15. Virtual Local Area Network (VLAN)

VLANs let administrators create separate logical network segments using switches. This means devices can be grouped into different network sections without needing completely separate physical networks.

Devices in the same VLAN communicate as if they are on the same local network, even if they are connected through different switch ports.

VLANs reduce unnecessary broadcast traffic by keeping traffic inside that VLAN. This improves performance and can reduce some attack exposure.

Communication between different VLANs does not happen automatically. It must be specifically allowed and controlled.

VLANs also make network management easier because they can be changed through configuration instead of moving physical cables. They can be set based on switch port, IP subnet, MAC address, or protocol.

VLANs improve segmentation, but they do not guarantee security by themselves. They help reduce risk, but they must be combined with other security controls because attacks like VLAN hopping can still happen.

Main Idea
VLANs create separate logical network segments to control traffic and improve management, but they are only one part of network security.