Virtual LAN (VLAN)

A Virtual LAN (VLAN) is a logical subdivision of a physical network that groups devices into separate broadcast domains regardless of their physical location. VLANs are configured on managed switches and routers; devices on different VLANs cannot communicate directly with each other without passing through a router or firewall, even if they share the same physical cabling or wireless infrastructure. This isolation makes VLANs useful for separating traffic by function, security requirements, or trust level.

VLANs are identified by a numeric tag (1–4094) defined in the IEEE 802.1Q standard. A single network switch port can carry traffic for multiple VLANs (a “trunk” port) or be assigned to exactly one VLAN (an “access” port).

In This Home

The home LAN uses VLANs to segment traffic by trust level. The most significant is the IoT VLAN, which isolates smart home devices — ESPHome boards, the Enphase IQ Gateway, and other connected devices — from the main network, limiting the blast radius if any IoT device is compromised.

Home Documentation

Explorer

Virtual LAN (VLAN)

Virtual LAN (VLAN)

In This Home

Graph View

Table of Contents

Backlinks