VLAN — Technology Wiki

Overview

Direct Answer

A Virtual Local Area Network (VLAN) is a logical subdivision of a physical network that groups devices into separate broadcast domains based on software configuration rather than physical location. Devices within a VLAN communicate as if directly connected, regardless of their physical position across switches or network infrastructure.

How It Works

VLANs operate by tagging network frames with VLAN identifiers (typically using IEEE 802.1Q protocol), allowing switches to route traffic based on membership rather than geography alone. Each VLAN maintains its own broadcast domain, meaning broadcast packets remain isolated within that logical network. Inter-VLAN communication requires routing through a Layer 3 device configured with interfaces for each VLAN.

Why It Matters

Organisations use VLANs to reduce broadcast traffic, improve security through network segmentation, and simplify network administration without requiring physical rewiring. They enable compliance with regulatory isolation requirements and reduce infrastructure costs by allowing flexible device placement independent of network topology.

Common Applications

Enterprise networks deploy VLANs to isolate guest networks from corporate systems, separate voice over IP traffic from data traffic, and segment departments for access control. Healthcare facilities use VLANs to comply with data protection requirements, whilst educational institutions separate student networks from administrative systems.

Key Considerations

VLAN implementation requires careful configuration to avoid broadcast storms and misrouted traffic; improper tagging or trunk port setup can degrade performance. Security depends on proper access control lists at routing boundaries, as VLANs alone do not prevent lateral movement if Layer 3 filtering is inadequate.

Related in Infrastructure

VPN

Virtual Private Network — a technology creating a secure, encrypted connection over a less secure network like the internet.

SD-WAN

Software-Defined Wide Area Network — a virtualised network architecture that enables centralised management of geographically distributed networks.

5G

The fifth generation of mobile network technology offering higher speeds, lower latency, and massive device connectivity.

Proxy Server

An intermediary server that forwards requests between clients and other servers, providing security and caching.

Reverse Proxy

A server that sits in front of web servers and forwards client requests to the appropriate backend server.

More in Networking & Communications

Routing Protocol

Protocols & Standards

A protocol that determines the optimal path for data packets to travel across interconnected networks.

Software-Defined Networking

Protocols & Standards

An approach to networking that uses software-based controllers to manage network behaviour centrally.

mTLS

Protocols & Standards

Mutual Transport Layer Security — a protocol where both client and server authenticate each other using certificates.

NAT

Protocols & Standards

Network Address Translation — a method of mapping one IP address space into another by modifying packet headers.

Quality of Service

Protocols & Standards

Network management techniques that prioritise certain types of traffic to ensure consistent performance.

Computer Network

Protocols & Standards

A collection of interconnected computing devices that share resources and communicate using standardised protocols.

DHCP

Protocols & Standards

Dynamic Host Configuration Protocol — automatically assigns IP addresses and network configuration to devices.

Wi-Fi 6

Protocols & Standards

The sixth generation of Wi-Fi technology offering improved speed, capacity, and performance in dense environments.