VLANs vs Subnets - Why would you choose one over the other?
- Thread starter drbx19
- Start date
As I understand it you use both together.
We have many VLAN's where I work all with their own subnet, so hardwire devices are differnet to wireless, servers are on a differnet vlan as are phones.
Allows many network configurations over the same hardware
Kimbie
We have many VLAN's where I work all with their own subnet, so hardwire devices are differnet to wireless, servers are on a differnet vlan as are phones.
Allows many network configurations over the same hardware
Kimbie
We're currently putting in VLANs which are on their own subnet; This limits broadcasts and with InterVLAN routing, they can still communicate with eachother (as they all need access to file server). We can then limit access with ACLs, but thats another story 
Permabanned
- Joined
- 28 Dec 2009
- Posts
- 13,052
- Location
- london
Some places don't use vlans correctly. then they seem a bit pointless. Like this one place had their voip phones on a different vlan but you could still plug a laptop in to the phone port and get a data ip and see the servers. Probably not configured correctly.
Sounds a bit like InterVLAN routing there, but they forgot to make it VOIP only restriction on the one in question.
Permabanned
- Joined
- 28 Dec 2009
- Posts
- 13,052
- Location
- london
Well the pcs chain off the phones and the voip are specically set to vlan 2 for example. So the voip works but you can still plug a laptop in and get a data ip. I guess this way vlans are used not for security, use NAC for that.
Where i work at the moment there are no vlans used. Just subnets for workstations and servers and printers.
Where i work at the moment there are no vlans used. Just subnets for workstations and servers and printers.
Last edited:
We have ours like that, our phone system is on one subnet and our DHCP server is on another, and our servers are on another.
On the PoE switch we assign Voice+Data to a port, this allows us to use one port for two purposes. The phone gets an IP from the phone system and the pc gets an IP from our DHCP server.
Kimbie
Soldato
- Joined
- 18 Oct 2002
- Posts
- 8,304
- Location
- The Land of Roundabouts
Siemens phones? one of our clients have the same set-up, only sometimes the phones have a habit of picking up a data ip address
Most managed switches allow you to set the port as a dedicated vlan or can be decided upon by the clients vlan id tag. Handy for hosts that can handle virtual network cards (esxi, firewalls etc)
Okay guys so if I was going to use subnets with vlans and my IP subnets were as follows:
Subnet A) 172.30.43.0 - 172.30.43.31
Subnet B) 172.30.43.32 - 172.30.43.64
Would I be able to make Subnet A group Vlan 10 and Subnet B group Vlan 20?
Its just that my example from Cisco has them set as:
Subnet A - 172.17.20.10 - Vlan 10
Subnet B - 172.17.20.20 - Vlan 20
Subnet C - 172.17.20.30 - Vlan 30
This looks as if each vlan is on a different network :S
Subnet A) 172.30.43.0 - 172.30.43.31
Subnet B) 172.30.43.32 - 172.30.43.64
Would I be able to make Subnet A group Vlan 10 and Subnet B group Vlan 20?
Its just that my example from Cisco has them set as:
Subnet A - 172.17.20.10 - Vlan 10
Subnet B - 172.17.20.20 - Vlan 20
Subnet C - 172.17.20.30 - Vlan 30
This looks as if each vlan is on a different network :S
Permabanned
- Joined
- 28 Dec 2009
- Posts
- 13,052
- Location
- london
They were avaya and cisco phones that used the chain function. When we rebooted the cisco switches the phones would not work, had to manually go around to each phone and set the vlan manually. 
good job there was only about 40 of them affected and 6 people doing it. only took 10 seconds.
My current site does not have voip, they use a BCM and this causes a few issues with patching because you have to re-patch the cables on the patch panels when people move around. You should see the patch cabinets, worse i have seen.
good job there was only about 40 of them affected and 6 people doing it. only took 10 seconds.My current site does not have voip, they use a BCM and this causes a few issues with patching because you have to re-patch the cables on the patch panels when people move around. You should see the patch cabinets, worse i have seen.
They are on different networks (a lot easier to tell which VLAN it will be part of e.g 192.168.10.x for VLAN 10, 192.168.20.x for VLAN 20 etc). VLANs was intended to split up networks and stop them communicating with eachother and limit broadcasts. If you still want people to communicate(share files, access server etc), you then need to bring in InterVLAN routing which you need a router or a L3 switch for.
Last edited:
Subnet is a logical difference, defined by the IP and the subnet. The VLAN is usually defined by a port on a switch (not always true).
What this means, is that a flat switch (ie non managed, not supporting of VLANs) means that if you have two subnets attached you can simply change the IP / Subnet on the device to gain access to another subnet.
The VLAN tag means you need to also either change the physical port, or change the switch config.
I've not explained it clearly, or with a particularly good example but you should get the gist.
It was the Cisco Explorer: LAN Switching and Wireless. I've finished that course and passed though, as well as Network Fundamentals.
Ah, so you're doing the CCNA course in college. How you finding it?
Ours does that and it's definitely set up correctly.
You set up data as an untagged vlan, and voice as a tagged vlan
Then you set up specific settings in the data DHCP scope to tell phones which vlan to use
Plug PC in -> Data vlan -> job done
Plug phone in -> Data vlan -> sees DHCP setting for voice vlan -> switches over to voice vlan.
A PC can be daisy chained off the phone, and the phone will make sure the data traffic is passed on untagged, and the voice traffic is tagged. This is handy because you only need one port for phone + PC.
Just to say, Cisco switches with Cisco phones they don't need to go to DHCP to be told to go onto a specific vlan. The command 'switchport voice vlan #' will put any traffic onto that vlan # if it sees the device as a Cisco phone (using CDP I believe).
I've been investigating doing something similar with some Nortel/Avaya phones and it appears there is an industry standard for doing this called LLDP or LLDP-MED. If your phone and switch support LLDP, it acts the same as the pure Cisco setup does. No more hassle of phones potentially taking up IP addresses on the data subnet
I've been investigating doing something similar with some Nortel/Avaya phones and it appears there is an industry standard for doing this called LLDP or LLDP-MED. If your phone and switch support LLDP, it acts the same as the pure Cisco setup does. No more hassle of phones potentially taking up IP addresses on the data subnet
Just to say, Cisco switches with Cisco phones they don't need to go to DHCP to be told to go onto a specific vlan. The command 'switchport voice vlan #' will put any traffic onto that vlan # if it sees the device as a Cisco phone (using CDP I believe).
I've been investigating doing something similar with some Nortel/Avaya phones and it appears there is an industry standard for doing this called LLDP or LLDP-MED. If your phone and switch support LLDP, it acts the same as the pure Cisco setup does. No more hassle of phones potentially taking up IP addresses on the data subnet
Yeah there are several ways of doing it, but as we have Extreme switches, there is no "switchport" command
. We could have LLDP, or in fact you can write quite complex scripts for Extreme switches, but it's not something we need.