A virtual local area network (VLAN) is precisely what the name implies. It's the same as a physical LAN but in a virtual sense. VLANs are a technology that can be configured on networking infrastructure to create virtual networks that can be separate from one another. Think of it as multiple home networks but with the same equipment. A router can bring VLANs together to allow the sharing of services (printers, network-attached storage (NAS), IoT devices) as well as access to specific hardware on either network. I'll run through some reasons why you may want to consider launching VLANs on your home network.
Create multiple virtual networksA VLAN isn't just good for keeping clients separate from one another, it's also handy for creating a guest network. Perhaps you don't want just anyone hooking up to your home network and discovering everything connected to your LAN. That's where a VLAN comes into play. You can limit precisely how much a VLAN can access on the network, which can help restrict just how much access a particular client has. It's also cheaper. You won't have to purchase multiple routers, switches, and access points. Simply configure the VLAN accordingly and your existing hardware will handle the rest.
Services located on the network can be shared across VLANs, allowing everyone to use the same printer, NAS, and other connected hardware.
Improved security through isolationAnother handy feature of VLANs is bolstered security. VLANs are isolated from one another by design. This helps keep clients separate, depending on which VLAN they're connected to. By enabling a demilitarized zone (DMZ), you can minimize damage from potential attacks and still run web servers and other services that require external access. Running frontend services such as these can open up your LAN to untrusted traffic, which is where a DMZ shines by filtering traffic between the VLAN and the main network. Clients on the LAN can connect to the internet and authorized external access can be permitted to the LAN.
Routers and switches may even allow you to specify which VLANs are used by each port. A VLAN can have an entirely different subnet and a router can be configured to allow traffic between the virtual networks through inter-VLAN routing. But it's worth noting that a VLAN will not protect your network as a whole. Firewalls, access lists, and other security measures should still be used to keep clients safe.
Enhanced reliability for testing and homelabsSomething can go wrong when messing around with technology. It's not usually an issue as troubleshooting and working out a solution is part of the fun, but this sentiment isn't shared by others in the household who may also be affected by downtime. Should your network drop for any reason while attempting to make some changes to the router/firewall, moving physical equipment around, or working on other parts of the LAN, it can cause issues for anyone else attempting to access the internet or other services on the local network. This is where a VLAN can help.
With a VLAN configured for testing and other tasks, you can help keep yourself isolated from active traffic, even though you'll be using the same hardware. A handy tip, especially when looking to run some servers and homelab stuff is to document as much as you can. Having easy reference guides and maps about your network and how everything interconnects is vital for troubleshooting and working on the LAN in the future.
Create your VLAN today!There's a good chance the router you use at home does not support the creation of VLANs. It's usually marketed as a prosumer or business feature and can be found on aftermarket routers and other networking hardware. You can either go DIY with a custom router running software such as
pfSense or use hardware from a brand like
Ubiquiti.
source