Why do we use VLAN on a Switch.

A Switch can be used to create a broadcast domain. Broadcast domain means a logical division of a computer network, in which all nodes can reach each other by broadcast at the data link layer. To reach all nodes, we need to know the node’s physical address(MAC)and hence we need a Switch. Since Switch operates at the data link layer it can view the MAC address in the data packet. This is the main advantage of using a switch instead of a hub.

Switch can be used to create a single broadcast domain. But when we come to security point of view, broadcasting a data packet to every other nodes in the network can be a issue. Consider working in a company with three divisions- database division, finance division and sales division. If we need to broadcast a data between finance division, if it broadcasted using switch then the data packet reach all the divisions which might cause serious issues(security).Hence to meet this need we need to create different multiple separate broadcast domains for each.

VLANs are used for this purpose. VLAN create many logical subnetworks. This serves the above purpose. A single switch can be configured to create VLAN. The number of broadcast domains are increased with VLANs while the size of each decreases. Broadcast traffic might also affect network performance.

Routers and other upper layer devices can be used to create boundaries for broadcast domain. These devices acts as a broadcast firewall as they break up broadcast domain. Hence switch is suitable to create VLAN.