What is a VLAN?

VLANs (Virtual LANs) are the logical grouping of devices in same broadcast domain. VLANs are usually configured on switch by placing some interface into one broadcast domain and some interfaces into another broadcast domain. Each VLANs acts as a subgroup of the switch port in an Ethernet LANs.

VLANs can spread across multiple switch, and with each VLAN being treated as own subnet or broadcast domain. 

This means that frame broadcasted into network will be switched only between the ports within same VLAN.

A VLAN acts like physical LAN, but it allow host to be grouped together in same broadcast domain even if they aren't connected to the same switch. Here are the main reasons why VLAN is used:

·         VLAN increase number of broadcast domains while decreasing their size.

·         VLANs reduce security risk by reducing number of host that the receive copies of frames that the switch flood.

·         you can keep host that hold sensitive information on separate VLAN to improve security.

·         We can create more flexible network design group users by department instead of by physical location.

·         network change are achieve with ease by just configuring a port into a appropriate VLAN.

 to below topology shows a network with hosts inside the same VLAN:-

Without VLAN, a broadcast sent from host A and will reach all device on the network. Each device will receive and process broadcast frame, increasing CPU overhead on each device and reducing the overall security of  network.

By placing interface on both switches into a separate VLAN, a broadcast frame forward from host A will reach only device inside the same VLAN, since every VLAN is separate broadcast domain. Hosts in other VLAN will not even be aware to that communication took place. 

This is shown in the below example:

NOTE
To reach host in a different VLAN, a router is needed.