a lan is a local area network we commonly define this as a group of devices that are in the same broadcast domain in this example we have two different switches one is the red switch and one is the blue switch on the red network we have two devices that are in one broadcast domain and on the blue switch we have devices that are on a completely different broadcast domain we might want this separation for security reasons certainly this would have a separation between these devices and these we might want to limit the number of broadcasts that might be on a network so we might segment the network into smaller pieces and in many ways this is a very straightforward way to manage the network because if somebody needs to be on the red network we connect them to the red switch and if someone needs to be on the blue network we connect them to the blue switch however looking at this diagram we can immediately see a number of inefficiencies we've of course purchased two separate switches we are powering two separate switches and we're managing the configurations on two separate switches all of these are duplicating the effort in some cases duplicating the cost we would need to maintain both of these networks we can also see on these switches that we're connecting two devices but we have a lot of empty interfaces on the switch so we've paid for a lot of switch that ultimately we're not using it would be much more efficient and cost effective if we could buy a single switch maintain a single power source for that switch and a single configuration and simply logically associate certain interfaces on that switch to the red network and logically associate other interfaces on that switch to the blue network the switch itself would provide the separation between the red network and the blue network and these devices still would not be able to communicate directly to each other we refer to this virtualization of the local area network as a vlan this is grouping the devices still in their same broadcast domain but we're doing this across the same physical device this means that we won't need separate switches we can instead have exactly the same functionality on a single switch by implementing and configuring vlans for each of these individual interfaces let's add even a third network so on this switch we've configured a red network a blue network and a green network and you can see that we've connected different devices to these interfaces as the network administrator we've specifically configured the interfaces on the switch to match a certain network so in this case if you're connected to port 1 you're on the red network if you're connected to port 9 you're on the blue network and if you're connected to port 17 you're on the green network of course instead of using colors we associate a vlan with a number so the red network may be vlan 1 the blue network might be vlan 2 and the green network might be vlan 3. you can see that not only does this make it easier to manage the network but now we can keep cost lower by having a single switch instead of purchasing three separate switches for these three vlans a technology that has become rather commonplace on our networks today is a vpn or a virtual private network this is usually a combination of software and hardware that allows us to securely send information across a public network such as the internet everything sent over that vpn connection is automatically encrypted which means if anyone in the middle happens to capture this information they wouldn't be able to see or understand anything in the conversation if you've used a vpn then you certainly are familiar with how that looks from the desktop of your operating system but somewhere it's connecting to a separate device and that device we're connecting to is a concentrator this can be a standalone device or it may be integrated into a firewall or some other multi-use device there are many different ways to deploy vpns the example we have here is a hardware device that may have specialized vpn or encryption hardware inside of it but you could also configure vpn software that might be running on a server many vpn implementations have their own application that can be installed in an operating system and you'll find that these days most modern operating systems come included with some type of vpn client this means that you can still be secure when using your laptop in a coffee shop even if the wireless network in that coffee shop is one that is open and not encrypted you would either use vpn software that's always on and always connected or you would have the option on your laptop to enable or turn on the vpn capability when you do that it creates an encrypted tunnel back to the vpn concentrator and now everything sent from your laptop will be encrypted across the wireless network of the coffee shop the internet and any other links until it reaches that vpn concentrator at this point the vpn concentrator will receive that encrypted information it will decrypt the data and send that information into the corporate network any device that needs to send information back to the laptop will send that information to the vpn concentrator the concentrator will encrypt that data send it over the encrypted tunnel and when it reaches your laptop the laptop will then decrypt that data so that it can be used locally this entire process happens behind the scenes and is automatic when you enable your vpn software you