I think what was confusing me is that the term "vlan" gets muddled in common parlance. At least where I've worked so far - and again I don't have a background in networking. But for me it was like, is it a subnet, is it a tag, is it a route... But I think I'm grokking the concept now.
I know why you're confused. It's because all of these terms in a lot of implementations refer to the same separation. So one subnet is assigned to one vlan with one route (the router may even be the same device as the switch). But you can put 2 subnets on a vlan (not saying you should).
But when people say "that socket in the wall is on the guest vlan" there's no reason it *has* to be a vlan. It may be a physically separate network with all physical equipment. In general if anyone using the end piece of equipment needs to know anything about vlans something's not right.
Just try and keep in your head the fundamental differences between L2 and 3. Frames delivered by MAC address, packets delivered by IP address, the whole packet encapsulated inside frames. Physical and virtual LAN segregation all L2. Anything with an IP address, routing etc, L3.
This part of networking is really confusing early on, and you won't understand it... Until you do! Then you won't forget it! I learned this stuff in the late 90s and I'm not a networker but in some ways it's so fresh in my memory.
Comments