What is a VLAN ?

1. Introduction to VLANs

Imagine this:

You’re the network administrator of a company. You walk into a large open-space office where all devices are connected to the same switch.

Now picture this: every time one device sends a broadcast, every single device hears it—HR, Sales, even the printer.


This flood of traffic is chaotic, insecure, and inefficient !

Now think: How can we organize this digital mess so that each department only hears what they need to?


That’s exactly where VLANs come in.

💡 What is a VLAN?

A VLAN (Virtual Local Area Network) is a logical segmentation of a physical network.

Even if all devices are plugged into the same switch, VLANs let you group them by function—not by location.

VLAN Topology 2

This means you can isolate HR and Sales traffic even if their computers are side by side.

Think of a VLAN as a transparent wall between devices.
They’re still physically connected—but their traffic stays separate.

🧠 Let’s use an analogy

Imagine a big office where everyone yells across the room to communicate.
It’s loud. It’s messy. It’s impossible to focus.

Now imagine you install soundproof glass walls:

  • HR people talk only to HR
  • Sales people talk only to Sales
  • Everyone is more productive—and no one hears what they shouldn’t

That’s what VLANs do.
They create digital rooms inside your network.

VLAN Topology 2

2. How Does a VLAN Work?

Now that you understand why VLANs are so useful, let’s explore how they actually work under the hood.

You might be wondering:

“Okay, I get the concept—but how does the network really know which traffic belongs to which VLAN?”

The answer lies in something called VLAN tagging.

🏷️ VLAN Tagging

When a device sends a message on the network, it doesn’t include any VLAN information by default.
So who decides where that traffic belongs?

👉 The switch does.

As the frame enters the switch, the switch adds a small piece of information inside the Ethernet frame: a VLAN tag.

This tag contains a unique number called the VLAN Identifier (VID)—like a label that says,
“This frame belongs to VLAN 10.”

VLAN Identifier

This tag ensures that only devices in the same VLAN can receive that traffic—even if they’re connected to different switches or on different floors.

⚙️ What does the switch actually do?

Let’s take a simple example:

  1. A device on Port 1 sends untagged traffic.
  2. The switch knows that Port 1 belongs to VLAN 10.
  3. It tags the frame with VLAN ID 10.
  4. The tagged frame is forwarded across the network.
  5. Any switch that receives it knows: “Ah, this is VLAN 10 traffic.”

VLAN Identifier Example VLAN 10

This process is invisible to the end user, but it’s crucial for maintaining the VLAN separation.

Note: VLAN tags are only used on trunk links (between switches). End devices never see them.

3. Benefits of VLANs

So far, you’ve seen that VLANs help organize a messy network and keep traffic logically separated.
But what are the actual benefits you’ll notice when you implement them?

Let’s break it down.

🔄 Segmented Communication

VLANs allow devices in the same VLAN to communicate freely—even if they’re connected to different switches, or located on different floors of a building.

For example:

  • All HR devices are assigned to VLAN 10
  • All Sales devices are assigned to VLAN 20

Even though they might be physically far apart, HR devices can communicate with each other as if they were in the same room.
Sales, on the other hand, will only hear from other Sales devices.

VLAN Broadcast Domain

This segmentation is what gives VLANs their power and flexibility.

4. Types of VLANs

Now that you’ve seen how VLANs work and what they bring to your network, let’s look at the different types of VLANs you’ll encounter.

Each one has a specific role, and understanding them will help you design smarter, more secure networks.

Let’s start with the one that comes built-in.

🟡 Default VLAN

When a switch is powered on for the first time, all its ports belong to the Default VLAN.

On Cisco switches, this is VLAN 1.

Think of it as the open space you saw in the beginning—where everyone can talk to everyone by default.

Default VLAN

This makes VLAN 1 convenient for initial setups, but not great for long-term use.

🔐 Best Practice: Avoid using VLAN 1 for regular traffic. It’s often targeted in attacks because it’s always there by default.

Example: Checking the default VLAN

SW1# show vlan brief

VLAN Name     Status    Ports
---- -------- --------- ---------------------------
1   default  active    Gi0/0, Gi0/1, Gi0/2

If you’ve never changed VLAN settings, you’ll likely see all ports listed under VLAN 1.

🟦 Data VLAN

A Data VLAN carries user traffic—things like web browsing, file transfers, or email.

Most of your network activity happens here.

When you create custom VLANs like VLAN 10 for HR or VLAN 20 for Sales, you’re creating Data VLANs.

They allow teams to stay logically grouped, while keeping their traffic separate from others.

Example:

Let’s say:

  • HR is in VLAN 10
  • Sales is in VLAN 20

Even though they share the same switch, their traffic stays in its own lane.

Data VLAN Exemple
  • VLAN 10 (Light Blue): HR devices only
  • VLAN 20 (Light Green): Sales devices only

Best Practice: Name your VLANs clearly and assign them by function. It makes network management way easier.

🛠️ Management VLAN

This VLAN is used only by administrators to manage the network devices.

It carries sensitive traffic like:

  • SSH
  • Telnet
  • SNMP
  • Web UI access

In short, it’s your control room.

You don’t want regular users wandering in here.

Management VLAN

🔐 Keep management traffic isolated from user traffic to prevent unauthorized access or accidental misconfigurations.

Best Practice: Assign a unique VLAN ID to the Management VLAN and use ACLs to restrict who can access it.

🚫 Reserved VLANs

Cisco reserves certain VLAN IDs for legacy technologies that you’ll almost never use today.

These include old systems like FDDI and Token Ring.

VLAN IDNamePurpose
1002fddi-defaultFDDI networks
1003token-ring-defaultToken Ring

You’ll often see these in the VLAN table, but:

⚠️ You can’t delete or modify them
Don’t assign them to your devices

Example:

Switch#show vlan brief VLAN Name Status Ports —- ———— ——— —————————– 1 default active Gi0/0, Gi0/1, Gi0/2, Gi0/3 1002 fddi-default act/unsup 1003 token-ring act/unsup 1004 fddinet act/unsup 1005 trnet act/unsup

In the next Course, we will learn how to configure VLANs on Cisco switches, covering:

  • VLAN creation
  • Port assignment to VLANs
  • Verifying VLAN configurations
Configure VLAN