VLAN (Virtual Local Area Network) allows a physical network to be divided into several logical networks. Each of these logical networks acts as an independent LAN with its own broadcast domain. As a result, devices in different VLANs cannot communicate directly with each other, even if they are connected to the same physical switch.
A physical LAN separates networks physically using separate cables and switches. This method is often cumbersome, expensive, and inflexible, especially in large or dynamically growing organizations. VLANs offer the possibility of dividing a physical network into several logical segments without changing the physical infrastructure. This increases the flexibility and efficiency of network usage and allows administrators to easily manage network segments via software.
Example: In an office building, a single switch can support multiple VLANs, such as one VLAN for employee PCs, one for IP telephony, and one for visitors. Although these networks are physically connected to the same switch, they are logically separated and can have different security policies and access rights.
VLANs provide improved security by segmenting the network into isolated parts. This prevents sensitive information within one segment from reaching other network areas. An example of this is a separate VLAN for guest access (Guest WiFi). Visitors to a company thus have access to the internet, but not to the internal corporate network. This protects sensitive company data from unauthorized access.
