Subnets vs VLANs Explained: High Level Overview

Thank you for watching! If you would like to see anything specific in the future, please let us know.

THIS!! Honestly this video was frustrating to watch lol.

There are many ways to achieve this, you could do what you suggested or many vendors offer an option to have multiple passwords for a single SSID as well. Once you get in to software defined networking dealing with this becomes a whole can of worms. Ultimately it depends on your solution what you do and what is available and typically wireless will be in it's own subnet anyway since it is not as trusted as wired ethernet. It depends on your setup what you do on the switch itself but the link from switch to AP is usually a trunkated link so all VLAN traffic gets passed through it. Depending on the type of switch it could do layer 3 routing and it would seperate traffic in to VLANs there but in a classical layer 2 environment that traffic gets passed through to the router.
EDIT: It's basically the routing rules between your subnets where the security comes in. You want to seperate your traffic as much as possible, but you do want enough interconnectivity so your services work. So you might seperate your subnets based on the wired connections for departments, but you want each of those departments to be able to talk to the local AD server and the networked storage and the printers. Do you really want your wireless network to connect to that same network? Preferably you'd have the employees connect through a vpn and their identity to a trusted network before interfacing with your internal services. You might have a seperate wireless network for your IOT devices and have a Chromecast on there, you'd want your trusted devices be able to talk to that network, but not have that network be able to talk to those trusted devices. Have public facing services? Seperate those in their own DMZ so nothing goes in or out of that network, etc. There are many considerations to be made.

Great question!
Your average managed switch is a layer 2 device, meaning that it doesn't have any routing capabilities, so sending traffic between different VLANs is not possible. Having multiple VLANs on the same layer 2 managed switch will still result in the connected devices being isolated in their respective VLAN, meaning the devices will not be able to communicate outside of whatever VLAN they are placed in.
Concerning your second question, a router is indeed needed for a device on a subnet to communicate with a device outside of that subnet. To enable outside communication, routers sit in-between subnets and handle the routing of traffic from one subnet to the other.
Here's an example:
192.168.10.2 ---- switch ----- Router ------ switch ---- 192.168.20.2
In the above example, 192.168.10.2 is a device on the .10 subnet, and 192.168.20.2 is a device on the .20 subnet. The .10 device is connected to the .10 switch, that .10 switch is connected to a router, that router is connected to a .20 switch, and that .20 switch is connected to a .20 device, enable the .10 and .20 networks to talk.
I hope that helps!

@@jentatech Hi, thank you for your response!
For VLANs configured in a L2 managed switch to communicate with one another, a router is needed, is that right? If so, how is the setup for that? Is there just one router connected to the L2 managed switch, which is configured to have different IPs for different VLAN interfaces, or should there be separate routers plugged in each VLAN group?
Lastly, if the managed switch has L3 capability, does that eliminate the need for a router for VLANs to communicate with one another and with the networks outside of the switch?
I apologize for bombarding you with questions! I'm just a beginner trying to learn about networking.

My pleasure! We appreciate the questions, no worries on asking as many as needed.
Concerning your first question, the most common configuration for inter-VLAN routing on a layer 2 device is a somewhat antiquated concept referred to as a router on a stick. This approach involves a single router that is connected to a trunk port (used to push traffic to multiple VLANs via a single port), which is only possible if the layer 2 device supports a trunk protocol such as 802.1Q. This process comes with its issues, such as traffic congestion.
Perhaps we will make a video on that in the future as it does take a bit more depth to understand fully!
Also, although you technically could have one router per VLAN group, it would be terribly inefficient and expensive, so it works but its not a realistic option for real world deployment.
For your last question, the answer is yes! If a switch has L3 capabilities, that means it has the ability to route using IP addresses, so there is no need for an additional router.
Remember, L2 devices send frames using MAC addresses, and L3 devices routes packets using IP addresses. With that said, L3 devices can perform L2 duties.

It is possible! Your particular use case would dictate the methodology, but yes it is possible.

@@jentatechThanks for the quick response. I asked myself that because it seems more complicated to me with two Routers. Does this have a special reason in your example?

@@ExperiencePlayers My pleasure! In the example in my video, each group of computers represents a different subnet, and each subnet has a different broadcast domain. In that particular instance you need a layer 3 device (router) for the networks to talk to each other, so it is easier to understand the basics of doing so using multiple routers sitting between the subnets. Although you could use one router with three switches that all belong to different VLANs, there are some separate practices not covered in this video that you'd need to familiarize yourself with to get them to communicate. Mainly a practice called inter-VLAN routing.

@@jentatech Thanks for explanation!

In your example you have three different sub-nets. each one connected to each switch. so in such example no need for VLANs. actually no one of the three switches divided into VLANs. so practically no VLANs here.
VLANs are needed if computers from different sub-nets (IP) connected to same switch, or if there a need to create logical networks in same switch, without router (layer 2 separation only)

Thank you for the comment, as well as the sub! I appreciate you watching