What is a VLAN?
VLAN stands for Virtual Local Area Network. It is a network technology that lets you create virtual networks within one physical network, such as a Switch. Devices can be logically separated even though they are physically connected to the same network device.
With VLANs you can apply network segmentation without additional physical cabling or switches.
🧠 Why use VLANs?
- Network segmentation without extra hardware
- Security: devices belonging to different departments or functions can be separated from each other
- Management: network traffic is easier to organise and monitor
- Performance: broadcast traffic stays within the VLAN
🔧 How does a VLAN work?
Devices on the same VLAN can reach each other directly, as if they were on a dedicated local network. Traffic between different VLANs goes through a Router or Layer 3 Switch, where security measures such as a Firewall can be applied.
Each network port on a Switch can be manually assigned to a specific VLAN ID.
🏭 Application in industrial environments
In industrial networks, VLANs are often used to:
| VLAN | Application |
|---|---|
| VLAN 10 | PLC network (Layer 1–2 in the Purdue Model) |
| VLAN 20 | SCADA and HMI network |
| VLAN 30 | MES or MOMS layer |
| VLAN 40 | Office automation / IT |
| VLAN 50 | Guest network for external suppliers |
🔐 In combination with the zones and conduits model, VLANs can logically reinforce physical Zones and enforce traffic between Zones through Firewalls.
🛡️ VLANs as part of Defence in Depth
Defense in Depth is a cybersecurity strategy in which multiple layers of security work together to protect systems against different types of attack. VLANs form a logical layer of defence here, but on their own they are not enough.
Other layers within Defense in Depth may include:
- Physical security (access control, camera surveillance)
- Firewall and routing rules between VLANs
- Authentication and access management (e.g. RBAC or MFA)
- Monitoring and Logging
- Backups and recovery procedures
- Secure Remote Access with a Jump Server or VPN
🎯 By using VLANs within a broader Defense in Depth concept, you build a robust network in which intruders or errors cannot easily move from one segment to another.
📌 In summary
A VLAN is a virtual network within a physical network, helping to logically separate devices and systems. It is an efficient way to apply security, segmentation and management — both in IT and OT.