Notes on Subnets and VLANs(Chapter 8)

• What is a Subnet?
• A subnet, or subnetwork, is a smaller network within a larger network. It
allows for better organization and management of IP addresses.
• Subnets help in reducing network congestion and improving
performance by limiting broadcast traffic to smaller segments of the
network.

• Why Use Subnets?

• Improved Security: By segmenting networks, sensitive data can be
isolated from other parts of the network.
• Efficient IP Address Management: Subnetting allows for more
efficient use of IP addresses, especially in large organizations.
• Simplified Network Management: Smaller networks are easier to
manage and troubleshoot.

Subnet Mask:

• Definition:
• A subnet mask is a 32-bit number that divides an IP address into the
network and host portions. It helps in identifying which part of the IP
address is used for the network and which part is used for individual
devices (hosts) within that network.

• Purpose:
• The primary purpose of a subnet mask is to facilitate routing by
determining how many bits are allocated for the network and how many
are allocated for hosts. This allows routers to efficiently manage traffic
within and between networks.

• Common Subnet Masks:

• Subnet masks are often represented in two formats: CIDR notation
(Classless Inter-Domain Routing) and dotted-decimal format.
• /24 (255.0.0.0):
• In CIDR notation, /24 indicates that the first 24 bits of the subnet
mask are set to ‘1’ (network portion), while the remaining 8 bits
are set to ‘0’ (host portion).
• This configuration allows for a total of 28=256 IP addresses.
 • However, two addresses are reserved: one for the network itself
and one for broadcast, leaving 254 usable IP addresses for
hosts.
• /16 (255.255.0.0):
• In CIDR notation, /16 means that the first 16 bits are designated
as the network portion, with the remaining 16 bits available for
hosts.
• This setup allows for 216=65,536 total IP addresses.
• Again, accounting for reserved addresses (network and
broadcast), this results in 65,534 usable IP addresses.

• Subnetting Benefits:
• Efficient use of IP address space by dividing larger networks into
smaller sub-networks.
• Improved security through isolation of different segments of a network.
• Enhanced performance due to reduced broadcast traffic within smaller
subnets.

• Applications:
• Commonly used in both IPv4 networking environments such as local
area networks (LANs) and wide area networks (WANs).

• Example Calculation:
• For a /24 subnet mask:
• Total Addresses = 2(32−24)=256
• Usable Addresses = 256−2=254
• For a /16 subnet mask:
• Total Addresses = 2(32−16)=65,536
• Usable Addresses = 65,536−2=65,534

The understanding of subnet masks is crucial in designing efficient networks and

managing IP address allocation effectively.

• CIDR Notation:
• Classless Inter-Domain Routing (CIDR) notation is a method for
allocating IP addresses and routing Internet Protocol packets.
• CIDR notation uses a slash followed by the number of bits in the
subnet mask (e.g., 192.168.1.0/24).
•
What are VLANs?

• Definition:
• A Virtual Local Area Network (VLAN) is a logical grouping of devices
that allows them to communicate as if they are on the same physical
network, regardless of their actual physical location.

• Purpose:
• VLANs help to segment networks for improved performance, security,
and ease of management.

• Functionality:
• Operate at Layer 2 of the OSI model (Data Link layer).
• Allow multiple distinct broadcast domains within a single switched
network.

• Types of VLANs:
• Port-based (Static) VLANs: Assigned based on switch port
configuration; each port belongs to one VLAN only.
• Use-based (Dynamic) VLANs: Assigned dynamically based on device
identity or traffic type; ports can belong to multiple VLANs.

• Benefits:
• Improved Performance: Reduces broadcast traffic by limiting
broadcasts to specific VLANs.
• Enhanced Security: Controls access between different groups of
users or devices by isolating them in separate VLANs.
• Simplified Administration: Easier management of user groups
without needing physical reconfiguration when users move locations.
• Reduced Broadcast Traffic: By creating separate broadcast domains,
VLANs reduce unnecessary traffic across the entire network.
• Flexibility and Scalability: VLANs allow for easy changes in network
configuration without needing physical rewiring.
•

• Identification:
• Each VLAN is identified by a unique VLAN ID (1-4095), which is
included in the Ethernet frame header as a tag.
 • Trunking:
• Trunk ports allow multiple VLANs to traverse a single link between
switches, reducing the number of required connections.

Spanning Tree Protocol (STP)

• Purpose:
• STP is designed to prevent loops in network topologies, particularly in
Ethernet networks where multiple switches are interconnected.

• Loop Prevention:
• In a network with redundant paths, data packets can circulate endlessly
if loops are not managed, leading to broadcast storms and network
congestion.

• Operation:
• STP operates by creating a loop-free logical topology from a physical
topology that may contain loops.

• Bridge Protocol Data Units (BPDUs):

• STP uses BPDUs to share information about the network topology
among switches. These messages help determine the best path for
data transmission.

• Root Bridge Election:

• The protocol elects one switch as the “root bridge,” which serves as the
central point of reference for all other switches in the network. The
election is based on the lowest bridge ID.

• Port States:
• Each port on a switch can be in one of five states:
• Blocking: Does not forward frames and listens for BPDUs.
• Listening: Listens for BPDUs to ensure no loops exist before
transitioning to forwarding state.
• Learning: Learns MAC addresses but does not forward frames
yet.
• Forwarding: Forwards frames and learns MAC addresses.
• Disabled: Not participating in STP.
 • Path Cost Calculation:
• Each switch calculates the cost of paths to reach the root bridge based
on link speed. Lower-cost paths are preferred.

• Redundant Links Management:

• STP disables certain links while keeping others active, ensuring that
there is always a backup path available without causing loops.

• Variants of STP:
• There are several enhancements and variations of STP, including
Rapid Spanning Tree Protocol (RSTP) and Multiple Spanning Tree
Protocol (MSTP), which improve convergence times and scalability.

• Convergence Time:
• Traditional STP can take up to 30 seconds or more to converge after a
topology change, which can be problematic for real-time applications.
RSTP reduces this time significantly.

• Limitations:
• Maximum of 4,096 VLANs per switching domain due to the limitations
of the tagging system.

• Use Cases:
• Commonly used in organizations for departmental segmentation, guest
access isolation, and managing voice over IP (VoIP) traffic.

• How VLANs Work:

• Devices on different VLANs cannot communicate directly unless routed
through a Layer 3 device like a router or Layer 3 switch.

VLAN Tagging

• Definition: VLAN tagging is a method used in networking to identify and

segregate traffic within a Local Area Network (LAN) by adding a unique
identifier to Ethernet frames.

• Purpose: The primary purpose of VLAN tagging is to allow multiple logical

networks to coexist on the same physical network infrastructure. This
enhances network efficiency and security.

• How It Works:
• When a device sends an Ethernet frame, VLAN tagging adds a tag that
includes the VLAN ID (VID).
 • The VID is typically a 12-bit field, allowing for up to 4096 unique VLANs
(0-4095), although some IDs are reserved.
•

• Tag Protocol Identifier (TPID):

• The TPID is a 16-bit field that indicates the presence of a VLAN tag.
The standard value for Ethernet frames is 0x8100.

• Frame Structure:
• A standard Ethernet frame consists of several fields: Destination MAC
Address, Source MAC Address, EtherType/Length, Payload, and
Frame Check Sequence (FCS).
• With VLAN tagging, an additional field called the “VLAN tag” is inserted
between the EtherType/Length and Payload fields.

• Types of VLAN Tagging:

• IEEE 802.1Q: This is the most common standard for VLAN tagging. It
defines how tags are added to Ethernet frames.
• It specifies how to insert the VLAN tag into the frame.
• Supports both single and multiple VLANs on trunk links.
• IEEE 802.1ad (Q-in-Q): This allows for stacking multiple VLAN tags in
a single frame, enabling service providers to manage customer traffic
more effectively.

• Switch Behavior:
• Switches use the VID in tagged frames to determine which ports
belong to which VLANs.
• Untagged frames can be assigned to a default or native VLAN based
on switch configuration.

• Benefits of VLAN Tagging:

• Improved security by isolating broadcast domains.
• Enhanced network performance through reduced broadcast traffic.
• Simplified management of network resources by logically grouping
devices.

• Challenges:
• Misconfiguration can lead to security vulnerabilities such as double-
tagging attacks.
 • Requires compatible hardware and proper configuration across all
switches in the network.

The implementation of VLAN tagging is crucial for modern networking environments

where scalability, security, and efficient resource management are paramount.

• .

Subnetting vs. VLANs

• Definition of Subnetting:
• Subnetting is the process of dividing a larger network into smaller,
manageable sub-networks (subnets).
• It allows for better organization and efficient use of IP addresses.
• Each subnet can have its own network address and range of IP
addresses.

• Layer of Operation:
• Subnets operate at Layer 3 of the OSI model, which is the Network
layer.
• This layer is responsible for routing packets between devices across
different networks.

• Definition of VLANs:
• A Virtual Local Area Network (VLAN) is a logical grouping of devices
within a physical network.
• VLANs allow devices to communicate as if they are on the same local
network, regardless of their physical location.

• Layer of Operation:
• VLANs operate at Layer 2 of the OSI model, which is the Data Link
layer.
• This layer handles data transfer between adjacent network nodes in a
wide area or local area network.

• Purpose and Functionality:

• Both subnets and VLANs are used to segment networks for improved
performance and security.
• Subnets help in managing IP address allocation and routing traffic
efficiently.
• VLANs enhance security by isolating traffic within a single broadcast
domain, preventing unauthorized access between different segments.
 • Routing vs. Switching:
• Subnets require routers to facilitate communication between different
subnets.
• VLANs rely on switches to manage traffic within the same broadcast
domain without needing routing unless connecting to other networks.

• Scalability:
• Subnetting can accommodate more devices by allowing multiple
subnets within an organization’s IP address space.
• VLANs can be easily reconfigured without changing physical
connections, providing flexibility in managing network resources.

• Broadcast Domains:
• Each subnet creates its own broadcast domain; broadcasts sent in one
subnet do not reach others.
• In contrast, all devices within a VLAN belong to the same broadcast
domain, meaning broadcasts will be received by all members of that
VLAN.

The understanding of subnets and VLANs is crucial for anyone looking to work with
computer networks as they form the foundation for effective network design and
management.