Logically segmenting a physical network into multiple broadcast domains.
A Virtual Local Area Network (VLAN) is a technology that allows a single physical LAN to be partitioned into multiple separate, logical LANs. In a traditional LAN, all devices are in the same broadcast domain, meaning a broadcast message (like an ARP request) sent by one device is received by all other devices on the network. As a network grows, this can lead to excessive broadcast traffic, which consumes bandwidth and CPU resources on every device, degrading performance. VLANs solve this problem by creating multiple broadcast domains on a single switch or across multiple switches. Devices in one VLAN cannot directly communicate with devices in another VLAN, even if they are connected to the same physical switch; it's as if they are on entirely different networks. To communicate between VLANs, a Layer 3 device, such as a router or a multilayer switch, is required. VLANs offer several benefits. They improve performance by reducing broadcast traffic. They enhance security by isolating groups of users (e.g., separating the Finance department's network from the Marketing department's). They also provide greater flexibility in network administration. An administrator can move a user from one logical network to another by simply changing the VLAN configuration on the switch port, without needing to physically move any cables. VLANs are typically configured by assigning ports on a switch to a specific VLAN ID (a number from 1 to 4094).