What Is a VLAN?

• Logical segmentation of one physical switch (or switch fabric) into multiple, isolated Layer 2 domains.
• Devices share the same hardware but behave as if they’re on separate networks.

VLAN vs. Traditional LAN

• LAN: one broadcast domain across all ports (or cascaded switches).
• VLAN: multiple broadcast domains on the same hardware—traffic stays confined to its VLAN.

Why Use VLANs?

1. Performance
   • Limits broadcast “noise” to only those devices in the same VLAN.
   • Enables per‑VLAN QoS rules (e.g. voice or video priority).
2. Security
   • Keeps sensitive systems (finance, management) separate from general users or IoT.
   • Simplifies firewall/access‑control policies by grouping by role.
3. Administrative Ease
   • Reassign devices in software—no need to patch cables or run new drops.
   • Logical grouping (by department, function, tenant) regardless of physical location.

Common VLAN Types

• Port‑Based (Static): each switch port is tied to one VLAN.
• Use‑Based (Dynamic): membership determined by MAC, credentials or protocol.
• Voice VLAN: reserved for IP‑phone traffic, with built‑in QoS.
• Management VLAN: dedicated to admin access (switch/route consoles).
• Default/Native VLAN:
  • Default: often VLAN 1; carries untagged control frames.
  • Native: trunk’s untagged VLAN—should match on both ends to avoid surprises.