A VLAN (Virtual Local Area Network) is a method of logically segmenting a single physical network into multiple isolated networks. Devices on different VLANs cannot communicate with each other unless explicitly routed, even if they share the same switch or cabling.

In short: VLANs allow industrial cellular routers and switches to separate IoT traffic from corporate traffic, guest Wi-Fi from staff networks, and operational technology from IT systems. VLAN tagging follows the IEEE 802.1Q standard. Industrial routers from Teltonika and other vendors support VLAN configuration on both Ethernet ports and Wi-Fi SSIDs.

VLANs matter in IoT for two reasons. The first is security. Compromised IoT devices should not be able to pivot onto corporate systems. Putting cameras, BMS controllers, or telemetry devices on their own VLAN limits the blast radius if one is breached. The second is traffic management. CCTV streams, SCADA polling, and corporate email have different bandwidth and latency profiles. VLAN-based traffic policies allow each to be handled appropriately on the same physical infrastructure.

For OT/IT convergence projects (where Industry 4.0 ambitions need plant-floor data flowing into enterprise systems) VLANs are a basic prerequisite, not an optional feature. The Purdue Model and IEC 62443 both assume VLAN-based segmentation as part of a defence-in-depth approach.