Core function of VLANs on layer-2 switches: Which statement best describes what a Virtual LAN (VLAN) accomplishes in a switched internetwork?

Introduction / Context:
VLANs logically segment a layer-2 network into multiple, isolated broadcast domains. This improves scalability, security, and traffic containment, and is fundamental to multi-tenant or multi-department designs in enterprise switching.

Given Data / Assumptions:

• We are dealing with standard IEEE 802.1Q VLANs on switches.
• Collision domains are already per-port on modern switches.
• Broadcast containment is the primary design driver.

Concept / Approach:

Without VLANs, a layer-2 switch forwards broadcasts to all ports in the same VLAN, forming a single broadcast domain. Creating separate VLANs divides that broadcast domain so that ARP, DHCP DISCOVER, and unknown unicast flooding do not traverse between VLANs. Inter-VLAN communication requires a layer-3 device (router or L3 switch).

Step-by-Step Solution:

Verification / Alternative check:

On a switch, run show vlan and observe that hosts in different VLANs do not see each other’s ARP broadcasts. Pinging across VLANs requires an SVI or router.

Why Other Options Are Wrong:

Fastest port (A) is unrelated to VLAN function.

Multiple collision domains on one port (B) is incorrect; a single port is one collision domain.

Multiple broadcast domains within a single collision domain (D) contradicts how switches operate.

Common Pitfalls:

Confusing collision domains (hub days) with broadcast domains; assuming VLANs provide security equal to firewalls (they help isolate but do not replace L3/L7 controls).

Final Answer:

Breaks up broadcast domains in a layer 2 switch internetwork.