CBT Nuggets

Subnet vs VLAN: What’s the Difference?

by David Zomaya
Subnet vs VLAN: What’s the Difference? picture: A
Published on July 24, 2019

Whether you're studying for the CCENT, CCNA, or Network+, understanding the ins and outs of subnets and VLANs is important. When you're first getting started, it can be hard to tell the difference between a subnet and VLAN (Virtual Local Area Network). At a glance, they both deal with creating a segment or partition of your existing network.

However, there's much more to it than that. Once you take a deeper look, you start to notice that they really don't have too much in common.

When it comes to understanding the differences, you'll need to have a basic understanding of what the data link layer (layer 2) and network layer (layer 3). In this piece we will go over what a subnet and a VLAN actually are and their differences.

OSI Model Layers

Before we talk about VLAN or subnet, let's briefly cover the OSI Model. Open Systems Interconnection (OSI) is a model that conceptualizes the way computing functions. This is a 7-layer model used as a tool to trace the flow of data on the network.

  • Application Layer (Layer 7)

  • Presentation Layer (Layer 6)

  • Session Layer (Layer 5)

  • Transport Layer (Layer 4)

  • Network Layer (Layer 3)

  • Data Link Layer (Layer 2)

  • Physical Layer (Layer 1)

This model typically breaks down by what protocol is being used to communicate. Layer 1 is (as the name suggests) the physical level where the process of data begins. Layer 7 (application layer) is the top layer where protocols like telnet and http communicate. Everything else from starting data requests to getting to the internet falls between these two layers.

While there's a lot of information to cover in this area, we will be focusing on Layer 2 and Layer 3. If you're still fuzzy on the differences between the different layers, check out our Networking Basics: What is the OSI Model? post.

VLANs Work on Layer 2

A VLAN works at the Data Link Layer or Layer 2. In a nutshell, VLANs virtually isolate networks and create discrete broadcast domains. If you're comfortable with the concept of a LAN (Local Area Network), VLANs should be easy enough to conceptualize. If not, Jeremy Cioara has got you covered.

A "regular" LAN is a way of physically grouping devices together. A VLAN is a way of grouping devices into one or more logically isolated network. It is important to note that you can have multiple VLANs on the same switch. Conversely, you can have a single VLAN span multiple switches.

Before VLANs the only way of isolating networks would be to have two complete sets of equipment (i.e. router, switch, and nodes) in order to setup a proper LAN. With a VLAN, instead of having one switch for each LAN, you can now use a single switch to create multiple logical networks.

Pro Tip: To route traffic between VLANs, you need a Layer 3 routing device. This is a common stumbling point for beginners. Just because two VLANs are on the same switch, doesn't mean they can communicate.

Use Cases for VLANs

One of the main reasons you might be looking at a VLAN is the added security benefits. Devices on different VLANs cannot communicate with each other. You can create a VLAN for a guest network while keeping the reset of the company at a safe distance. You can even take it a step further and create multiple VLANs for all of your departments.

Let's say you want all of your accounting department to have access to the same information. You can put them all on VLAN1 keeping anyone not on this subnetwork from viewing traffic. You can repeat this for any other departments within the company and create a VLAN2 or VLAN3. On top of the added security, it will also help with network speeds. VLANs will help them all communicate and exchange information faster without having to follow the regular network traffic flow.

Because the VLANs can't exchange information from different VLANs they are not fighting through the regular traffic patterns. Let's use a standard traffic pattern help with this visual. We'll use a 2-lane highway for this example. If trucks and cars are sharing both lanes the traffic will arrive at the same time no matter what lane you're using.

The problem is that trucks (larger data packets in this example) will move at a slower speed. Now let's call the left lane VLAN1 and the right lane VLAN2. VLAN2 only allows trucks to travel through it and they cannot switch over to VLAN1. This allows VLAN1 to move at uninterrupted speeds clearing up network traffic. If a single department like the accounting department we mentioned before was all connected to VLAN1 they could travel back and forth without having to get caught in the regular flow of traffic.

You can do all of this without needing a dedicated switch for each LAN. This makes it possible for someone located on the 10th floor and the 1st floor to be on the same VLAN.

Need more help understanding VLANs? Check out this MicroNugget: What are VLANs?

Subnets Work on Layer 3

A subnet works at the IP layer or Layer 3 of the OSI Model. Subnets enable you to create smaller networks inside a larger overall network.

A standard IPv4 address is typically broken up into a Network ID and Host ID. If we take a class B IP of 172.16.1.10 the first two segments are the Network ID (172.16) and the other two are the Host ID (1.10). When a request is made for information to the internet, it will first be delivered to the network then to the host using the host ID. These numbers will be unique on each network. When creating a Subnet, you use part of the Host ID to identify the subnet the host is located in. Using the same example, the 1 in 172.16.1.10 would identify the subnet.

Use Cases for Subnets

Because you are limited to only a certain amount of IP address on each subnet, splitting into multiple subnets will allow you to control the amount on division. This gives you more control on how to handle network growth as it happens.

This will also improve your network speed by reducing the number of hosts on that subnet. This way when a request comes in, you can reduce the number of hosts on the subnet increase speeds in the process.

Probably the most important reason to look into multiple subnets is security. By breaking your network up into multiple subnets, you can better monitor the flow of traffic allowing you to identify threats with a much faster response time.

However, because this is at Layer 3, anybody that has direct access to the switch you're connected to will be able to see the flow of traffic. Meaning you'll need to take some precautions at the Layer 2 level.

Learning to Subnet Manually

If you'll be taking a networking certification exam anytime soon, understanding how to manually do IPv4 subnetting is vital. At a high-level, there are three keys to understanding IPv4 subnetting:

Understand binary math. The zeros and ones can be confusing when you're first getting started, but they'll make sense over time.

Understand CIDR notation. /24 = 255.255.255.0, but why? This is where that binary math comes in. In binary, 255.255.255.0 is 11111111.11111111.11111111.00000000 (twenty-four leading ones). The shorthand of using a "/" followed by a number is known as CIDR (Classless Inter-Domain Routing) notation and is very common in IPv4 networking.

Practice, practice, practice. The more subnetting you do, the better you will get at it. Practice until you have can rattle off subnets in your head. There are plenty of apps and online tools to test your skills with, use them to your advantage.

For a crash course on IPv4 subnetting, check out Networking Basics: What is IPv4 Subnetting?.

Wrapping Up

The VLAN works at the Ethernet Level (Layer 2) and the subnet at the IP level (Layer 3). It's very important to remember this difference to avoid misconfigurations and security oversights. While the VLAN will increase communication between the devices on the LAN by making it seem like they're basically physically connected together.

The subnet will create multiple hosts to limit the amount of data routed to that host, while allowing you to prepare for potential growth. As we have mentioned previously, you have a limited number of IP addresses on any subnet. It is common to have 1 VLAN to 1 subnet providing you that added layer of security at both layers.


Download

Download

Ultimate Networking Cert Guide

A 97-page guide to every Cisco, Juniper, F5, and NetApp certification, and how they fit into your career.

By submitting this form you agree that you have read, understood, and are able to consent to our privacy policy.


Don't Miss Out

Get great content delivered to your inbox.

I have read and understood the privacy policy, and am able to consent to it.

Recommended Articles

Get CBT Nuggets IT training news and resources

I have read and understood the privacy policy and am able to consent to it.

© 2022 CBT Nuggets. All rights reserved.Terms | Privacy Policy | Accessibility | Sitemap | 2850 Crescent Avenue, Eugene, OR 97408 | 541-284-5522