Segmenting the network with VLANs: why and how
Having everything on the same flat network is convenient… until something gets infected. VLANs limit the damage.
A flat network means any device can talk to any other. If one machine falls, the attacker moves freely across the whole network.
The idea
A VLAN splits a single physical switch into isolated logical networks. Traffic on one doesn't reach the other unless it passes through a router/firewall where you set the rules.
A typical scheme for a small business
- VLAN 10 — Office: workstations.
- VLAN 20 — Servers: restricted access.
- VLAN 30 — Guests / WiFi: internet yes, internal network no.
- VLAN 40 — IoT / cameras: as isolated as possible.
The key
Segmentation only works if the firewall between VLANs denies by default and you only allow the necessary flows (for example, office → server on the specific port, and nothing else).
Segmenting doesn't stop them getting in; it stops them taking everything if they do.
#networking#vlan#segmentation#security