VLAN (Virtual Local Area Network)


Q - What is VLAN Network?

VLAN stands for Virtual Local Area Network.
It’s a logical subdivision of a physical network - meaning you can create multiple small networks inside one switch.

Normally, all devices connected to the same switch can "see" each other’s data.
But a VLAN allows you to separate those devices into different virtual groups, even though they are physically connected to the same hardware.

Think of VLANs as “virtual walls” inside a switch that divide one big network into many smaller, secure ones.

Q - How Does a VLAN Work?

(i) VLAN ID: Each VLAN is identified by a number (1–4094).

Example:

  • VLAN 10 → HR Department

  • VLAN 20 → IT Department

  • VLAN 30 → Guest Users

When you assign a port (or device) to VLAN 10, the switch tags the traffic from that port with VLAN ID 10.

(ii) VLAN Tagging: When data (Ethernet frame) travels between switches, it carries a VLAN tag inside the frame header.

This tag includes:

  • VLAN ID

  • Priority info

  • Type info

This process is called 802.1Q tagging and helps switches know which VLAN the traffic belongs to.

=> VLAN and OSI Model:

VLANs operate at Layer 2 (Data Link Layer) of the OSI model.
But communication between VLANs requires a Layer 3 device (Router or Layer 3 Switch) - this is called Inter-VLAN Routing.

=> Inter-VLAN Routing (Communication Between VLANs)

By default, VLANs cannot communicate with each other.
To allow communication (say, between HR and IT), a router or Layer 3 switch is used.

- There are 3 main ways:

  1. Router-on-a-Stick: A single router interface handles multiple VLANs via subinterfaces.

  2. Layer 3 Switch Routing: VLANs are connected directly inside the switch using routing capabilities.

  3. External Routing: VLANs connect through an external router or firewall.

=> Real-Life Example

  • VLAN 10 → HR

  • VLAN 20 → IT

  • VLAN 30 → Sales

  • VLAN 40 → Guest Wi-Fi

Each department’s data stays isolated for security.
But when HR needs to access IT’s database, Inter-VLAN routing allows only controlled communication through a router/firewall.

Comments

Post a Comment

Popular Posts