Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Nishtha_Baria
Staff
Staff

Created on ‎09-20-2023 02:00 PM Edited on ‎04-01-2025 06:33 AM By Moderator

Article Id 274926

Technical Tip: Difference between VLAN vs VXLAN: Use cases, compiled details

Description This article describes the difference between VLAN and VXLAN traffic and the types available on FortiGates, and their capabilities.
Scope FortiGate
Solution

VLAN (Virtual LAN):

In networking, segmenting and isolating network traffic is accomplished by using both VXLAN (Virtual Extensible LAN) and VLAN (Virtual LAN). They do, however, function at various OSI model layers and have unique properties. 

There is a limited number of segmentation that one can create (is lower than VXLAN), 4096 VLANs in IEEE 802.1Q which is why might not be suitable for large scale.

 

Use Case: 

VLAN's configuration includes setting up networking hardware, such as switches, to assign ports or interfaces to certain VLAN IDs.

  • In classic LAN environments, VLANs are frequently used to divide traffic for security, management, or broadcast domain control.
  • They are perfect for separating various projects, divisions, or teams inside an organization.

 

Packet format: 

 

image (12).png

 

Example Topology:

In this illustration, two distinct internal VLAN networks share a single interface on the FortiGate and a single Internet connection. This illustration demonstrates how two networks may share an interface while having distinct traffic streams.

This arrangement is applicable to two departments in the same firm or to several companies.

 

In this example, there are two distinct internal network VLANs. VLAN_100 is located on the network 10.1.1.0/255.255.255.0, whereas VLAN_200 is located on the subnet 10.1.2.0/255.255.255.0. The VLAN switch is connected to these VLANs.

 

vlantopo.png

 

VXLAN (Virtual Extensible LAN):

VXLAN is a Layer 3 network virtualization technique that enables network segmentation and scalability by encapsulating Layer 2 Ethernet frames in Layer 3 UDP packets. In comparison to VLANs, VXLAN may potentially accommodate 16 million more segments. Similar to VLANs, but working at a higher layer, VXLAN offers network isolation.

VXLAN has been designed for large-scale situations, such as data centers, and is built for scalability.

Configuring VXLAN requires setting up VXLAN endpoints and tunnels, generally on routers or layer 3 switches.

 

Use Case:

  •  Data center networks frequently employ VXLAN to enable network segmentation, flexibility, and scalability.
  • It is appropriate for cloud deployments, multi-tenant setups, and situations requiring a high level of isolation and scalability.

 

Packet format:

 

image (14).png

 

Example of VXLAN Topology:

In this architecture, the remote-ip of a FortiGate (VTEP 1) points to port 1 of VTEP 2, and the FortiGate (VTEP 1) is setup with a VXLAN interface over port 1. By adding them to a software switch or virtual wire pair, the VXLAN interface and port2 may be connected to the same L2 network. The L2 network includes everything connected to the L2 switches.

 

vxlantopo.png

 

 

 

Depending on the unique networking requirements and the size of the network, choose between VLAN and VXLAN.

 

Related articles:

General VXLAN configuration and topologies

VLAN
3656
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.