In the single IT VLAN approach, all the BAS access switches and all the network engine s (if the network engine s need to be visible from the IT network) are located in a single IT VLAN/subnetwork. If the VLAN and associated subnetwork are dedicated exclusively to the BAS network by IT, the BAS traffic will be isolated from the rest of the IT traffic. Alternatively, if the VLAN and the associated subnetwork are not dedicated exclusively to the BAS network, the network engine s will be exposed to the traffic from the other devices in the VLAN; likewise the other devices in the VLAN will be exposed to the traffic from the network engine s. In either case, the single VLAN needs to be propagated across IT network switches. Within the single IT VLAN approach, there are two options for connecting the BAS access switches to the IT network - by way of trunks or by way of access ports.
Note: In a segmented architecture where all the network engine s reside in the same IT VLAN and subnet, only one of the network engine s is configured as a BBMD. Directed broadcasts and Access Control Lists (ACL's) configured on the BAS access switches are used to limit BACnet broadcasts from an network engine to the subnet(s) in which the IP controllers the network engine supervises reside and between IP controllers in the same subnet. Therefore this design is not suitable for sites with BACnet routing enabled, or where cross VLAN/subnet controller-to-controller communication (for example, peer references) is desired, unless BBMDs are placed in the BAS private subnets with the IP controllers.