Each VLAN is its own broadcast domain where each computer in it can talk directly to each other computer in it, without being restricted by the network infrastructure. In order to communicate with a computer in another VLAN, your computer’s data has to pass through a router, which has the capability of restricting the data in various ways.
It is far easier to restrict access between VLANs than to restrict access between computers in the same VLAN. That’s where the security benefits come from, but it’s not required that any restrictions exist.
Latest Answers