How VLAN Works

Virtual local area networks, or VLANs, have become important as network complexity has exceeded the capacity of typical local area networks (LANs). Originally, a LAN connected a group of computers and associated devices to a server via cables in a shared physical location (hence the term “local”). Many LANs now connect devices via wireless internet, rather than Ethernet, although most LANs use a combination of both connectivity types. Over time, organizations have grown in their networking needs, requiring solutions that enable networks to grow in size, flexibility, and complexity.

VLANs circumvent the physical limitations of a LAN through their virtual nature, allowing organizations to scale their networks, segment them to increase security measures, and decrease network latency.

What is a VLAN and what is its purpose?

In essence, a VLAN is a collection of devices or network nodes that communicate with one another as if they made up a single LAN, when in reality they exist in one or several LAN segments. In a technical sense, a segment is separated from the rest of the LAN by a bridge, router, or switch, and is typically used for a particular department. This means that when a workstation broadcasts packets, they reach all other workstations on the VLAN but none outside it.

This simplifies many of the potential complications caused by LANs, including excessive network traffic and collisions. When two workstations send data packets at the same time on a LAN connected via a hub, the data collides and is not transmitted properly. The collision propagates through the entire network, meaning that the LAN is busy and requires users to wait until the collision has been fully transferred throughout the network before it is operable again—at which point the original data must be resent.

VLANs reduce the incidence of collisions and decrease the number of network resources wasted by acting as LAN segments. Data packets sent from a workstation in a segment are transferred by a bridge or switch, which will not forward collisions but will send on broadcasts to every network devices. For this reason, segments are called “collision domains” because they contain collisions within the bounds of that section.

However, VLANs have more functionality than even a LAN segment because they allow for increased data security and logical partition. Remember, a VLAN acts as a single LAN although it only makes up a segment. This means that the broadcast domain of a VLAN is the VLAN itself, rather than each network segment. Additionally, the partitions do not have to be defined by the physical location of the network devices. They can be grouped instead by department, project team, or any other logical organizational principle.

Why would you use a VLAN? 

Organizations benefit greatly from the advantages of VLAN usage, including increased performance, more flexibility in network configuration and workgroup formation, and reduced administrative efforts.

  • VLANs are cost-effective, because workstations on VLANs communicate with one another through VLAN switches and don’t require routers unless they are sending data outside the VLAN. This empowers the VLAN to manage an increased data load because, while switches have fewer capabilities than a router, routers cause bottlenecks. VLANs do not need to forward information through a router to communicate with devices within the network, decreasing overall network latency.
  • VLANs offer more flexibility than nonvirtual networking solutions. VLANs can be configured and assigned based on port, protocol, or subnet criteria, making it possible to alter VLANs and change network design when necessary. Furthermore, because VLANs are configured on a basis outside their physical connection to hardware or proximity to other devices, they allow for groups who collaborate—and presumably transfer a great deal of data to one another’s devices—to share a VLAN even if they work on separate floors or in different buildings.
  • VLANs decrease the amount of administrative oversight required by network overseers like managed services providers (MSPs). VLANs allow network administrators to automatically limit access to a specified group of users by dividing workstations into different isolated LAN segments. When users move their workstations, administrators don’t need to reconfigure the network or change VLAN groups. These factors decrease the amount of time and energy administrators must devote to configuration and security measures.

What is an example of a VLAN?

Many organizations have a WAN (wide area network) due to their expansive offices and large teams. In these scenarios, having multiple VLANs would greatly expedite network operations. Often, large companies work on cross-functional projects. The ease of configuring VLANs—and redistributing users to VLANs—makes it possible to put even interdepartmental teams on the same VLAN to facilitate a high volume of data sharing. Marketing, sales, IT, and business analysts can work together to achieve high-stakes objectives most efficiently when network segmentation facilitates flexible teamwork.

While VLANs have their own complications, such as VLAN mismatches, MSPs who know how to configure a VLAN properly can leverage their powerful network segmentation benefits to make their clients’ networks faster and more secure while giving them physical flexibility. As all networks evolve over time, MSPs who know how to conduct VLAN maintenance and check device distribution can increase and sustain network performance.

Check out these blog posts to learn more:

Network Map Creation: 5 Simple Steps

Network Visibility: A Complete Guide

7 Best Practices for Network Documentation

Want to stay up to date?

Get the latest MSP tips, tricks, and ideas sent to your inbox each week.

Loading form....

If the form does not load in a few seconds, it is probably because your browser is using Tracking Protection. This is either an Ad Blocker plug-in or your browser is in private mode. Please allow tracking on this page to request a trial.

Note: Firefox users may see a shield icon to the left of the URL in the address bar. Click on this to disable tracking protection for this session/site