Techopedia defines this technology as follows:
A virtual local area network (VLAN) is a logical group of workstations, servers, and network devices that appear to be on the same LAN despite their geographical distribution. A VLAN allows a network of computers and users to communicate in a simulated environment as if they exist in a single LAN and are sharing a single broadcast and multicast domain. VLANs are implemented to achieve scalability, security, and ease of network management and can quickly adapt to changes in network requirements and relocation of workstations and server nodes.
Higher-end switches allow the functionality and implementation of VLANs. The purpose of implementing a VLAN is to improve the performance of a network or apply appropriate security features.
Simply put: a VLAN is a group of network devices that interface with each other as if they made up a single LAN, while in reality, they are on one or several LAN segments. Each segment is separated from the rest of the LAN by a switch, router, or bridge. So, when a workstation broadcasts data packets, the upshot of this is that it communicates with all other workstations on the network, but none outside it.
Why is this important?
Let’s talk about LANs for a bit. One of the biggest potential hiccups with a LAN is collision. Here’s what this looks like: Two or more workstations send data packets simultaneously on a LAN connected via a hub; the data collide and, therefore, is not transmitted correctly. The collision spreads throughout the LAN, which busies itself resolving the problem. Users have to wait for the network to clear the issue before it is operational again—and then they have to resend the original data.
VLANs segment the LAN, reducing the number of collisions as well as the number of network devices involved should a crash occur. With a VLAN, workstations send data packets via a bridge or a switch, which do not forward collisions to the LAN at large. Instead, they contain any collision within the segment and are often referred to as “collision domains.”
However, an even more vital feature of a VLAN is its enhanced security. Even though it is a segment of the LAN as a whole, it behaves as though it is a single LAN in and of itself. In short: The broadcast domain of a VLAN is the VLAN itself. As they can be grouped by department, project team, etc., and are not limited to the physical location of the devices, data is contained and can only be accessed by specified users.