Network communications domain that is isolated at the data link layer
This article needs additional citations for verification. Please help improve this article by adding citations to reliable sources. Unsourced material may be challenged and removed. Find sources: "VLAN" – news · newspapers · books · scholar · JSTOR(January 2014) (Learn how and when to remove this message)
OSI model by layer
7. Application layer
NNTP
SIP
SSI
DNS
FTP
Gopher
HTTP (HTTP/3)
NFS
NTP
SMPP
SSH
SMTP
SNMP
Telnet
DHCP
NETCONF
more....
6. Presentation layer
MIME
XDR
ASN.1
ASCII
TLS
PGP
5. Session layer
Named pipe
NetBIOS
SAP
PPTP
RTP
SOCKS
X.225[1]
4. Transport layer
TCP
UDP
SCTP
DCCP
QUIC
SPX
3. Network layer
IP
IPv4
IPv6
ICMP (ICMPv6)
IPsec
IGMP
IPX
IS-IS
AppleTalk
X.25
PLP
2. Data link layer
ATM
ARP
SDLC
HDLC
CSLIP
SLIP
GFP
PLIP
IEEE 802.2
LLC
MAC
L2TP
IEEE 802.3
Frame Relay
ITU-T G.hn DLL
PPP
X.25 LAPB
Q.922 LAPF
IEEE 802.11
1. Physical layer
RS-232
RS-449
ITU-T V-Series
I.430
I.431
PDH
SONET/SDH
PON
OTN
DSL
IEEE 802.3
IEEE 802.11
IEEE 802.15
IEEE 802.16
IEEE 1394
ITU-T G.hn PHY
USB
Bluetooth
v
t
e
A virtual local area network (VLAN) is any broadcast domain that is partitioned and isolated in a computer network at the data link layer (OSI layer 2).[2][3] In this context, virtual refers to a physical object recreated and altered by additional logic, within the local area network. VLANs work by applying tags to network frames and handling these tags in networking systems – creating the appearance and functionality of network traffic that is physically on a single network but acts as if it is split between separate networks. In this way, VLANs can keep network applications separate despite being connected to the same physical network, and without requiring multiple sets of cabling and networking devices to be deployed.
VLANs allow network administrators to group hosts together even if the hosts are not directly connected to the same network switch. Because VLAN membership can be configured through software, this can greatly simplify network design and deployment. Without VLANs, grouping hosts according to their resource needs the labor of relocating nodes or rewiring data links. VLANs allow devices that must be kept separate to share the cabling of a physical network and yet be prevented from directly interacting with one another. This managed sharing yields gains in simplicity, security, traffic management, and economy. For example, a VLAN can be used to separate traffic within a business based on individual users or groups of users or their roles (e.g. network administrators), or based on traffic characteristics (e.g. low-priority traffic prevented from impinging on the rest of the network's functioning). Many Internet hosting services use VLANs to separate customers' private zones from one other, allowing each customer's servers to be grouped in a single network segment no matter where the individual servers are located in the data center. Some precautions are needed to prevent traffic "escaping" from a given VLAN, an exploit known as VLAN hopping.
To subdivide a network into VLANs, one configures network equipment. Simpler equipment might partition only each physical port (if even that), in which case each VLAN runs over a dedicated network cable. More sophisticated devices can mark frames through VLAN tagging, so that a single interconnect (trunk) may be used to transport data for multiple VLANs. Since VLANs share bandwidth, a VLAN trunk can use link aggregation, quality-of-service prioritization, or both to route data efficiently.
^"X.225 : Information technology – Open Systems Interconnection – Connection-oriented Session protocol: Protocol specification". Archived from the original on 1 February 2021. Retrieved 10 March 2023.
A virtual local area network (VLAN) is any broadcast domain that is partitioned and isolated in a computer network at the data link layer (OSI layer 2)...
Private VLAN, also known as port isolation, is a technique in computer networking where a VLAN contains switch ports that are restricted such that they...
VLAN hopping is a computer security exploit, a method of attacking networked resources on a virtual LAN (VLAN). The basic concept behind all VLAN hopping...
VLAN Trunking Protocol (VTP) is a Cisco proprietary protocol that propagates the definition of Virtual Local Area Networks (VLAN) on the whole local area...
other similar devices to register and de-register attribute values, such as VLAN identifiers and multicast group membership across a large local area network...
used as the basis of 802.1Q VLAN tagging, encapsulating packets from VLANs for transmission multiplexed with other VLAN traffic over an Ethernet trunk...
The VLAN Query Protocol (VQP) was developed by Cisco and allows end-devices on LANs to be authenticated via their MAC address and an appropriate VLAN attributed...
different VLANs uses different links. Before the IEEE published a Spanning Tree Protocol standard for VLANs, a number of vendors who sold VLAN capable switches...
A VLAN Management Policy Server (VMPS) is a network switch that contains a mapping of device information to VLAN. The primary goal of VMPS is VLAN assignment...
on a switch. VLANs divide broadcast domains in a LAN environment. Whenever hosts in one VLAN need to communicate with hosts in another VLAN, the traffic...
Compared to single-tagged IEEE 802.1Q VLANs which provide a limited number of layer-2 VLANs (4094, using a 12-bit VLAN ID), VXLAN increases scalability up...
single physical or logical connection to a network. It is a method of inter-VLAN routing where one router is connected to a switch via a single cable. The...
provides both simple and full connectivity assigned to any given virtual LAN (VLAN) throughout a bridged local area network. MSTP uses bridge protocol data...
A VLAN access control list (VACL) provides access control for all packets that are bridged within a VLAN or that are routed into or out of a VLAN. Unlike...
elements, such as firewalls and load balancers Networks, such as virtual LANs (VLANs) and containers such as virtual machines (VMs) Network storage devices Network...
via quality of service (QoS), and their ability to segregate traffic with VLANs. At the higher network layers, protocols such as NetBIOS, IPX/SPX, AppleTalk...
systems commonly used by police agencies. In the form of link aggregation and VLAN tagging, trunking has been applied in computer networking. A trunk line is...
Hierarchical VLAN (HVLAN) is a proposed Ethernet standard that extends the use of enterprise Ethernet VLAN (802.1Q) to carrier networks. A number of developments...
Personal (PAN) Near-me Local (LAN) Storage (SAN) Wireless (WLAN) Virtual (VLAN) Home (HAN) Building Campus (CAN) Backbone Metropolitan (MAN) Municipal wireless...
Institute of Electrical and Electronics Engineers, VLANs allow multiple tagged LANs to share common trunking. VLANs frequently comprise only customer-owned facilities...
trunking on a link between two VLAN-aware switches, and for negotiating the type of trunking encapsulation to be used. VLAN trunks formed using DTP may utilize...
to send a copy of network packets seen on one switch port (or an entire VLAN) to a network monitoring connection on another switch port. This is commonly...
802.1ad tag, if present, is a four-octet field that indicates virtual LAN (VLAN) membership and IEEE 802.1p priority. The first two octets of the tag are...
retrieved include: System name and description Port name and description VLAN name IP management address System capabilities (switching, routing, etc.)...