A VLAN is any broadcast domain that is partitioned and isolated in a computer network at the data link layer (OSI layer 2). VLANs can keep network applications separate despite being connected to the same physical network, and without requiring multiple sets of cabling and networking devices to be deployed.
There are several benefits of using VLAN
Security Enhancement
The data packets of one VLAN will not be sent to another VLAN. This ensures that the information of this VLAN will not be eavesdropped by users of other VLANs. When an ARP attack occurs, all hosts will be affected if no VLAN is divided. With VLAN division, the scope of ARP attack is considerably reduced and limited in single broadcast domain.
Broadcast Control
The VLAN create multiple broadcast domains in the Ethernet switch so the broadcast can be controlled. We can reduce broadcast traffic as each broadcast will be sent on to the relevant VLAN only.
Reduce Costs
With the VLAN that a user is assigned to, no longer depends on the physical location of the network. Employees belonging to the same interest group can be joined in one virtual LAN group, regardless of their physical location
ORing Managed Switches support IEEE802.1Q, it is also known as Tag-Based VLAN. The standard defines a system of VLAN tagging for Ethernet frames. With frame tagging, a tag is appended to every frame that crosses the network backbone.
IEEE802.3 frame with 802.1Q
VLAN implementation in building
