Imagine a company where all departments share the same network.
Sales, Technical, and HR teams are all connected together, and their traffic mixes without any separation.
This situation is neither secure nor practical...
Figure 1 – Illustration of a switch connecting many PCs to explain VLAN concepts.
That’s why engineers created VLANs (Virtual Local Area Networks).
A VLAN defines a separate broadcast domain at Layer 2, allowing networks to be logically segmented even when devices share the same switch.Answer the question below
Let’s start with the basics. Imagine you have a typical Layer 2 switch, like a Cisco switch.
Figure 2 – A basic VLAN diagram showing four PCs connected to a single switch
You connect many devices: PC1, PC2, PC3, and PC4. By default, the switch behaves in a very simple way:
The default setting places all the switch ports in VLAN 1.
Figure 3– Default switch behavior with all ports in VLAN 1
The switch places all its ports into a single broadcast domain.
As a result, when one device sends a broadcast, it is forwarded to every other connected device.
Figure 4 – All PCs communicate inside the same VLAN
It’s as if all devices are sitting in the same room; they can communicate with each other openly!
Key Point:
When devices are in the same VLAN, they share the same Layer 2 broadcast domain.
Answer the question below
What is the default VLAN on all switch ports?
Now, imagine you have two different teams in your company:
Sales Team (PC1 and PC2)
Tech Team (PC3 and PC4)
Figure 5 – Devices grouped into Sales and Tech teams, connected to the same switch
If everyone remains in the same VLAN, Sales and Tech devices can see each other's traffic.
Is that a good idea? Not really.Why should you separate them?
Security: Ensure that teams do not expose sensitive data.
Efficiency: Reduce unnecessary broadcast traffic and improve network performance.
Organization: Segment the network in a way that reflects the company's structure.
Without VLANs, you would need many physical switches to separate traffic. This approach is costly and inefficient.
Answer the question below
Let’s see how VLANs actually work on a switch.
A VLAN lets a switch group to separate its ports into different groups, even if all devices connect to the same switch.
A VLAN ID identifies each group, which is a number between 1 and 4094.
Figure 6 – VLAN 10 and VLAN 20 create logical separations between devices connected to the same physical switch.
In our example, we want to separate two teams:
Device
Port
VLAN
Team
PC1
G0/0
10
Sales
PC2
G0/2
10
Sales
PC3
G0/1
20
Tech
PC4
G0/3
20
Tech
Table 1 – VLAN assignment and team mapping
The switch now behaves as if it were two separate virtual switches. This simple setup explains what a VLAN is and how it works. It shows devices grouped logically and kept separate.Now, look at the diagram below:
Here, PC1 tries to send a frame to PC2.
Figure 7 – PC1 can talk to PC2 in VLAN 10. This is allowed since they are in the same VLAN.
Since both are in VLAN 10, the switch forwards the frame without any problem.
Devices in the same VLAN can communicate directly.This time, PC3 sends a frame to PC4.
Figure 8 – PC3 communicates with PC4 within VLAN 20; traffic remains isolated from other VLANs
Again, both are in VLAN 20, so the switch forwards the frame inside VLAN 20.
Traffic stays inside its VLAN and cannot reach other VLANs.But what happens if PC1 tries to talk to PC3?
Figure 9 – VLAN 10 and VLAN 20 isolate PC1 from reaching PC3
Since they are in different VLANs, the switch looks at the VLAN ID and refuses to forward the frame.
Each VLAN is isolated by default, so traffic cannot cross from one VLAN to another.A VLAN completely isolates traffic from other VLANs by default.
Key Points:
Devices in the same VLAN can communicate.
Devices in different VLANs are isolated unless routing is configured.
Broadcasts stay inside their VLAN and are not forwarded elsewhere.
VLANs work at Layer 2 of the OSI model.
To communicate between VLANs, you need a Layer 3 device, like a router.Answer the question below
What identifies a VLAN on a switch?
Now that you know what a VLAN is and how it works, let’s recap why VLANs are essential in modern networks:
Segment the network logically.
Improve security by isolating sensitive traffic.
Reduce broadcast traffic, improving performance.
In the next lesson, we will see how to configure VLANs on a Cisco switch and how to verify VLAN configurations step-by-step.
Answer the question below
What Is a VLAN ?
A VLAN splits a switch into multiple broadcast domains, changing how devices communicate on the same network. In this lesson, you’ll discover why VLANs are essential and what really happens when traffic tries to cross between them.