet to a VLAN.

 

I am just curious on the following

-  the main reason VLAN are created are so that broadcast domain are break down

-  the main reason for subnet creation will be ?

              a) to control traffic flow between subnets  -- just a supporting reason
              b) reducing broadcast due to normal subnet:vlan 1 to 1 relationship -- just a supporting reason

              c) to support scalability in case your subnet devices grow in amount -- just a supporting reason again

              d) So that you group devices in the same network segment together and they can communicate directly without going through a gateway. -- could this be the basic fundamental answer.

 

what else ? what could be the main point behind creation of multiple subnets in a single environment. 

 

Thanks
Regards,
Noob

           

 

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to SJ K

‎04-12-2015 05:20 AM

All you reasons are valid but I usually just have two main reasons which are really part of what you have already covered -

1) you need to create manageable broadcast domains and because there is usually a one to one mapping between vlan and IP subnet then you need multiple IP subnets as well.

2) you want to logically organise your devices in terms of PCs, servers, firewall connections etc. and the way to do this is with vlans and IP subnets.

Jon

Go to solution
SJ K
Level 5
Level 5
In response to Jon Marshall

‎04-12-2015 05:32 AM

Hi Jon,

Glad to see you back! Thought i lost you!

Are you also able to take a look at this post which I hve posted yesterday..

Management port in Cisco Switches (are they really physical port)

 

Thank you!

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card