What are the implications of having two subnets on the same switch?

A host will send ARP requests for address(es) in subnet(s) local to its interface(s). Typically this would be the subnet (or subnets, if multiple addresses are assigned to interfaces) in which the interfaces’ IP address (or addresses) are located. You can add routing table entries to make other subnets appear local to the host’s interface(s) as well.

Two hosts, each configured with a single IP address assigned, and each in different subnets, will not make ARP requests for the other’s IP address.

Assuming the hosts have a gateway specified (either a default gateway or a specific gateway to the other subnet) they will make ARP requests for the applicable gateway and send traffic for the other subnet to that gateway for routing.

Configuring two hosts in this manner will provide a logical isolation. Because the hosts share a broadcast domain, however, no isolation (as there would be if you were using VLANs) is really achieved. It would be easy to ARP and MAC spoof hosts in either subnet from the attached hosts.

If you’re doing this in a lab scenario it’s a fine configuration. If you truly need isolation, though (as in a production deployment) you should use VLANs or separate physical switches.

Leave a Comment