VLAN — Technology Wiki

Overview

Direct Answer

A Virtual Local Area Network (VLAN) is a logical subdivision of a physical network that groups devices into separate broadcast domains based on software configuration rather than physical location. Devices within a VLAN communicate as if directly connected, regardless of their physical position across switches or network infrastructure.

How It Works

VLANs operate by tagging network frames with VLAN identifiers (typically using IEEE 802.1Q protocol), allowing switches to route traffic based on membership rather than geography alone. Each VLAN maintains its own broadcast domain, meaning broadcast packets remain isolated within that logical network. Inter-VLAN communication requires routing through a Layer 3 device configured with interfaces for each VLAN.

Why It Matters

Organisations use VLANs to reduce broadcast traffic, improve security through network segmentation, and simplify network administration without requiring physical rewiring. They enable compliance with regulatory isolation requirements and reduce infrastructure costs by allowing flexible device placement independent of network topology.

Common Applications

Enterprise networks deploy VLANs to isolate guest networks from corporate systems, separate voice over IP traffic from data traffic, and segment departments for access control. Healthcare facilities use VLANs to comply with data protection requirements, whilst educational institutions separate student networks from administrative systems.

Key Considerations

VLAN implementation requires careful configuration to avoid broadcast storms and misrouted traffic; improper tagging or trunk port setup can degrade performance. Security depends on proper access control lists at routing boundaries, as VLANs alone do not prevent lateral movement if Layer 3 filtering is inadequate.

Related in Infrastructure

VPN

Virtual Private Network — a technology creating a secure, encrypted connection over a less secure network like the internet.

SD-WAN

Software-Defined Wide Area Network — a virtualised network architecture that enables centralised management of geographically distributed networks.

5G

The fifth generation of mobile network technology offering higher speeds, lower latency, and massive device connectivity.

Proxy Server

An intermediary server that forwards requests between clients and other servers, providing security and caching.

Reverse Proxy

A server that sits in front of web servers and forwards client requests to the appropriate backend server.

More in Networking & Communications

Network Topology

Protocols & Standards

The arrangement of elements such as nodes, links, and devices in a computer network.

Computer Network

Protocols & Standards

A collection of interconnected computing devices that share resources and communicate using standardised protocols.

Mesh Network

Protocols & Standards

A network topology where each node relays data for the network, providing self-healing and redundant paths.

Network Segmentation

Network Security

Dividing a computer network into smaller subnetworks to improve security and performance.

Wi-Fi 6

Protocols & Standards

The sixth generation of Wi-Fi technology offering improved speed, capacity, and performance in dense environments.

NAT

Protocols & Standards

Network Address Translation — a method of mapping one IP address space into another by modifying packet headers.

IP Address

Protocols & Standards

A unique numerical label assigned to each device connected to a computer network for identification and routing.

Throughput

Protocols & Standards

The actual rate of successful data transfer across a network in a given time period.