kentoh - Fotolia
A prevailing question that many new network administrators ask is the difference between virtual LANs -- or VLANs -- and IP subnetworks, or subnets. While instances occur where one can use the terms VLAN and subnet interchangeably, distinct differences exist between the two.
To truly understand the divergence between VLANs vs. subnets, one must first understand the OSI model. This technical reference model details how applications communicate with one another across a network. In most cases, the type of network protocol used is IP, which stands for Internet Protocol.
What is the OSI model?
The OSI model consists of seven different groups, or layers. Each layer builds on top of the other to properly package, address and send data in the packet's payload. IP networks use the two following addressing methods:
- Media access control (MAC) address. This address uses a 16-character hexadecimal address unique to the device's network card. MAC addresses function at Layer 2 and are used to communicate with other devices within the same Layer 2 LAN.
- IP address. This is a 32-bit numbering scheme administrators can assign to each connected device. IP addressing happens at Layer 3 of the OSI model.
VLANs vs. subnets: Key differences
Without getting too deep into the inner workings of VLANs vs. subnets, network administrators must understand the VLAN's purpose is to communicate with other devices within the same LAN, which is known as intra-VLAN communication. IP subnets, on the other hand, transmit data between VLANs -- dubbed inter-VLAN communication.
Where things get muddled, however, is that devices within the same VLAN must also be configured within the same IP subnet. Essentially, intra-VLAN communication requires both a MAC address and an IP address within the same subnet to communicate.
VLANs and subnets in practice
As a business adds more devices to a LAN, a single VLAN becomes overutilized due to an increase in broadcast traffic. These broadcasts bog down the network until it can no longer transmit and receive data efficiently.
To counter this, network administrators can create additional VLANs. Creating multiple VLANs breaks up the broadcast domains and reduces the amount of broadcast traffic on each LAN segment. However, when a device on one VLAN needs to talk to another device on a different VLAN, it cannot do so without going through a router interface.
Router interfaces operate at Layer 3 of the OSI model and require IP to communicate. Static routes or dynamic routing protocols can direct traffic initiated from one VLAN to another. Thus, each VLAN must be configured to split into separate broadcast domains at Layer 2 and include how to communicate between VLANs at Layer 3.
To accomplish this configuration, a network administrator must first create a unique IP subnet for each VLAN. Next, the administrator must assign the subnet a gateway IP address, which is the router interface's IP address. When traffic travels between VLANs, the packets are directed first to the VLAN's default gateway. From there, the router will perform a routing table lookup to find the destination IP subnet and send the traffic to the corresponding gateway address.
Dig Deeper on Network Infrastructure
Related Q&A from Andrew Froehlich
Zero-knowledge proofs can help companies implement a zero-trust framework. Learn about the two concepts and how they come together to better secure ... Continue Reading
Security administrators don't have to choose between zero-trust and defense-in-depth cybersecurity methodologies. Learn how the two frameworks ... Continue Reading
Administrators are assessing microsegmentation to beef up access control and security. But deploying microsegmentation can be complex. Continue Reading