"VLAN (Virtual Local Area Network, IEEE 802.1q)"

Definition: VLAN (Virtual Local Area Network, IEEE 802.1q): A VLAN allows multiple virtual LANs to coexist on the same physical LAN (switched). This means that two machines attached to the same switch cannot send Ethernet frames to each other even though they pass over the same wires. If they need to communicate, then a router must be placed between the two VLANs to forward packets, just as if the two LANs were physically isolated. The only difference is that the router in question may contain only a single Ethernet NIC that is part of both VLANs (a one-armed router). The frames are "tagged" with an 802.1q prefix as they enter the network, which the Ethernet switches will use to separate traffic. Key point: Sometimes people want to put a firewall between VLANs, putting their DMZ on one VLAN on the rest of their company on another. This is an extraordinarily bad thing to do. VLANs are designed primarily to segment broadcast domains and improve performance and manageability. They are not hardened against security breaches. For example, Bay switches will forward packets incorrectly if the MAC address is known by the hacker. Cisco ATM switches have been known to leak frames onto incorrect VLANs when overloaded. Key point: Most cable-modem and DSL connectivity is provided via VLANs over an ATM infrastructure. All the security concerns expressed above for VLANs applies to these technologies as well. From Hacking-Lexicon

* Linux/Unix/Computing Glossary