Local Area Networks (LANs) are data communication networks that span a physically limited area. LANs allow users to have shared access to many common resources, such as files, printers, or other communication devices. The concept of shared access to resources is central to the LAN philosophy.
Security, on the other hand, in traditional LANs is a major problem. For instance, in broadcast networks, everyone can see every packet on the network. Therefore, without the use of Virtual Local Area Networks (VLANs), it is possible for users on the system to see network traffic from or destined for other users. This presents a security problem for the system and its users.
A VLAN is a logical subgroup within a Local Area Network that offers an effective solution to the LANs problems. The major features of VLANs are flexible network segmentation and enhanced network security.
However, when VLANs are used for security and group collaboration, generally they have to be manually configured ahead of time, on switching hardware. Furthermore, there is a finite number of VLANs that the switching hierarchy can support and this physical limitation on the number of VLANs supported may be an issue.
In addition, some network protocols require fully routable Internet Protocol(IP) addresses to function (e.g. tunnelling protocols including Virtual Private Networks (VPNs)). Typically a user requesting a dynamic IP address can be given either a routable or non-routable IP address depending upon the configuration of the Dynamic Host Configuration Protocol (DHCP) server on that network.
Since in a traditional network, dynamic switching from non-routable to routable IP address is not handled by the server, users are left to their own devices if they require a routable IP address, but were served a non-routable IP address.