Hi sirsparc,

while I came across no specific limit while scanning the kernel, I can confirm the "4096" limit - that architectural (the MAC-layer header fields allow for VLAN numbers from 0 to 4095) and cannot be changed.

I'm not sure what network design your customer is after, but usually you do not have 4000+ subnets in a single Ethernet switch domain, but closer to a 1 or (at max) 2-digit number. VLAN IDs need only be unique within a switch domain, so it is hopefully very hard to hit that limit with a reasonable network design

If I understood your description right, they'd face one VLAN for "your subnet" (all clients have an interface in that subnet, so they can access the application host "directly") and a limited number of VLANs, one per existing IP subnet. Every client then would need to know about two VLANs, your server about a single VLAN, and the router(s) about one VLAN per subnet... sounds feasible.