What is a Virtual LAN (VLAN)?

Colorful Ethernet cables
Henrik5000/Getty Images

A virtual LAN (Local Area Network) is a logical subnetwork that can group together a collection of devices from different physical LANs. Larger business computer networks often set up VLANs to re-partition their network for improved traffic management.

Several different kinds of physical networks support virtual LANs including both Ethernet and Wi-Fi.

Benefits of a VLAN

When set up correctly, virtual LANs can improve the overall performance of busy networks.

VLANs are intended to group together client devices that communicate with each other most frequently. The traffic between devices split across two or more physical networks ordinarily needs to be handled by a network's core routers, but with a VLAN that traffic can be handled more efficiently by network switches instead.

VLANs also bring additional security benefits on larger networks by allowing greater control over which devices have local access to each other. Wi-Fi guest networks are often implemented using wireless access points that support VLANs.

Static and Dynamic VLANs

Network administrators often refer to static VLANs as “port-based VLANs.”  A static VLAN requires an administrator to assign individual ports on the network switch to a virtual network.  No matter what device plus into that port, it becomes a member of that same pre-assigned virtual network.

Dynamic VLAN configuration allows an administrator to define network membership according to characteristics of the devices themselves rather than their switch port location.

For example, a dynamic VLAN can be defined with a list of physical addresses (MAC addresses) or network account names.

VLAN Tagging and Standard VLANs

VLAN tags for Ethernet networks follow the IEEE 802.1Q industry standard. An 802.1Q tag consists of 32 bits (4 bytes) of data inserted into the Ethernet frame header.

The first 16 bits of this field contain the hardcoded number 0x8100 that triggers Ethernet devices to recognize the frame as belonging to a 802.1Q VLAN. The last 12 bits of this field contain the VLAN number, a number between 1 and 4094.

Best practices of VLAN administration define several standard types of virtual networks:

  • Native LAN: Ethernet VLAN devices treat all untagged frames as belonging to the native LAN by default. The native LAN is VLAN 1, although administrators can change this default number.
  • Management VLAN: Used to support remote connections from network administrators. Some networks use VLAN 1 as the management VLAN while others set up a special number just for this purpose (to avoid conflicting with other network traffic)

Setting up a VLAN

At a high level, network administrators set up new VLANs as follows:

  1. Choose a valid VLAN number
  2. Choose a private IP address range for devices on that VLAN to use
  3. Configure the switch device with either static or dynamic settings.  Static configurations require the administrator to assign a VLAN number to each switch port while dynamic configurations require assigning a list of MAC addresses or user names to a VLAN number.
  4. Configure routing between VLANs as needed. Configuring two or more VLANs to communicate with each other requires the use of either a VLAN-aware router or a Layer 3 switch.

    The administrative tools and interfaces used vary greatly depending on the equipment involved.