nav[aria-label="Primary Navigation"] { padding: 0; & ul { list-style: none; width: 100%; display: flex; flex-direction: row; justify-content: start; align-items: start; gap: 30px; padding: 0; & li { margin: 0; } & ul li { list-style: none; } } }

vlan help

BennyTheMan

Switches only allow communication between hosts in the same subnet, so if there is only one switch (no trunk port etc.) would there be any point to creating a vlan? I am just a bit confused about why you would need to create vlans, when you could just restrict access through using subnets. Any help appreciated.

-Benny

Find more posts tagged with

SAVE $250 on Your CISCO Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View CISCO Boot Camps

Comments

carterw65

Say you have two departments - Accounting and Operations. You really don't want OPS in the accounting network nor Accounting in OPS. If you only have one switch servicing both departments, then create VLANS to put them in. VLANs are just groups of ports that get segregated from each other.

clarson

When hosts are in the same vlan they use layer 2 addressing, i.e. their mac addresses. So, it doesn't matter what subnet the hosts are in. If they are in the same vlan they can communicate with each other no matter what their subnet is.
Switches allow communication between hosts in the same vlan.

routers route traffic between subnets. So when setup properly, each vlan is it's own subnet. And, we associate each vlan with the subnet. but, at layer 2 only the mac address is important. The subnet becomes important when communication occurs between vlans which is a layer 3 function.

ypark

BennyTheMan wrote: »

Switches only allow communication between hosts in the same subnet, so if there is only one switch (no trunk port etc.) would there be any point to creating a vlan? I am just a bit confused about why you would need to create vlans, when you could just restrict access through using subnets. Any help appreciated.

-Benny

In that scenario, someone with basic knowledge of the network can reconfigure their IP/subnet on their computer to access the devices on the other subnet. With VLANs, it is completely segregated.