What Is a VLAN ?
Course Contents
1. Introduction
What is a VLAN and how does it work? If you want to design modern and secure networks, understanding VLANs is essential.
A VLAN is a technology that works at Layer 2 of the OSI model.
It lets you group devices logically and control how Ethernet frames are forwarded inside a switch.
Many explanations only scratch the surface. In this course, you’ll truly grasp what a VLAN is, why it’s needed, and how it actually works with simple examples and clear diagrams.
2. Default Behavior of a Switch
Let’s start with the basics.
Imagine you have a typical Layer 2 switch, like a Cisco switch.
You connect multiple devices: PC1, PC2, PC3, and PC4.
By default, the switch behaves in a very simple way:
All the switch ports are placed in the same VLAN by default: VLAN 1.
Because of this, the switch treats the entire network as a single broadcast domain.
Any broadcast sent by one device is forwarded to all others.
It’s like all devices are sitting in the same room, they can talk freely to each other without any restriction !
🔹Key Point:
When devices are in the same VLAN, they share the same Layer 2 broadcast domain.
3. The Need for VLANs
Now, imagine you have two different teams in your company:
- Sales Team (PC1 and PC2)
- Tech Team (PC3 and PC4)
If everyone remains in the same VLAN, Sales and Tech devices can see each other’s traffic.
Is that a good idea? Not really.
Why should you separate them?
- Security: Prevent sensitive data from being exposed across teams.
- Efficiency: Reduce unnecessary broadcast traffic and improve network performance.
- Organization: Logically segment the network to reflect the company’s structure.
Without VLANs, the only way to separate traffic would be to use multiple physical switches, which would be costly and inefficient.
VLANs allow you to create multiple logical networks inside the same physical switch.
4. How VLANs Work
Let’s see how VLANs actually work on a switch.
A VLAN allows a switch to separate its ports into different groups, even if all devices are physically connected to the same switch.
Each group is identified by a VLAN ID, a number between 1 and 4094.
In our example, we want to separate two teams:
| Device | Port | VLAN | Team |
|---|---|---|---|
| PC1 | G0/0 | 10 | Sales |
| PC2 | G0/2 | 10 | Sales |
| PC3 | G0/1 | 20 | Tech |
| PC4 | G0/3 | 20 | Tech |
The switch now behaves as if it was two separate virtual switches.
This simple setup shows you what is a VLAN and how does it work in practice, with devices isolated into logical groups.
Now, look at the diagram below:
Here, PC1 tries to send a frame to PC2.
Since both are in VLAN 10, the switch forwards the frame without any problem.
Devices in the same VLAN can communicate directly.
This time, PC3 sends a frame to PC4.
Again, both are in VLAN 20, so the switch forwards the frame inside VLAN 20.
Traffic stays inside its VLAN and cannot reach other VLANs.
But what happens if PC1 tries to talk to PC3?
Since they are in different VLANs, the switch looks at the VLAN ID and refuses to forward the frame.
Each VLAN is isolated by default, so traffic cannot cross from one VLAN to another.
A VLAN completely isolates traffic from other VLANs by default.
🔹 Key Points:
- Devices in the same VLAN can communicate.
- Devices in different VLANs are isolated unless routing is configured.
- Broadcasts stay inside their VLAN and are not forwarded elsewhere.
VLANs work at Layer 2 of the OSI model.
To communicate between VLANs, you need a Layer 3 device like a router.
5. Conclusion
Now that you understand what is a VLAN and how does it work, let’s summarize why VLANs are so powerful in modern networks:
- Segment the network logically.
- Improve security by isolating sensitive traffic.
- Reduce broadcast traffic, improving performance.
In the next lessons, we will see how to configure VLANs on a Cisco switch and how to verify VLAN configurations step-by-step.