VPN vs. VLAN. What’s the Difference?

Updated on: 7 January 2019 SECURITY

The difference can be summed up in two short sentences:

  • A VPN is the method of creating another sub-network over an existing bigger network while VLAN is a subcategory of a VPN
  • VLAN is used to group together computers that aren’t connected or belong to a common domain, while a VPN is usually used to remotely access a company’s own network

Let’s get into more details to better clarify the underlying processes taking place, as well as the relationship between them.

1. What is a VPN?

Simply put, a VPN is an acronym for Virtual Private Network. It uses a public network, the internet for most cases, to connect users together. It can also bring together remote sites on one single network.

A basic VPN network is a system which has a main local area network (LAN for short) located at the headquarters of a certain company, many other remote network points or LANs, and the individual users that connect to these network points from anywhere in the world.

A VPN doesn’t use a dedicated network line of its own. Instead, it works using virtual connections routed over a public or shared infrastructure like the internet or the service provider network.

This way, any VPN subscriber that’s located too far away from the main LAN can still access the subsidiary network points through a virtual connection over the overarching internet.

2. The usual VPN system scenario

Take a look at the following illustration below to see what I’m talking about.

VPN Network Setup

In this case, the ISP designation stands for the backbone infrastructure that is the Internet. It can hold other sub-networks and subsidiary connections. Here, Network A chooses to create a private network that feeds off of the main infrastructure.

The red lines represent the VPN itself.

Network B will connect to the same backbone infrastructure without even knowing that the VPN A does the same, and without interrupting its processes.

Obviously, both parts can coexist peacefully without ever coming into conflict with each other. This is the Internet, the grander infrastructure, that can hold as many sub-networks as possible.

3. Enter, VLAN!

A VLAN is basically a network hub created specifically to bring together many networking devices that exist separately on multiple LAN segments. In other words, a VLAN creates a virtual LAN network to which those separate devices can connect.

These networks are not based on physical connections, but logical ones. This makes the whole process and overall system to be more flexible and grants more freedom when exchanging information with the other devices using the network.

A VLAN network defines the broadcast domains in what is called a Layer 2 network, a subsidiary network that leeches the main infrastructure.

The broadcast domain is the virtual manifestation of all the interconnected devices’ databases. With its help, these devices can communicate, exchange information and share data in real time without the need to be physically close to one another.

Multiple workstations can be grouped more easily even if they belong to different network switches altogether.

VPN Network

The Hub in the above illustration is the VLAN network that is created to maintain a steady shared connection between multiple devices that are not in the same physical space or even close to each other.

You can go even further and create a Layer 3 Router. This makes it possible to send traffic between multiple VLANs while using the same broadcast traffic of a typical VLAN, the shared network that is.

This router uses certain IP subnets to send traffic between the VLANs, and each VLAN has a different IP subnet. For every VLAN, there’s an IP subnet across the network, so the system is built on a symmetrical correspondence.

To put things into perspective, you have the following:

VPN Network Setup

You can see how the Layer 2 switches are used to create many different broadcast domains which are based on the configuration of these switches. Every broadcast domain acts as a virtual bridge.

As such, information from computers belonging to VLAN 10 can be sent seamlessly and more efficiently to the devices belonging to VLAN 20 through with the help of Layer 2 Switches. These switches sent the data to the Layer 3 Router who then sends it forward to the respective Layer 2 Switch at the other end of the network.

4. VPN vs VLAN

While these two concepts are different, they are interrelated to one another. A VLAN is a subcategory of a VPN, as I said in the beginning, but they are aimed for different hierarchical systems.

A VPN can function on a certain range of layers – from Layer 1 to Layer 3. However, a VLAN connection is strictly a Layer 2 construct.

The VLAN is used to group together multiple computers or workstations that are further away from each other and who would otherwise have no way of sharing data and information in real time. Thus, a broadcast domain is created that addresses this need.

However, a VLAN can also be used to create self-restrictive closed sub-networks from a larger network. In this way, computers from different departments use a different portion of the network that is closed to other devices.

In this way, the data pertaining to these specific computers are better protected and kept secure from outside access.

All a VPN does is it allows you to remotely connect to a company’s network resources – its servers. It creates a smaller sub-network on top of the existing bigger network, the Internet infrastructure when compared to VLANs.

VPNs also use many security mechanisms and encryption protocols to shield the user data that’s being trafficked through their network. Access is only granted via username/password-based authentication.

Considering all this, the main differences between a VPN and a VLAN become evident:

  • A VPN saves and keeps the user data from prying eyes while it’s being transmitted over the Internet. No one can track or read it without specific authentication credentials because of the encryption mechanisms used. VLAN networks don’t have any specific encryption protocols in place, but they divide a logical network into different sections to help with management and security
  • VLANs group certain workstations together when they are not within the same geographical location. A broadcast domain is created to help with his. VPNs are related to the remote access of users to a certain company’s private network
  • VLAN is a subcategory of VPN, while VPN is a method of creating a safe and secure network to transmit data through
  • A VLAN allows you to logically segregate networks without the need to physically move the workstations. This is done with switches. A VPN will help connect two distinct points on the network through a secure and encrypted tunnel
  • Generally, users will use a VLAN connection to communicate with one another when they can’t share information or data from outside the VLAN. Special permission is needed to access it. VPNs are the means to communicate securely in an unsecured environment.