1

I appreciate there is an answer here already. As well as reading this and seeing this video I am still slightly confused...

If a company has 2 offices (on the same floor in close proximity of each other) Office one (Marketing) and office two (Finance) both have 5 computers and share 1 switch.

I understand I can set up a VLAN to separate traffic for the 2 departments so each dept only receives 'their' own packets.

What I still don't understand is subnetting - If I setup a subnet of 255.255.255.0 on that switch does that mean the IP address for each dept is different? E.g. 192.168.1.x = Marketing Computers & 192.168.2.x = Finance Computers

OR as the subnet is set-up on the switch the 3rd octet of the IP address of both offices will be the same?

Will 2 separate switches be better?

Community
  • 1
ldvt5
  • 33
  • 1
  • 4

1 Answers1

0

You may be confusing things. With a switch, only the host for which a packet is destined will receive that packet. Switches know nothing about layer-3 (IP packets). The packets are encapsulated inside layer-2 frames when sent to a switch.

A switch is a layer-2 device, and it switches layer-2 frames based on the layer-2 (MAC address). The switch will learn the MAC address of each host, and to which port each host is connected. It will deliver a frame to the port on which the destination host is connected. The only frames which are delivered to all ports are the frames for which the switch doesn't know the port (it learns every time a host sends a frame), or broadcast frames (a switch, or multiple switches connected to each other, with a single VLAN is a single broadcast domain), which ARP uses to resolve the layer-3 (IP) address to a layer-2 (MAC) address.

VLANs allow you to break up the broadcast domain. Your small network shouldn't be suffering from excessive broadcasts unless there is a malfunctioning host. If a host on one VLAN needs to contact a host on a different VLAN is must go through a router. Routers switch at layer-3 (IP packets) between different networks.

As far as subnetting, you should read this answer, which has everything you need to know about that.

Community
  • 1
Ron Maupin
  • 99,565
  • 26
  • 120
  • 195
  • From your answer, it means that in my case my I do not need subnets due to the small number of hosts and vlans should be enough as they are connected to 1 switch and "shouldn't be suffering from excessive broadcasts". Is that correct? You also mention "Switches know nothing about layer-3 (IP packets)..." Don't L3 managed switch do routing as well? Will the one L3 Switch (with both office's VLANs) still route packets on the data link layer using MAC address or via the IP on the 3rd layer? Thanks! – ldvt5 Feb 21 '16 at 12:09
  • First, layer-3 switches are layer-2 switches when it comes to normally connecting hosts. Layer-3 is between networks, like a router, with router configurations. I assume you didn't assign each host its own completely separate network (VLAN), so the hosts are all layer-2 connected on the same VLAN. What I'm saying is that you don't even really need separate VLANs since the broadcast domain is so small, but you could do that. This isn't a hub where every host sees every frame; frames are selectively switched between ports, so not every host sees every frame, and that seemed to be your concern. – Ron Maupin Feb 21 '16 at 19:35
  • Separating by VLANs will necessitate layer-3 (router) configurations in the switch, assuming it is indeed a layer-3 switch. If you are really worried about security, you want to make sure the switch can do ACLs to prevent layer-3 traffic from each VLAN being able to be sent to the other. Each VLAN will need its own subnet, and that's where the link in my answer comes in. Having two separate switches connected together gives no further protection; they would need to be completely separate with separate connections to separate firewalls on separate WAN circuits to get that. – Ron Maupin Feb 21 '16 at 19:43