VLAN basics

VLANs, or Virtual Local Area Networks, segment a LAN into logical sub-networks with isolated broadcast domains over the same physical topology.

VLANs behave like isolated networks, even though data is moving through the same physical network. VLANs logically group client devices that need to communicate, and restrict data from clients that shouldn’t be receiving it.

Why set up VLANs?

• Added security — Placing clients on a separate VLAN can share sensitive data and restrict users on other VLANs from listening in.

• Reducing traffic — VLANs can limit broadcasts to relevant devices for better network performance.

How do VLANs work?

VLANs apply tags to network frames that designate which VLAN the traffic is assigned to. Frames that are not assigned to a VLAN are considered untagged. The default VLAN is usually untagged traffic.

VLANs are managed by assigning one of the following port roles:

• Access ports — Ports assigned to a specific VLAN. Typically used on connections to specific client devices.

• Trunk ports — Ports carrying traffic for more than one VLAN to other network devices such as a router, managed switch, or an access point.

• Excluded — The port is not a member of a specified VLAN.

Routers have two more VLAN management features:

• Inter VLAN Routing — Allows communication between VLANs. This feature must be enabled on both VLANs for it to work properly.

• Device Management — Permits devices on the VLAN to access the router.