A VLAN (Virtual Local Area Network) is a logical segmentation of a physical network. Devices in different VLANs behave as if they are on separate networks.
- Improves network security
- Reduces broadcast traffic
- Better performance
- Logical separation without extra hardware
Without VLANs, separate switches are required for each department. VLANs allow multiple departments to share the same switch while remaining isolated.
An access port carries traffic for only one VLAN. End devices like PCs and printers connect to access ports.
A trunk port carries traffic for multiple VLANs using VLAN tags. It is commonly used between switches.
IEEE 802.1Q is the standard used for VLAN tagging. It adds VLAN information to Ethernet frames on trunk links.
- VLAN 10 – Administration
- VLAN 20 – Doctors / Staff
- VLAN 30 – Laboratory Systems
- VLAN 40 – Guest Wi-Fi