What are VLANs?
Most consumer routers only have two networks (WAN & LAN).
- WAN (external) having 1 physical interface
- LAN (internal) having 1 – 5 interfaces
Virtual Local Area Network or VLANS are network segmentations.
If your router or switch has VLAN functionality, then you can separate your LAN into multiple segments. They create isolated sections of your network.
How is security improved?
By segmenting your network, you can control what access is allowed between each segment of your network.
With having this control, you have much more granularity in what systems can access other systems.
Another way VLANs improve security is broadcast or flooded unicast traffic is limited to only the VLAN the source is in.
How are VLANs different from Subnets?
VLANs and subnets have similar purposes of separation, but they are done at different layers of the OSI model.
VLANs are a Layer 2 function. This is where network switches live and MAC addresses are used.
Subnets are a Layer 3 function. This is where network routers live and IP addresses are used.
|Layer 7: Application
|Layer 6: Presentation
|Layer 5: Session
|Layer 4: Transport
|Layer 3: Network
|Layer 2: Data Link
|Layer 1: Physical
VLANs do improve security in a network. They provide isolation and access control. This is just one of the many layers you should have in place to make a network secure.