Virtual LAN (VLAN)

What is VLAN?

VLAN (Virtual LAN) is a technology that allows a single L2 switch to be divided into multiple logical virtual L2 switches (L2 segments). Additionally, multiple physical switches can be combined and treated as a single physical switch, which can then be divided into multiple virtual L2 segments. The individual virtual L2 segments configured using VLAN technology are also referred to as VLANs.

There are two main reasons to divide a network into multiple L2 segments:

1. Limiting the Broadcast Domain:
   A broadcast domain refers to the range in which broadcast frames (sent to all hosts) can propagate, which corresponds to an L2 segment. If the broadcast domain is too large, the number of broadcast frames each host must process increases, consuming unnecessary CPU and other resources.
2. Enhancing Security:
   By placing hosts with different security levels in separate L2 segments, direct communication between them is prevented, requiring communication to pass through a router. By configuring appropriate security settings on the router, the overall security of the communication can be improved.

VLAN technology first appeared in the mid-1990s and is now widely adopted in data centers and corporate internal networks. A common network structure involves connecting numerous L2 access switches (for servers and endpoints) to a smaller number of higher-level aggregation switches, which are then connected to VLAN-capable routers or L3 switches. Using VLANs, virtual segments can be created, and inter-segment routing can be achieved with simple configuration changes, without physically altering the network setup or rewiring connections. This technology, along with the integrated network management features of PCs standardized during the same period, has significantly contributed to the evolution of the internet and corporate networks.