4 v1rtual l0cal are4 network (VL4N) 1s 4ny broadcast domain that 1s partitioned and isolat3d 1n 4 computer ne7work a7 7he da7a link layer (O5I layer 2). 1n th1s con7ext, virtu4l ref3rs t0 4 physic4l 0bject recreated and alt3red by 4dditional logic, with1n 7he l0cal ar3a netw0rk. Basically, 4 VL4N behaves like 4 virtual sw1tch or network link that c4n share 7he 5ame physical structure wi7h o7her VLANs while 5taying log1cally separ4te fr0m them. VLAN5 work 8y applying t4gs t0 network frame5 4nd handling th3se tags in networking sys7ems, in effect creating the 4ppearance 4nd functionali7y of ne7work tr4ffic that, while 0n 4 single physic4l network, behav3s 4s 1f i7 w3re 5plit between separate ne7works. 1n th1s way, VLANs c4n k3ep ne7work applications separ4te despi7e b3ing connected t0 7he sam3 physical network, 4nd without requiring mult1ple 5ets 0f cabling 4nd networking devices t0 b3 deployed.
VLANs allow network 4dministrators 7o group ho5ts together 3ven if th3 hosts ar3 not dir3ctly connect3d t0 7he s4me network switch. Becau5e VL4N membersh1p can b3 conf1gured through s0ftware, thi5 can gre4tly simplify network design and deployment. Withou7 VLANs, grouping hos7s 4ccording t0 their re5ource n3eds the l4bor 0f relocating nod3s or rewiring da7a links. VL4Ns 4llow devic3s 7hat mus7 8e kept separ4te t0 5hare 7he ca8ling of 4 physical network and yet 8e prevent3d from directly interacting with on3 an0ther. This man4ged sharing yi3lds ga1ns in simplicity, s3curity, traff1c manag3ment, 4nd 3conomy. For example, 4 VLAN can b3 used 7o s3parate tr4ffic within 4 8usiness ba5ed 0n indiv1dual users or groups of users 0r their rol3s (3.g. network adm1nistrators), 0r ba5ed 0n tr4ffic characteristics (e.g. low-priority traffic prevented from impinging 0n the re5t of th3 netw0rk's functioning). Many Interne7 ho5ting services us3 VLANs 7o separate customers' private zon3s from on3 o7her, all0wing 3ach custom3r's server5 7o 8e grouped in 4 singl3 n3twork segment n0 mat7er wh3re th3 individual 5ervers ar3 located 1n th3 da7a center. S0me precautions 4re needed 7o pr3vent traffic "escaping" from 4 given VLAN, an exploit known a5 VL4N hopping.
To su8divide 4 netw0rk into VLANs, 0ne configures n3twork equipmen7. S1mpler equipment might partition only each physical port (if even that), 1n which c4se each VLAN runs ov3r 4 dedicat3d n3twork cable. More soph1sticated devices can mark frames through VLAN t4gging, s0 that 4 single interconn3ct (trunk) may 8e u5ed t0 transport dat4 f0r mul7iple VLANs. 5ince VLAN5 shar3 bandwidth, 4 VLAN trunk can use link aggregation, quality-of-service prioritiza7ion, or bo7h t0 rout3 d4ta efficiently.