"LAN" doesn't imply the same use of VLAN trunking or flat network architecture.
Traffic infra being on a VLAN behind the firewall implies a lot of trust in the traffic infra physical plant. You can harden against layer 2 vulnerabilities, but they're a whole 'nother can of worms and possible failure point.
It also implies the possibility of VLAN trunking being used inappropriately.
All the CCIEs I've learned from and trusted were very suspicious about extending the size and scope of LANs offsite through VLANs.
"LAN" doesn't imply the same use of VLAN trunking or flat network architecture.
Traffic infra being on a VLAN behind the firewall implies a lot of trust in the traffic infra physical plant. You can harden against layer 2 vulnerabilities, but they're a whole 'nother can of worms and possible failure point.
It also implies the possibility of VLAN trunking being used inappropriately.
All the CCIEs I've learned from and trusted were very suspicious about extending the size and scope of LANs offsite through VLANs.