My first post in this forum! At my work place, we use VLANs to break out our network, and to keep network traffic segregated. I'm a little confused with our VLAN structure because I've had comments from contractors saying that we aren't using VLANs, and when I've asked other contractors on their thoughts, they have said its all fine and dandy! So my question to you guys, is this, considering the below example, are these VLANs?
192.168.1.0/24
192.168.2.0/24
192.168.3.0/24
192.168.89.0/24
The way I understand it, because the 3rd octet is different, these are VLANs, even though the subnet is the same at 255.255.255.0. Our switches are routing the traffic fine, and our router is routing traffic fine as well, which makes me believe we are right and these are indeed VLANs.
EDIT:
It looks like we have subnetted our network out rather than use VLANs.
To answer Ron's question, we have a Meraki firewall, which then feeds into a mixture of Dell and Cisco switches. On the Meraki firewall there is a page called 'Addressing and VLANs'. This is where we have our "VLANs" configured.
I know I used a class C network in my original post, but we use a class A network using a class B subnet. Our native VLAN is then 10.0.0.0/16.
On our Meraki firewall the VLANs are filled out as follows:
VLAN 2 - 10.2.0.0/16
VLAN 3 - 10.3.0.0/16
VLAN 4 - 10.4.0.0/16
VLAN 5 - 10.5.0.0/16
So what I understand from responses is that what I thought was VLANs are in fact subnets.
By default, the Meraki unit routes traffic between VLANs but rules have been created to stop this. Coming out of the Meraki unit, the port heading into our core switches (3 x stacked Dell PowerConnect switches) is set to a trunk port. The power connect then pipes the VLANs, via trunks, to other switches at our distribution layer, and then the distribution layer pipes the VLANs to the access layer, which then has ports in access mode. It might be worth noting at this point that we have a DHCP server on our main office LAN on our DC, and the other VLANs are served a DHCP address from the Meraki unit.
So devices which we have on VLAN 2, e.g. IP cameras, can't be accessed from VLAN 3. So I imagine we are using subnets in place of VLANs. How would a VLAN look in this example? Would I use the subnet of 10.0.0.0/16 and that breaks out to VLANs? Would these VLANs then use the same IP address range of 10.0.0.0? I apologise if this is frustrating to answer. I've watched a fair few YouTube videos, but I'm not blessed with the best of brains and I end up more confused!
Our VLANs on the Meraki unit look like this:
Best Answer
You are right, but for the wrong reasons. I think you have some confusion about VLANs and subnets.
First, VLANs are layer 2 constructs and subnets are layer 3 constructs. That means they can be completely independent of each other. VLANS are configured on switches, which use MAC addresses for forwarding and do not understand IP addressing.
Subnets are configured on routers, which use IP addressing for forwarding and do not understand MAC addresses.
While it is very common to have one VLAN per subnet and vice versa, it is not necessary. You can have multiple subnets on a VLAN and have the same subnet on multiple VLANs. but I will admit, these are unusual cases.
Finally, the practice of using the third octet to determine the subnet/VLAN is also common, but again not necessary. As you learn IP addressing better, you will see why that is not always the case.
EDIT:
Based on your additional information, you are in fact using VLANs. As you show on the Meraki firewall, each VLAN has a subnet associated with it. This is the normal way to do things. So VLAN 2 has the subnet 10.2.0.0/16, and so on.
Bottom line: Your network seems to be configured consistent with good practice. Your confusion seems to be your misunderstanding of what the difference between subnets and VLANs are.