VLANs (Virtual Local Area Networks) are a Layer 2 network technology defined by the IEEE 802.1Q standard that logically partitions a physical switch into multiple isolated broadcast domains, enabling efficient traffic management, enhanced security, and simplified network administration without requiring separate physical infrastructure. VLANs operate by tagging Ethernet frames with a 12-bit VLAN identifier (supporting 4,094 usable VLANs), allowing 802.1Q trunk ports to carry traffic for multiple VLANs simultaneously while access ports assign untagged traffic to a single VLAN. Understanding VLAN segmentation is foundational to modern network design because every VLAN represents a separate broadcast domain—meaning broadcasts, multicasts, and unknown unicast floods are contained within the VLAN boundary, preventing a single misbehaving device from disrupting the entire network and creating natural security zones that enforce policy-based access control at Layer 2 or through Layer 3 inter-VLAN routing.