Why have a routing VLAN

Here is a good example of one reason to have a routing VLAN. You may have 10.0.100.0/24 and 10.0.200.0/24 where you servers and PCs connect to. Your router has interfaces on 10.0.100 and 10.0.200, so all is good — until you need to install a sniffer or a device like a Blue Coat. The Blue Coat by default comes with 2 NICs, one for to intercept the LAN traffic and the other NIC to forward the traffic to the router.

In this setup, *without spending more money*, you can only see one of your subnets, but not both. I know you can purchase a 4-port card for the Blue Coat, but the card is approx $3000 plus tax and shipping. If you have a routing VLAN, i.e. 10.0.300.0/24, you can forward all your traffic to the 10.0.300 subnet and place your Blue Coat on the 300 subnet, then it will see all your LAN traffic. Of course, if this is a larger network, spending $3000 would be the easy fix…