A VLAN is a software-based method of partitioning a single physical network into multiple isolated broadcast domains. Each VLAN acts as its own independent network, even though all devices may connect through the same physical switches and cables.
VLANs work by tagging data packets with a VLAN ID (typically a number between 1 and 4094). Network switches read these tags and forward traffic only to ports assigned to that VLAN. This means devices on VLAN 10 cannot directly communicate with devices on VLAN 20 without a router in between, even if they're plugged into the same physical switch.
Why this matters:
- Security: Isolate sensitive devices (like servers) from general network traffic, reducing exposure to attacks and unauthorised access
- Network management: Group devices by function or department without rewiring, making changes faster and cheaper
- Performance: Reduce broadcast traffic on congested networks by splitting them into smaller segments
- Guest access: Provide temporary network access without giving visitors access to your main network
Common gotchas: VLANs require compatible network hardware (managed switches, not basic ones). Device access between VLANs needs a router configured with inter-VLAN routing. Most home networks use only the default VLAN and don't benefit from segmentation.
For home users, VLANs become relevant when running servers, smart home devices, or IoT equipment you want isolated for security. For small businesses and enterprise networks, VLANs are essential for managing complex environments efficiently.