What Does 'VLAN (Virtual Local Area Network)' Mean?

Daniel Gonzales author Daniel Gonzales
What is a VLAN (Virtual Local Area Network)?
Image by jannoon028 on Freepik

A Virtual Local Area Network (VLAN) is a logical group of devices on a physical network that behave as if they are on a separate network. VLANs are used to segment a physical network into logical subnets, each with its own broadcast domain and security policies.

This allows for greater flexibility in the organization and management of a network, as well as better security and performance. VLANs are implemented using VLAN tagging, which adds a VLAN identifier (VID) to the frames of network packets to identify which VLAN they belong to. This tagging is done by network switches, which use the VID to forward packets to the correct devices.

More information

VLANs are a powerful tool for network administrators, as they give them the capacity to segment a physical network into multiple logical networks. This can be useful in a variety of situations, such as:

Isolation of sensitive data: By creating a VLAN for sensitive data, network administrators can ensure that it is only accessible by authorized users and is better protected against unauthorized access.

Reducing broadcast traffic: In a large network, broadcast traffic can become a major problem as it can consume a lot of bandwidth and slow down network performance. By creating VLANs, network administrators can limit the scope of broadcast traffic, reducing its impact on the network.

Improved security: VLANs can be used to implement security policies and access controls. For example, by creating a separate VLAN for guests, network administrators can ensure that guest traffic is isolated from the rest of the network and cannot access sensitive information.

Cost savings: Creating VLANs can be a cost-effective way of reducing the number of physical network devices required. For example, by creating multiple VLANs on a single switch, network administrators can avoid the need to purchase multiple switches.

VLANs are implemented by adding a VLAN identifier (VID) to the frames of network packets. This is known as VLAN tagging. The VID is a 12-bit field that is added to the Ethernet header of the packet, and it can have a value between 1 and 4094. The switch uses the VID to identify the VLAN to which the packet belongs and then forwards it to the correct device. This is done using a VLAN tagging protocol like IEEE 802.1Q.

VLANs can also be configured with different types of frame tagging.

  • Port-based VLAN: It assigns each switch port to a specific VLAN, regardless of the device connected to it.
  • MAC-based VLAN: It assigns each device to a specific VLAN based on its MAC address.
  • Protocol-based VLAN: It assigns each device to a specific VLAN based on its IP protocol.

Finally, VLANs can be managed by two types of VLAN management:

  • Static VLANs: Where the VLANs are configured manually and changes must be made manually too.
  • Dynamic VLANs: The VLAN assignment is done automatically based on predefined rules and actions.

It is important to note that to communicate between VLANs, a Layer 3 device, such as a router, is required.