Why VLANs Matter: Unlocking Network Efficiency and Security

VLAN (Virtual Local Area Network) is a technology that logically divides a physical LAN into multiple broadcast domains.

Why VLANs Are Needed

Early Ethernet used CSMA/CD as a shared medium, which caused severe collisions, broadcast storms, and performance degradation as the number of hosts grew. Layer‑2 devices could interconnect LANs but could not isolate broadcasts or improve network quality.

VLAN technology partitions a LAN into multiple logical VLANs, each acting as a separate broadcast domain. Hosts within the same VLAN communicate as if on a single LAN, while traffic between VLANs is isolated, limiting broadcasts to their own VLAN.

VLAN advantages include:

Restricting broadcast domains, saving bandwidth and improving processing capacity.

Enhancing LAN security by isolating traffic between different VLANs.

Increasing network robustness; faults are confined to a single VLAN.

Flexibly building virtual workgroups without being tied to physical locations.

VLAN vs Subnet

Subnets further divide the IP address space to improve address utilization and flexibility. Like VLANs, subnets can isolate host communication, but there is no mandatory one‑to‑one correspondence between VLANs and subnets.

VLAN Tag and VLAN ID

To let switches differentiate VLAN traffic, a VLAN tag (IEEE 802.1Q) adds a 4‑byte identifier to Ethernet frames.

The VID field in the frame identifies the VLAN; valid VLAN IDs range from 1 to 4094 (0 and 4095 are reserved).

Switches process tagged frames, while connected devices such as hosts or servers typically send untagged frames. The switch adds or removes VLAN tags based on the port's default VLAN (PVID).

VLAN Interface Types and Tag Handling

Different interface types allow switches to handle multiple VLANs across various connection scenarios. Huawei devices commonly define three types: Access, Trunk, and Hybrid.

Access Interface

Used for endpoints that cannot recognize tags (e.g., hosts, servers). It mainly sends and receives untagged frames, adding a single VLAN tag (the default VLAN) to outgoing frames and stripping tags from incoming frames when the VID matches the PVID.

Trunk Interface

Connects switches, routers, APs, and voice terminals that can handle both tagged and untagged frames. It forwards multiple VLAN tags but sends frames belonging to the native (default) VLAN without a tag.

Hybrid Interface

Combines features of Access and Trunk, allowing selective tagging or untagging of frames per VLAN. It is required in scenarios such as flexible QinQ, where outer VLAN tags must be stripped before entering the customer network.

VLAN Use Cases

Layer‑2 Isolation Between Users

In a multi‑tenant office building, each company can be placed in a separate VLAN, isolating traffic and providing independent virtual workgroups.

Similarly, departments within a company can be assigned distinct IP subnets and mapped to VLANs, ensuring consistent access permissions even when employees relocate.

Layer‑3 Inter‑VLAN Routing

When users in different VLANs need to communicate, a Layer‑3 switch can provide routing via VLAN interfaces (VLANIF), enabling inter‑VLAN traffic.

Related Protocols

IEEE 802.1Q (Dot1q) – defines VLAN tagging.

Link‑type Negotiation Protocol (LNP) – negotiates Access or Trunk link types.

QinQ (802.1ad) – stacks an additional 802.1Q tag to extend VLAN space, enabling private VLANs to traverse public networks.

Challenges of VLANs in Cloud Environments

Cloud computing demands high scalability and flexible VM migration. Traditional VLANs are limited to 4096 IDs and have small, fixed Layer‑2 domains, making them unsuitable for large data‑center tenant isolation.

VXLAN (Virtual Extensible LAN) addresses these limitations by encapsulating MAC frames in UDP, providing up to 16 million virtual networks (VNI) and creating a virtual Layer‑2 fabric over an IP backbone, thus supporting large‑scale, dynamic VM migration.

Source: https://info.support.huawei.com/info-finder/encyclopedia/zh/VLAN.html Edited by: Network Engineer "A‑Long"