Virtual Local Area Network (VLAN)

 A VLAN is a group of devices on one or more LANs that are configured so that they can communicate as if they are attached to the same network switch but in reality, they are part of different network switches.

 VLANs define broadcast domains in a Layer 2 network. A broadcast domain is the group of all devices that will receive the broadcast frames (the unique address of a device within a LAN segment) of any device within the group. Layer 2 switches are multiport bridges which allows you to create multiple broadcast domains. Each broadcast domain (VLAN) acts like a virtual bridge. The virtual bridge will allow devices of the same broadcast domain to communicate with one another even though they might be connected to different switches. VLANs are often associated with IP subnets. For example, all of the devices in an IP subnet may belong to the same VLAN. However, traffic cannot pass directly to another VLAN. Communication between VLANs require the use of routers or Layer 3 switches.

 There are two major standards in use today. Cisco created ISL which is a tagging protocol external to the switch. The VLANs of a switch are handled externally so that when information needs to be passed to a frame/device of a VLAN, the handler will directly send the information to the switch that contains the frame/device. This avoids the inefficiency that arises from passing the information along multiple switches/VLANs when searching for the frame/device. However, this protocol is only available to Cisco products since it is proprietary. The other standard is IEEE 802.1Q which is a tagging protocol that identifies the VLAN of every frame/device in a network. This protocol has a wider device support since it is non-proprietary.



 Grouping up devices virtually instead of physically grouping them.

 Easy Management

 Easy to configure large networks (even across large geographic distances) using VLAN technology. Requires very little overhead if one wants to implement VLANs

 Physical Medium Independence

 VLANs are independent on the physical medium over which the network is connected. This makes it possible to create VLANs that spread across different countries and around the globe.


 Specific VLANs may be prioritized to ensure that data is delivered to its destination as soon as possible.


 It is extremely difficult to breach an entire network if it is split into VLANs. By breaching a specific user/port, the breacher does not gain access to the whole network, instead, they only gain access to the VLAN and its devices. This reduces the effectivity of a lot of attacks.


 Using a network that connects devices via VLAN instead of being physically connected is extremely cost efficient. This also saves the extra cost of implementing a routed network.


 VLANs Limit

 Only 4094 different VLANs may be created for the same network due to the 12 bit VID identifier. However, this should be more than enough for today’s networks.

 Security Limit

 For networks spanning across a large geographical location, the traffic will usually go through the internet meaning that the traffic will be susceptible to sniffing or “Man in the Middle” attacks. If the VLAN is infected with a virus, it can spread easily since the VLAN acts as a LAN. Very strong firewalls are also required to ensure that the network and the devices of a VLAN are safe on the LAN level.

 Managerial Overhead

 VLANs will require an increasing amount of managerial work as the network grows and evolve over time. In the future, stronger/bigger switches may also be required due to the growing amount of devices in the network.


"Catalyst 4500 Series Switch Cisco IOS Software Configuration Guide, 12.2(25)EW - Understanding and Configuring VLANs [Cisco Catalyst 4500 Series Switches]." Cisco. N.p., 15 Oct. 2013. Web. 25 Mar. 2017.

"VLAN Principles of Operation." Virtual LANs. N.p., n.d. Web. 25 Mar. 2017.