In certain applications, it is desirable to restrict communication among different network nodes for various reasons. Some of such reasons include, for example, to improve the security of passing information to the appropriate device, to engineer desirable traffic patterns (e.g., force entity A and entity B to talk to each other through entity C, that might monitor, rate limit, firewall, etc.), to reuse resources (e.g., several devices attached to the same wire can reuse IP addresses), and to partition domains to increase scalability. Conventionally, virtual local area networks (VLANs) may be used to restrict communication at layer two. A VLAN provides a broadcast domain and devices that are part of the same VLAN are able to communicate to each other but generally not to devices of a different VLAN. A VLAN may be implemented by configuring one or more layer two switches.