Difference between Subnet and VLAN?

Subnets (L3) and VLANs (L2) are on different layers. The terms should not be used interchangeably. A VLAN can contain one or more L3 prefixes ("Subnets"). For a layman this could cause confusion. Often people don't understand that these two are connected but not the same. People might say The host located in our server subnet or The server located in the DMZ VLAN and mean the same thing.

They are only used interchangeably from a perspective of each unique vlan at layer 2 should have its own subnet for addressing at layer 3 giving you separation and ability to manage broadcast traffic etc.

In terms of scenarios where you would have a vlan without a subnet then only perhaps if using an 'ip unumbered' setup but there are not too many reasons to want to have to do this. If you review some best practice models like Cisco's composite network model then in terms of keeping individual subnets and your vlans 'local' to switch blocks then you would generally have a separate subnet assigned per vlan.

This is a very informal way of looking at the difference between VLANs and subnets, but it's not inaccurate (just incomplete). It may help networking newcomers get a little bit closer to the right mental picture.

Two different VLANs on a single switch or host are like two physically separate switches. They partition the MAC address space, in that communications between two parties on a single VLAN or on a single physical switch don't involve any other parties on the MAC-level (layer 2) network. The VLAN or physical switch limits the extent of MAC-level message propagation, keeping it as local as possible.

In contrast, IP subnets exist at layer 3 and partition the IP address space, not the MAC address space, but with a similar purpose: to limit the extent of message propagation. Any partitioning at the MAC-level layer 2 network below is entirely transparent to layer 3, which means that VLANs and/or separate physical switches can be treated as one single continuous layer 2 medium from the point of view of IP-level networking.

Conversely, switches and VLANs don't even see IP addresses nor IP subnetting (with some minor provisos which can complicate the picture). Everything at layer 3 and higher is just payload to them at the layer 2 MAC level.

In summary: VLANs and subnets partition different layers of the network model. There is no circumstance in which they are interchangeable terms.

They are very much different. However a lot of terms (megabit, megabyte, memory, hard drive, etc) get miscommunicated.

Often we have customers asking us to move a vlan from one site to another, when really what they want is to move a subnet over.

You get used to it, even though I try and correct them (politely)

A lot of the responders said the terms should NOT be used interchangeably. Actually I think it is perfectly acceptable and common practice amongst people who DO know the difference to use the terms interchangeably when talking about IP on ethernet networks. In fact they pretty much should be synonymous in most circumstances (there's always exceptions) since both define a broadcast domain and your L2 and L3 broadcast domains should normally be identical.

In other words, are there any cases for having a VLAN without a Subnet, and still have IP (L3) communication? [Also ignoring that all networks are not subnets when considering classful networks which all are really just CIDR prefixes these days.]

some routing protocols can be in the same L2 domain and support the likes of apple talk or other non IP L3/4 protocols. These would need to be in the same L2 domain but not be in the same IP subnet, since IP is not required. In such a case it may be practical to use VLANS without considering IP/Subnetting of any kind.

In my experience, these days, they are considered the same until you use a protocol other than IP directly on top of Ethernet.

The difference between the two is one of significance. VLANs are generally only locally unique while subnets are usually unique across an organization.

Folks 'in the know' understand that vlan 100 in campus 1 is different than the one at campus 2 if the subnet of one is 192.168.1.0 and the other is 192.168.2.0. But you could have vlan 100 repeated in every building across a campus if you separate them by layer-3 boundaries and use different subnets.

And then there there are the exceptions to the rules or the bad designs that get worked around with duct tape and nat pools...

In many implementations an IPv4 subnet and a VLAN are closely correlated on a 1:1 basis. A subnet, strictly speaking is a portion of IPv4 address space from which one may assign addresses to hosts. This is differentiated from a "prefix" a term used in the common parlance or a supernet, which may be a some larger portion of IP address space that is comprised of many subnets.

The reason for the correlation is that a single VLAN and a single subnet both represent a single broadcast domain. As such, these two tend to be overlaid in most implementations. As described in earlier answers, a VLAN is a layer 2 entity. All hosts on a given VLAN can communicate with each other, but no hosts on one VLAN can communicate to hosts on another without some form of routing or in rare cases, bridging.

Put another way, subnets are, technically, a division of the address space at the L2 level -- it's more of a routing decision than anything else. VLANs are tunneled LAN frames within the payload of other LAN frames. Ignoring the various standards for a moment, if you put a packet analyzer on the cable, you'd see:

For a subnetted LAN, you'd see the same traffic. THere's no easy way to look at a subnetted LAN and tell it is, in fact, subnetted. For VLANs, you'd actually see ethernet frames carrying a VLAN tag, which then carry another ethernet frame inside of them.

Subnet frames are easily handled by equipment -- you can choose to ignore the subnet at a given moment if you want to, for example, have a transparent proxy watch some trafic. VLANs are tunnels.