A VLAN (Virtual Local Area Network) is a logical network segment created within a physical switch or set of switches. VLANs separate traffic between groups (e.g. staff, guests, IoT, VoIP) without needing separate physical switches. Traffic between VLANs requires a router or Layer 3 switch.

VLAN Planning Calculator

Q: How do I choose VLAN IDs?

VLAN IDs range from 1 to 4094 (802.1Q standard). VLAN 1 is the default native VLAN on most switches — avoid using it for production traffic. VLANs 1002–1005 are reserved on Cisco switches. Common practice is to assign IDs that correspond to the last octet of the subnet for easy identification (e.g. VLAN 10 for 192.168.10.0/24).

Q: How do I plan subnets for multiple VLANs?

Assign each VLAN its own non-overlapping subnet. A common pattern is to use 192.168.X.0/24 where X matches the VLAN number. Ensure no two VLANs share any IP addresses. The gateway is typically .1 or .254 of each subnet. Configure a DHCP scope per VLAN excluding the static IP range.

Plan your VLAN network: assign IDs, subnets, and gateways for multiple VLANs. The calculator validates VLAN IDs, checks for overlapping subnets, and shows usable host ranges for each segment.

VLAN Network Planner

Enter each VLAN on a separate row. Subnet format: 192.168.10.0/24. Gateway format: 192.168.10.1.

VLAN Summary

VLAN ID	Name	Subnet	Gateway	First Host	Last Host	Usable Hosts

What Is a VLAN?

A VLAN (Virtual Local Area Network) segments your physical network into isolated logical networks. Devices on different VLANs cannot communicate directly — they require a Layer 3 router or inter-VLAN routing on a managed switch. Common VLAN use cases:

Staff/Corporate: Domain-joined computers, file servers, printers — full access.
Guest/WiFi: Internet access only, isolated from internal resources.
IoT: Smart devices, cameras, sensors — isolated to prevent lateral movement.
VoIP: Phones on a dedicated VLAN with QoS prioritisation.
Management: Network devices (switches, APs, routers) — highly restricted access.

VLAN Planning Best Practices

Avoid VLAN 1 for production traffic — it is the default native VLAN and should remain untagged on trunks.
Use a consistent numbering scheme, e.g. VLAN 10 = 192.168.10.0/24, VLAN 20 = 192.168.20.0/24.
Document your VLAN table before configuring switches — this calculator generates that document.
For DHCP, exclude static IPs (gateway, servers, APs) from the pool scope.
Apply firewall rules between VLANs on your router/firewall — don't rely on switch isolation alone for security.
Use 802.1Q trunk ports to carry multiple VLANs between switches and to access points.

Validation Rules

This calculator checks for the following issues in your VLAN plan:

Invalid VLAN ID — must be between 1 and 4094.
Duplicate VLAN IDs — each VLAN must have a unique ID.
Invalid subnet format — must use CIDR notation (x.x.x.x/prefix).
Overlapping subnets — two VLANs cannot share any IP space.
Gateway outside subnet — the gateway must be within the assigned subnet.
Gateway equals network or broadcast address — both are invalid as a gateway.

Frequently Asked Questions

What is a VLAN?

A VLAN is a logical network segment created within a managed switch using 802.1Q tagging. It separates broadcast domains without requiring separate physical switches. Devices on VLAN 10 cannot reach devices on VLAN 20 without passing through a router that has an interface on both VLANs.

How do I choose VLAN IDs?

Use VLAN IDs 2–4094. Avoid VLAN 1 (native VLAN) and 1002–1005 (reserved on Cisco). A popular convention is to match the VLAN ID to the subnet's third octet: VLAN 10 → 192.168.10.0/24, VLAN 20 → 192.168.20.0/24. This makes reading configs and firewall rules much easier.

How do I plan subnets for multiple VLANs?

Each VLAN needs its own unique, non-overlapping subnet. Assign a /24 for up to 254 hosts, a /25 for up to 126 hosts, or a /30 for a 2-host point-to-point segment. Reserve a static range at the start (.1–.20) for infrastructure and use the remainder for DHCP. The gateway is typically the .1 address.