A VLAN (Virtual LAN) segments a physical network into logically separated areas. Devices in the same VLAN communicate directly; traffic between VLANs requires a router or firewall. In an ISMS, VLANs are a fundamental network segmentation control per ISO 27001 Annex A.8.22. They separate, for example, office, server, and guest networks, limiting the lateral spread of attacks. VLANs alone do not replace firewall rules, but they are an important building block in a defense-in-depth strategy.