Network switches forward traffic between hosts based on unique hardware address burned into the network interface called a MAC (media access control) address. At this level the IP address is not used for addressing. This traffic can be entirely within a single switch, or can be cascaded between switches which are interconnected.
A Virtual Local Area Network (VLAN) is a network switch configuration which allow groups of network ports to be grouped into a separate virtual switch by assigning those ports the same VLAN number. Virtual switches with the same VLAN number on different physical switches can be combined into a single virtual switch by connecting the physical switches with “trunks”, which are Ethernet connections which can carry multiple VLANS between the switches while keeping the traffic separate using a special tag to the traffic which is present only while the traffic is on the trunk. The standard tagged protocol is 802.1Q.
Hosts (a host is any device on a network) on separate VLANS cannot communicate at the switch level without an interconnection, either a logical connection through a router or a physical interconnection, such as a network cable between the two VLANs, although a physical interconnection would be rare and not a best practice.
A subnet, short for subnetwork is a logical subdivision of an IP network. Hosts in the same subnet contain identical “network addresses” which are the most significant (first) bits in the IP address. The number of significant bits to use to match hosts in the same subnet is indicated in the “subnet mask.” An IPv4 network with an address of 220.127.116.11 and a subnet mask of 255.255.255.0 has 24 bits in the subnet mask, so the portion of the IP address which is common in the subnet is 192.168.1. Any host with an IP address from 192.168.1.1 to 192.168.1.254 is a member of that subnet. The highest address in a subnet is reserved as a “broadcast address”. Traffic sent to the broadcast address is sent to all hosts on the subnet. In this case it is 192.168.1.255. Hosts within the same subnet are said to be in the same “broadcast domain.” One reason to create smaller subnets rather than have all the devices in a single large network is to decrease the amount of broadcast traffic, since most of the broadcast traffic any given host receives is not relevant to that host.
Traffic destined to hosts which are not on the same subnet must travel through a router, which is responsible for forwarding the traffic to the destination subnet. This is commonly called the “default gateway” in the host configuration.
COMMUNICATIONS BETWEEN HOSTS
When a host wants to send traffic to another host it looks at the IP address of the destination to see if it on the same subnet. If it is, the sender broadcasts an ARP (address resolution protocol) message asking all the hosts on the subnet “who has the destination IP”. The host with the destination IP replies with the hardware (MAC) address of its interface which has that IP address. The sender then directly sends the traffic to the receiver using the MAC address. If the destination IP address is not on the same subnet as the sender, then the sender forwards the traffic to the hardware (MAC) address of the default gateway (router), which uses the IP address to forward the traffic to the proper subnet.
VLANS and IP Subnets are different things although the terms are often used interchangeably, because in a properly configured network they service the exact same pool of hosts. A VLAN is a Layer 2 (Switch) configuration and a Subnet is a Layer 3 (Router) configuration. A VLAN and a Subnet should have a one to one correlation. All the devices attached to a VLAN will need to be on the same IP Subnet and any communication between hosts on that VLAN and hosts the rest of the network will need to go through a router.
Technically, groups of hosts on two different subnets, could be plugged into the same VLAN (or unmanaged switch) and communication between hosts which were on the same subnet would occur. This is a bad practice. The VLAN (or switch) would forward all broadcast traffic from all subnets to all hosts. Additionally it is unlikely that a router could be configured to route traffic between the VLANS. Occasionally you will see an incorrectly configured network where two separate VLANs are mistakenly physically connected. The symptom which will reveal this is typically ARP broadcasts inquiring about IP addresses on a subnet that is mapped to the VLAN which has been mistakenly interconnected.
Paul Zielie is the manager of Enterprise Solutions at AMX by Harman (www.amx.com).