29. Virtual Local Area Network (VLAN) Segmentation

VLANs are logical separations inside a switch. Their main use is to reduce broadcast traffic, but they are also used to separate network segments.

A VLAN can be configured either to communicate with other VLANs or to stay isolated from them.

Common uses include separating VoIP traffic from normal corporate traffic, isolating data center traffic from the rest of the network, and separating sensitive departments such as payroll from other users.

Routing rules can be used so only specific VLANs are allowed to reach certain servers or resources.

VLANs are also used with NAC to decide whether a device is placed on the corporate network or a guest network.

In large networks, VLANs help control broadcast traffic by dividing the network based on department, location, building, or other needs.

Main Idea
VLANs logically divide a network to reduce broadcast traffic, separate different types of traffic, and control which groups can access each other.