VLANs versus IP subnets: Why use a VLAN over IP subnetting?

Virtual local area networks (VLANs) allow us to create different logical and physical networks; whereas IP subnetting simply allows us to create logical networks through the same physical network.

You can have one physical network (for example, a simple network switch) and configure two or more logical networks by simply assigning different IP networks, like 192.168.0.0/24, 192.168.1.0/24, etc. The problem here is that even though you've created different networks, they are all using the same backbone: your switch. Traffic going through the switch can be seen by all other hosts, no matter what logical network they are on. The result is that security is negligible; sensitive data can be easily captured; and there would be a decreased bandwidth availability since everyone would be using the same backbone. (Imagine placing trucks, motorcycles and cars on a single-lane highway.)

If, on the other hand, your switch can handle VLANs, you can then create one VLAN for each logical network. This effectively means that trucks are placed on their own highway; the same goes for all cars and motorcycles. The bandwidth availability for each VLAN (or logical network) is now maximized, and we also have a decent level of security since the switch that connects each VLAN network, will not allow traffic to flow between them unless configured to do so.

Should you like to read more on VLAN theory and IP subnetting, you can visit my website, www.Firewall.cx, where you'll find detailed diagrams and necessary theory to help you get a better understanding on the topic.