The main benefits of using VLANs are that they provide increased flexibility, scalability, and security.
Flexibility. Because a VLAN assigns a user to a broadcast domain based on the port their system is plugged into, additions, moves, and changes are made simple. If you wanted a user to be moved to a different broadcast domain, all you would have to do is reconfigure the port they’re connected to. For example, a user might have been working in Marketing and is now moving to Finance. Instead of moving their physical PC, simply modify the VLAN configuration of the port, changing it from the Marketing VLAN to the Finance VLAN. This flexibility allows you to create logical (rather than physical) groupings of users.
Scalability. VLANs aren’t limited to a single switch. In fact, you can actually have VLANs that span an enterprise organization. For example, you might have groups of users on the 4th, 18th, and 42nd floors all be part of the same VLAN, even though they’re connected to different switches. Taken a step further, VLANs can also be scaled beyond a single location, over a WAN link if necessary.
Security. VLANs provide a greater degree of security than a traditional LAN. Consider the situation where a user from Human Resources might be connected to the same physical segment as a variety of other users. If plugged into a hub, other users could capture the information passed to the HR computer using a protocol analyzer program. By configuring all HR user systems to be in their own VLAN, their traffic remains separate and distinct from other network users. Also, traffic between VLANs can then be more easily controlled using router features such as access lists.
In the above explanation, the groupings of users to VLANs were based on functional departments. This is a popular way to divide traffic on a network, especially if departments have their own servers. Human Resources tends to be particularly good example of a department that might require its own VLAN, based on the sensitive nature of the information they deal with. Separate VLANs are often defined for other purposes as well, including network management and monitoring.
Tip: Remember that when you define additional VLANs, you are actually creating a larger number of smaller broadcast domains.