Options
vlan help
BennyTheMan
Member Posts: 76 ■■■□□□□□□□
in CCNA & CCENT
Switches only allow communication between hosts in the same subnet, so if there is only one switch (no trunk port etc.) would there be any point to creating a vlan? I am just a bit confused about why you would need to create vlans, when you could just restrict access through using subnets. Any help appreciated.
-Benny
-Benny
Comments
-
Optionscarterw65
Member Posts: 318 ■■■□□□□□□□
Say you have two departments - Accounting and Operations. You really don't want OPS in the accounting network nor Accounting in OPS. If you only have one switch servicing both departments, then create VLANS to put them in. VLANs are just groups of ports that get segregated from each other.
-
Options
clarson
Member Posts: 903 ■■■■□□□□□□
When hosts are in the same vlan they use layer 2 addressing, i.e. their mac addresses. So, it doesn't matter what subnet the hosts are in. If they are in the same vlan they can communicate with each other no matter what their subnet is.
Switches allow communication between hosts in the same vlan.
routers route traffic between subnets. So when setup properly, each vlan is it's own subnet. And, we associate each vlan with the subnet. but, at layer 2 only the mac address is important. The subnet becomes important when communication occurs between vlans which is a layer 3 function. -
Options
ypark
Member Posts: 120 ■■■□□□□□□□
BennyTheMan wrote: »Switches only allow communication between hosts in the same subnet, so if there is only one switch (no trunk port etc.) would there be any point to creating a vlan? I am just a bit confused about why you would need to create vlans, when you could just restrict access through using subnets. Any help appreciated.
-Benny
In that scenario, someone with basic knowledge of the network can reconfigure their IP/subnet on their computer to access the devices on the other subnet. With VLANs, it is completely segregated.2022 Goals: [PCNSE] [JNCIS-SP] [JNCIS-SEC] [JNCIS-DevOps]