Many a comment on the VMware Communities Forums are about using VLANs to secure a network, while technically this is not a network security feature of the network it does provide a way to logically segregate traffic. In my mind segregate is different than separation.
Segregate implies a logical distancing between two or more elements, yet the elements of the network share the same wires, switches, etc.
Separation implies a physical distancing between two or more elements where the elements do not share anything in common.
To use virtualization, it is impossible to achieve 100% separation as we discussed in my Rethinking vNetwork Security post. I have continued to consider all aspects of the vNetwork with respect to security and VLANs. So here are some basic rules that will help you to decide how to design your vNetwork. These rules are based within the physical network (pNetwork).