VLAN is intended to create a separate broadcast domain within a switch. Realize that switches break up collision domains, but not broadcast domains. So in order to divide a switch up in to separate broadcast domains you use VLAN's. A broadcast in VLAN 1 will not be heard in VLAN 2.

This is all at layer 2. We have not even introduced a router.

Subnets on the other hand are created to preserve IPv4 address space, and is obviously at layer 3.

Both of these provide a level of security. In the real world it is not seen as "one or the other". Often, or mostly, both are used. It's typical to throw a subnetted network in to it's own VLAN (in order that it only hears broadcasts intended for its network). You do not see people in the same subnet on seperate VLAN's (they need broadcasts), unless you start talking about private VLAN.

This is the kind of stuff I would encourage a CCNA to actually lab up. It's easy to lab in packet tracer. Just take a switch, toss 2 PC's on there. Configure PC100 in VLAN100, and PC200 in VLAN200. Put them both on 10.0.0.0 network. Then attach a router....and think about how you would get the two PC's to ping each other

• Written by pradeep.
• In category Hardware & Troubleshooting.
• 14 years ago.

Hot Hits: 3817

Like it on Facebook, Tweet it or share this article on other bookmarking websites.