Tabla de contenido
Welcome back to the blog. Today, I bring you a hot topic in the world of networks: improving efficiency through the combination of subnetting and VLANs. In today’s post, we’re going to unpack what subnetting is, how it’s done, and what VLANs are. But not only that, we’re also going to talk about the security advantages of VLANs and why it’s not a good idea to do subnetting on the same VLAN. So, prepare your coffee cup and let’s get started!
Diving into the world of Subnetting
Before getting into detail, you should know what subnetting is. It’s a process that divides an IP network into smaller networks, or subnets. This process allows us to better manage our IP address space, providing us with more flexibility and control over our network.
In this process, we use something known as a “network mask”. A network mask is a string of numbers that defines how many hosts can be on a network. For example, a common network mask is 255.255.255.0, which allows up to 254 hosts on a network.
But, how do we do subnetting? Let’s quickly see it. We need to consider the Classless Inter-Domain Routing (CIDR), which allows us to define the length of the network mask. If we start with a /24 network (equivalent to 255.255.255.0), and we want to divide it into smaller subnets, we could go for a /25 mask. This would give us two subnets, each capable of hosting 126 hosts.
To carry out subnetting, we first decide how many subnets we need and how many hosts we want in each one. Then, we adjust our network mask accordingly. And that’s it! We’ve segmented our network.
VLANs: Your new ally in the network
After clarifying subnetting, it’s time to talk about VLANs or Virtual Local Area Networks. VLANs are basically “virtual subnets” that group different hosts, regardless of their physical location on the network.
There are two types of VLANs that you should know about: tagged and untagged. In a tagged VLAN, data packets carry a tag that identifies which VLAN they belong to. This allows packets from different VLANs to coexist in the same network frame. On the other hand, in an untagged VLAN, packets do not carry tags. Therefore, they can only belong to one VLAN at a time.
Also, there are two modes of VLAN links: access and trunk. An access link is one that connects a final device (like your computer) to the network. This link can only belong to one VLAN at a time and is generally set up as an untagged VLAN. On the other hand, trunk links are those that connect switches to each other, and they allow the passage of packets from various VLANs, meaning, they are tagged.
VLANs and security: A dynamic duo
VLANs bring a series of security advantages that make them a very valuable resource. By segmenting your network into different VLANs, you’re isolating communication between the different segments of your network. This means that if an intruder manages to access your network, their ability to move around and access different resources will be limited.
Moreover, VLANs allow you to implement network-level security policies more precisely. You can configure firewalls, access control lists, and other security measures at the level of each VLAN. This gives you great control over who can do what and where in your network.
Subnetting and VLANs: A winning combination
At this point, you might be asking yourself: why isn’t it a good idea to do subnetting on the same VLAN? Well, although it may seem like a good idea at first, doing subnetting within the same VLAN can lead to network performance issues.
The reason is that VLANs and subnets operate on different levels of the OSI model. While subnets work on layer 3 (the network layer), VLANs operate on layer 2 (the data link layer). This means that even though you’re segmenting your network at the IP level with subnetting, all packets still have to pass through the same VLAN. This can create bottlenecks and decrease your network performance.
Therefore, the most efficient approach is to combine VLANs and subnetting. This way, each VLAN has its own subnet, which avoids performance issues and provides greater isolation and security between the different parts of your network. Moreover, it gives you more flexibility to manage and scale your network according to your needs.
In summary, both subnetting and VLANs are valuable tools for any network professional. By combining them properly, you can achieve a more efficient, secure, and easy-to-manage network. I hope this post has helped clear up your doubts. Want to learn more about another network topic? Leave your suggestions in the comments. See you in the next post!