Re: Single domain two IP subnets
- From: "Herb Martin" <news@xxxxxxxxxxxxxx>
- Date: Thu, 14 Sep 2006 19:48:40 -0500
"Kurt" <lorentzenkurt@xxxxxxxxxxxxxxxxxx> wrote in message
news:12gir3fpjhsj117@xxxxxxxxxxxxxxxxxxxxx
Why not VLANs? I admit this isn't my strongest area, but I thought that
was one thing VLANs could do... I bow to your expertise.
IMHO, VLANs would be the way to go. Otherwise the separation between
subnets is purely logical.
No, subnets in IP are far more than purely logical.
They practically always represent a distinct "Broadcast
domain" (area in which a broadcast will freely propagate.
If two machines are on the same broadcast domain they
are (practically*) always on the same subnet, and conversely
if they are not on the same broadcast domain then they are
not in the same broadcast domain.
[* It is theorectically possible to have multiple subnets on
the same 'wire' or 'broacast domain' but this is not a common
practice in modern networks -- and still requires some special
configuration.]
The real problem is many the incomplete understand of of
VLANs switches, and switches in general, by many people.
One cannot understand VLANs (or any switches) completely
without first understanding the differences and features of
both Routers and Bridges -- we can call the features something
else but switches are merely "switching" combined with either
the Bridge or Router concept, or in modern devices a hybrid
of all three concepts.
VLANs switches allow the admin to (easily) redefine each
bridged segment to include arbitrary connections to the switch,
and thus map a "set of computers" to either one bridged
broadcast domain OR another to which routing is required.
Routed segments REQUIRE different IP subnets while EACH
bridged segment typically (and all modern networks) place all
of the machines on the same subnet.
Anybody could just change their IP address, or introduce a laptop with an
IP address on another subnet and be connected.
This really has nothing specific to do with VLANs per se.
It is a feature of whether that wiring segment is either Bridged or
Routed.
The KEY to a VLAN switch is the "area" or the "component
network cables" which are BRIDGED vs. ROUTED can be
configured by the Admin using switch-commands.
VLANs contain broadcasts and prevent any kind of connection between
subnets other than through the router (which can be locked down as tightly
as local management sees fit). If I were designing this for a client, I
would probably sell them managed layer-2 switches for subnets B-D and a
layer-3 switch for Subnet A. Traffic from the other subnets could be
trunked through the uplink port and routed at the L-3 switch. Quick to set
up, central management, fewer devices to configure, plus L-3 switches will
forward gigabit traffic at wire-speed unlike plain vanilla routers.
The above has little to do with understanding the basic concepts that
are being confused here -- and detracts from keeping the explanation
simple and accurate.
--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]
...kurt
.
- Follow-Ups:
- Re: Single domain two IP subnets
- From: Kurt
- Re: Single domain two IP subnets
- References:
- Single domain two IP subnets
- From: chetan . kamra
- Re: Single domain two IP subnets
- From: Lanwench [MVP - Exchange]
- Re: Single domain two IP subnets
- From: Herb Martin
- Re: Single domain two IP subnets
- From: Lanwench [MVP - Exchange]
- Re: Single domain two IP subnets
- From: Kurt
- Single domain two IP subnets
- Prev by Date: Re: two dc and one dhcp
- Next by Date: Re: two dc and one dhcp
- Previous by thread: Re: Single domain two IP subnets
- Next by thread: Re: Single domain two IP subnets
- Index(es):
Relevant Pages
|
