Networking - VLANs (Virtual Local Area Networks)

What is a VLAN?

A VLAN (Virtual Local Area Network) is a way of logically dividing a physical network into multiple, separate networks — even if the devices are connected to the same physical switch.

Think of it as creating separate “rooms” inside one big building so that devices in different rooms can’t directly talk to each other unless allowed.

Why Use VLANs?

Segmentation – Divide large networks into smaller groups (e.g., HR, Finance, Students).
Security – Devices in one VLAN can’t talk to another unless configured via a router or Layer 3 switch.
Performance – Reduces broadcast traffic within a VLAN.
Flexibility – Devices can be grouped by function, not physical location.

Example Scenario

Imagine a company with three departments:

HR computers
Finance computers
IT computers

All are plugged into the same switch. Without VLANs → they are in the same broadcast domain.
With VLANs:

VLAN 10 = HR
VLAN 20 = Finance
VLAN 30 = IT

Now HR traffic stays within VLAN 10, Finance in VLAN 20, etc.
If HR needs to access Finance servers → routing between VLANs is required (called Inter-VLAN Routing).

VLAN Types

Port-based VLAN – Each switch port is assigned to a VLAN.
Protocol-based VLAN – Devices grouped based on protocol (less common).
Dynamic VLAN – VLAN assignment based on MAC address, username, etc.

VLAN Tags and Trunks

Access Port → Belongs to one VLAN (for end devices like PCs).
Trunk Port → Carries traffic of multiple VLANs between switches or to routers. Uses VLAN tagging (IEEE 802.1Q standard) to identify which packet belongs to which VLAN.

Benefits of VLANs

Better control of broadcast domains.
Easier to manage large networks.
Adds security by isolating traffic.
Supports network scalability.

In short: VLANs are like creating separate lanes on a highway.
All cars (data) drive on the same road (switch), but lane dividers (VLANs) keep different groups separated unless there’s an intersection (router).