Think of runways at an airport, Carl.   Lots of planes, carrying lots of passengers. It's important that those planes never get too close, right Carl? That's what we call segmentation, Carl. And, see, the passengers on flight OU812 don't need to concern themselves with what the passengers on flight 2112 are doing. But all of those planes, Carl, with all of those passengers, use the same runway and the same control tower on that particular airfield.  Let's say that the airfield is like a network switch, Carl.   You with me on this, Carl?   So then let's call the runways, network cables, Carl; and let's call the planes, VLAN's; and let's call -- Carl! Pay attention! -- and let's say that the people on the planes are like data. We put the data in the VLAN, like we put the people in the plane; and then we put the VLAN's on the network cables, like we put the planes on the runways. And then ATC tells the pilots -- Carl! Pay attention, Carl! -- ATC tell the pilots of each airplane where to go on the airfield, just like your network switch tells each VLAN where it can or can't go.  But ATC just cares about the planes, not about the individual passengers inside each plane.  So the planes (VLANs) come into / out of the airfield (switch) via runways (cables); and then when a plane (VLAN) gets to the gate (switchport), all of the people (data) hop off of the pla --- Carl! Carl what are you doing!? Get out of the cockpit, Carl! You're not a network engineer. D*mmit, Carl!             ... View more