What is VLAN?
VLAN (Virtual LAN) is a mechanism to divide a large LAN (consisting of very many computers) into multiple smaller logical LANs , or it could be called a separation mechanism for large broadcast domain into several smaller broadcast domains.
Broadcast domain itself is a sphere in which broadcast from a computer spread to all the computers in a LAN network or the network, if you have used the application BBM (BlackBerry Messenger) would be familiar with the term broadcast, which is sending packets simultaneously to all contacts. Broadcast traffic will not be forwarded to another broadcast domain.

So a single VLAN is represents of a single broadcast domain, different broadcast domains certainly different subnets. VLAN included in layer 2 of the OSI.

Why use VLAN?
In single broadcast domain, a PC will send a broadcast at certain times for example when a new PC just connected to the LAN, it send some kind of traffic to all PC so the other PCs can know that there is new PC connected. More computers in a network, the more broadcast traffic that occurs in the network. Of course it will take a lot of bandwidth that will affect network performance. To overcome this, of course by separating a large broadcast domain into several smaller broadcast domains.

real example eg if a switch connects 100 PCs in the LAN, during a broadcast of course each PC will send packets to the PC 99 others, and the other PCs may send broadcast at the same time, of course it will drain a lot of bandwidth. Therefore, we need to separate it to multiple VLAN, maybe 5 VLAN for example. So each VLAN only consists of 20 PCs. Broadcast to 19 PC Vs. broadcast to 99 PC, you will know the difference.

Why not just subnetting?
In fact to separate broadcast domains can be done by subnetting. Yes, it can, then why use VLAN?
In this case there are several factors which using VLAN is more efficient than doing subnetting :

- Save costs.
In general, it's physically a LAN using a single switch. If there are 3 LAN, then it requires 3 switches as well, like this :

According to the picture above, each LAN separated by a router and each LAN is on different broadcast domain. Keep in mind, the router does not forward the broadcast to the other LAN unless there is route configured on router.

While logically using VLANs, as shown like this :

From the picture above shows that by using VLAN, only need to use one switch to separate broadcast domains, no need to add the switch, do not need a router, each has a different VLAN broadcast domain.

 So, with a VLAN, just simply use single switch to separate LAN/Broadcast domain, no need to buy new switches for each LAN, where the switch was not cheap.

- Network security.

If there is a question of "why not just make 3 subnet on single switch?" Yes, it can be separate broadcast domains by configure mutiple subnets for example 192.168.1.0/24, 192.168.2.0/24, and 192.168.3.0/24. Okay you've got 3 LANs, but remember! those 3 LANs are located at the same backbone, that switch of course. All traffic passing through the switch could be seen by other PC is in another subnet, regardless of the traffic coming from the PC on any subnet. Of course your confidential data could be seen by PC users on other subnet. So by using VLANs, each VLAN that will be completely separate from the traffic perspective.

Also at the condition where just use 3 subnets, each PC can be freely moved to another subnet, regardless where subnet that PC was located, it just done by changing IP address of PC. It could be a problem for network security. Generally, in Layer 2 switching, IP address setting is done on the PC, not on the switch. This can be overcome by using VLAN because VLAN is configured on the switch, each interface on the switch will be assigned to a particular VLAN. So in this case if a switch has been configured like this:

• Interface 1 & 2 = VLAN 1 =  192.168.1.0/24 - connected to PC1 & PC2
• Interface 3 & 4 = VLAN 2 =  192.168.2.0/24 - connected to PC3 & PC4
• Interface 5 & 6 = VLAN 3 =  192.168.3.0/24 - connected to PC5 & PC6

Suppose for example PC3 connected to the switch on interface 3, Although the PC3 changing its IP address to 192.168.1.0/24, PC3 will not be able to communicate with PC1 because PC3 is in VLAN 2 while PC1 in VLAN 1.

To be able to perform inter-VLAN communication, it requires a Layer 3 device such as a router or Layer 3 switch (to be discussed in the next article).