TechnicalDiscussion

N4N003: What’s a VLAN?

This episode explains VLANs (Virtual Local Area Networks) as a technology for segmenting networks into separate broadcast domains using 802.1Q tags with 12-bit VLAN identifiers (1-4094). The hosts discuss how VLANs enable network segmentation, inter-VLAN communication through routers, traffic filtering using access lists, and modern alternatives like VXLAN that use VNIs for larger-scale deployments.

Summary

Ethan Banks and Holly Mitlitsky explain that VLANs are virtual local area networks operating at Layer 2 (Ethernet frames), evolving from the physical LAN concept where devices shared a common wire or hub. VLANs allow multiple logical network segments to exist within a single physical switch or span across multiple switches using VLAN tags.

The core technical mechanism involves the 802.1Q tag, a 32-bit tag inserted into Ethernet frames containing a 12-bit VLAN identifier field, allowing 4,094 usable VLAN IDs (0 and 4095 are reserved). By default, switches come configured with VLAN 1 as the native/default VLAN, where all ports are members unless otherwise configured. Access ports belong to a single VLAN without tagging, while trunk (or tagged) ports carry frames from multiple VLANs with tags attached.

The hosts explain broadcast domains as the key concept—each VLAN creates a separate broadcast domain, preventing broadcast frames in one VLAN from reaching hosts in another. This is demonstrated through the ARP (Address Resolution Protocol) process, where hosts use broadcasts to discover MAC addresses within their VLAN. The segmentation provides security boundaries by default preventing inter-VLAN communication unless explicitly enabled through routers or Layer 3 switches.

Communication between VLANs requires routing, which modern Layer 3 switches can perform by decapsulating frames into IP packets, routing them to the destination VLAN, and reencapsulating them. The hosts discuss traffic control mechanisms including port access lists, VLAN access lists, private VLANs (which can completely isolate hosts from each other except through a router port), and firewalls for more sophisticated inter-VLAN filtering.

The episode concludes with VXLAN (Virtual Extensible LAN) as a modern evolution that maps VLANs to Virtual Network Identifiers (VNIs), dramatically expanding from 4,094 to approximately 16 million identifiers to address scalability limitations in large enterprise and datacenter deployments.

About this episode

Today we explore Virtual Local Area Networks (VLANs). This topic was prompted by a question from college student Douglas. We&#8217;ll explain the fundamental concepts of VLANs, such as their role in segmenting and managing network traffic, and the technical details for implementation. We&#8217;ll also address key topics including VLAN tags, access and trunk ports, and<a class="excerpt-read-more" href="https://packetpushers.net/podcasts/n-is-for-networking/n4n003-whats-a-vlan/" title="ReadN4N003: What&#8217;s a VLAN?">... Read more &#187;</a>

Key Insights

  • The hosts explain that VLANs evolved from physical LAN architectures where all devices shared a common wire or hub, progressing to virtual segments enabled by switching technology.
  • Ethan and Holly establish that VLAN tagging happens at the Ethernet frame header level (Layer 2), not at the IP packet level, using the 802.1Q standard which reserves only 4,094 usable VLAN IDs from a theoretical 4,096 possible values.
  • The hosts clarify terminology differences across vendors: Cisco uses 'native VLAN' and 'trunk port' while Juniper uses different naming, but the concepts remain functionally identical.
  • Holly identifies that broadcast domains are the key operational concept—broadcasts from one VLAN are not visible to hosts in other VLANs, creating isolated communication scopes for ARP and other broadcast protocols.
  • Ethan explains that access ports carry untagged frames belonging to a single VLAN, while trunk/tagged ports add VLAN tags to frames traversing them, enabling frame identification across shared links.
  • The hosts note that by default, hosts within the same VLAN can communicate with each other, but this can be restricted using access lists, VLAN access lists, private VLANs, or firewall rules.
  • Ethan and Holly establish that inter-VLAN communication requires routing, where Layer 3 switches decapsulate frames to IP packets, route them to destination VLANs, and reencapsulate them for delivery.
  • Holly identifies VXLAN as addressing VLAN scalability limitations by mapping VLANs to Virtual Network Identifiers, expanding capacity from 4,094 to 16 million identifiers for larger enterprise deployments.

Topics

VLAN fundamentals and Layer 2 frame tagging802.1Q tag format and 12-bit VLAN identifiersAccess ports versus trunk/tagged portsBroadcast domains and VLAN segmentationARP protocol and MAC address resolution within VLANsNative VLAN and default VLAN conceptsInter-VLAN routing and Layer 3 switchesTraffic filtering with access listsPrivate VLANs for host isolationVXLAN and Virtual Network Identifiers for datacenter scaling

Transcript

Welcome to N is for Networking, the short, sharp podcast where we explain the jargon, acronyms, and concepts of the networking industry in plain language. I'm your co-host, Ethan Banks, a grumpy old network engineer who's been pushing packets around since the 90s. And with me is co-host Holly Metlitsky, a university grad with a master's degree working in the networking industry, but still somewhat new to the scene. In this episode of NS for Networking, we are going to discuss another question from my friend Douglas, who sent in a whole list of questions for us, Douglas did. Douglas is a college student right now, and he asks, what are VLANs and how do they help manage network traffic?…

Full transcript available for MurmurCast members

Sign Up to Access

More from The Everything Feed - All Packet Pushers Pods

Get AI summaries like this delivered to your inbox daily

Get AI summaries delivered to your inbox

MurmurCast summarizes your YouTube channels, podcasts, and newsletters into one daily email digest.