VLAN


A virtual local area network, virtual LAN or VLAN, is a group of hosts with a common set of requirements that communicate as if they were attached to the same broadcast domain, regardless of their physical location.
A VLAN allows you to create groups of users and systems and segment them on the network. This segmentation lets you hide segments of the network from other segments and thereby control access. You can also set up VLANs to control the paths that data takes to get from one point to another. A VLAN is a good way to contain network traffic to a certain area in a network.

A VLAN has the same attributes as a physical local area network (LAN), but it allows for end stations to be grouped together even if they are not located on the same network switch. VLAN membership can be configured through software instead of physically relocating devices or connections.

VLANs address issues such as scalability, security, and network management.

By definition, switches may not bridge IP traffic between VLANs as it would violate the integrity of the VLAN broadcast domain.

On a LAN, hosts can communicate with each other directly through broadcasts, no forwarding devices such as routers, are needed. As the LAN grows, the amount of broadcast traffic grows. Shrinking the size of the LAN by segmenting it into smaller groups (VLANs) reduces the size of the broadcast domains. The advantages of doing this include reducing the scope of the broadcasts, improving performance and manageability, and decreasing dependence on the physical topology. A key benefit is that VLANs can increase security by allowing users with similar data sensitivity levels to be segmented together.

A VLAN is a broadcast domain created by switches.

