VLAN ID Calculator

Plan and assign VLAN IDs for network segmentation. Add departments or network zones, assign VLAN IDs and subnets, and generate a complete VLAN configuration table with suggested switch configs for Cisco, HP, and managed switch formats.

Name / Purpose VLAN ID Subnet

What Are VLANs?

A Virtual LAN (VLAN) is a logical network segment that separates broadcast domains on the same physical switch. VLANs improve security, performance, and management by isolating traffic between different groups — like keeping guest WiFi traffic separate from your corporate network, or isolating IoT devices from sensitive servers.

VLANs work at Layer 2 (Data Link) using IEEE 802.1Q tagging. Each VLAN has a unique ID (1-4094) and typically maps to its own subnet. To route between VLANs, you need a Layer 3 switch or router — this is called inter-VLAN routing. Use our Subnet Calculator to plan the subnets for each VLAN.

VLAN ID Ranges

Range	VLAN IDs	Usage	Notes
Default	1	Default VLAN (all ports)	Never use for production traffic
Normal	2 – 1001	Standard VLANs	Stored in VLAN database
Extended	1002 – 4094	Extended VLANs	Requires VTP transparent mode
Reserved	1002 – 1005	Token Ring / FDDI	Cannot be deleted
Reserved	4095	System reserved	Cannot be used

Common VLAN Design Patterns

Here are recommended VLAN assignments for different network environments:

VLAN ID	Name	Subnet	Purpose
10	Management	10.10.10.0/24	Switch/AP/router management
20	Staff/Corporate	10.10.20.0/24	Employee workstations
30	Guest WiFi	10.10.30.0/24	Isolated internet-only access
40	IoT/Smart Devices	10.10.40.0/24	Cameras, sensors, smart home
50	Servers	10.10.50.0/24	Application and file servers
60	VoIP	10.10.60.0/24	Phone system with QoS priority
100	DMZ	10.10.100.0/24	Public-facing servers

VoIP VLANs especially benefit from QoS prioritization. Follow our QoS guide to prioritize voice traffic on the VoIP VLAN.

Pro Tip: Use a consistent numbering scheme for VLAN IDs — like 10, 20, 30 for departments, 100+ for DMZ/special purposes. This makes configurations easier to read and troubleshoot. Also align the third octet of your subnet with the VLAN ID (VLAN 20 = 10.10.20.0/24) for intuitive addressing. Plan your subnets with our Subnet Calculator.

Note: VLANs alone don't provide security between segments — you also need ACLs (Access Control Lists) or firewall rules to control traffic between VLANs. Without proper inter-VLAN filtering, a compromised device in one VLAN could still access resources in another through the Layer 3 gateway. Use our Port Checker to verify your security posture.

VLAN Security Benefits

Broadcast isolation — Reduces broadcast storms and ARP traffic across the network.
Network segmentation — Limits the blast radius of malware and attacks. See our NAT guide for additional isolation layers.
Guest network isolation — Keeps visitors' devices completely separate from internal resources.
IoT containment — Smart devices with poor security can't reach sensitive systems.
Compliance — PCI DSS and HIPAA require network segmentation, which VLANs provide.
Traffic management — Combine with QoS for per-VLAN traffic prioritization.

Setting Up VLANs on Home Routers

Many advanced home routers support VLANs. Access your router's admin panel at 192.168.1.1 and look for VLAN settings. For common home setups:

# Typical home VLAN setup
VLAN 1  - Main network (default, avoid using)
VLAN 10 - Personal devices (computers, phones)
VLAN 20 - Guest WiFi (internet only, no LAN access)
VLAN 30 - IoT devices (smart speakers, cameras, thermostats)

# Each VLAN gets its own subnet via DHCP
VLAN 10: 192.168.10.0/24 (gateway 192.168.10.1)
VLAN 20: 192.168.20.0/24 (gateway 192.168.20.1)
VLAN 30: 192.168.30.0/24 (gateway 192.168.30.1)

Plan your DHCP pools for each VLAN using our DHCP Lease Calculator. For cable planning between switches, use the Cable Length Calculator.

Inter-VLAN Routing

Devices in different VLANs cannot communicate by default. To allow controlled communication, you need inter-VLAN routing via a Layer 3 switch or router. This is where your gateway becomes critical — each VLAN needs its own gateway address for routing.

Monitor traffic flowing between VLANs using network traffic monitoring to ensure your segmentation is working correctly and no unauthorized cross-VLAN traffic exists.

Key Takeaways

VLANs segment networks logically on shared physical infrastructure using 802.1Q tags.
VLAN IDs range from 1-4094; avoid VLAN 1 for production traffic.
Align VLAN IDs with subnet third octets (VLAN 20 = x.x.20.0/24) for easy management.
VLANs require ACLs/firewall rules for true security between segments.
Common home VLANs: personal devices, guest WiFi, and IoT isolation.
Use our Subnet Calculator to plan subnets for each VLAN.

Video: VLANs Explained

Related Tools & Guides

Frequently Asked Questions

How many VLANs can I create?

The 802.1Q standard supports VLAN IDs 1-4094, giving you up to 4,094 VLANs. In practice, most networks use 5-50 VLANs. Switch hardware may limit the number — check your switch specifications.

Do VLANs slow down the network?

VLANs add minimal overhead (4 bytes per frame for the 802.1Q tag). They actually improve performance by reducing broadcast domain size. Inter-VLAN routing through a Layer 3 switch is wire-speed on modern hardware.

Can I use VLANs on a home router?

Many advanced home routers (Asus, UniFi, pfSense, OpenWrt) support VLANs. Consumer routers typically don't. Check your router's admin panel at 192.168.1.1 for VLAN settings. You'll also need a managed switch for port-level VLAN assignment.

What is the difference between a VLAN and a subnet?

A VLAN operates at Layer 2 (data link), separating broadcast domains on switches. A subnet operates at Layer 3 (network), dividing IP address space. In practice, each VLAN is assigned its own subnet, and they work together for segmentation.

Should I put IoT devices on a separate VLAN?

Absolutely. IoT devices often have poor security, rarely receive updates, and may have known vulnerabilities. Isolating them on a dedicated VLAN prevents a compromised smart device from accessing your computers, servers, or personal data.

What is a trunk port vs access port?

An access port carries traffic for a single VLAN (untagged). A trunk port carries traffic for multiple VLANs using 802.1Q tags. Trunk ports connect switches together and carry all VLAN traffic between them. Access ports connect end devices like computers and phones.

About Tommy N.

Tommy is the founder of RouterHax and a network engineer with 10+ years of experience in home and enterprise networking. He specializes in router configuration, WiFi optimization, and network security. When not writing guides, he's testing the latest mesh WiFi systems and helping readers troubleshoot their home networks.