After watching several YT’s on VLANS, I give kudos to Chris for doing a better job than all the others combined. Historically, I sparingly used vlans due to weak knowledge. Now, I’ll use them more. His examples and analogies are superb. It’s so good, I watched it twice.
Very good video. Now a video about firewall rules for the vlans. For example how to stream from your secure vlan to the iot lan. How will the Sonos app act on a phone vlan when it needs to stream to the iot vlan and the homeassistant app the same way. 😊💪🏼
Exactly. Currently i have all my security cameras on my default LAN. My Agent DVR is running on a computer on my default LAN as well. I manage it through a web browser on my desktop pc on my default LAN. If i segmented the camera's onto a VLAN (which i cannot do at the moment anyways, Google Wifi nojoy) how would i get that streaming traffic to go from it's own VLAN to my computer running the DVR software? If i segemented the DVR computer onto the same VLAN as the camera's, how would I manage it from my desktop PC? Questions... so many questions. I have never understood traffic routing rules for subnets and firewalls. That's the video you need to make for laymen like me.
@@kurti4432not really anymore. Companies fire expensive cisco network experts nowadays, and move towards dumb SDN. Where they dont need to employ highly paid experts. Its the worst time in history to be a ccie, as no company is willing to pay for networking experts, and after the recent 2-3 years of layoff spree, there are many suxh people on the job market, desperate to find a new job, pushing down the average salary.
Greatest video I ever saw on UA-cam. You are the most articulate person I have ever encountered on a complex subject like this. I found you by accident and I will continue with your other videos. I wasn't even looking for a Vlan video but I really did understand 80% of what you talked about. You made a place on my google Drive :) Thanks much
I find one the biggest points of confusion people have about a layer 2 VLAN is that they think it is synonymous to a layer 3 Network. One can have multiple VLANs on the same piece of wire. One can have multiple layer 3 Networks on the same piece of wire. One can have a VLAN with multiple layer 3 Networks and vice versa they are independent of each other.
This met me right where i needed. There are plenty of videos on either side of the subject. Either they're too high level, just explaining the concept of VLANs, or too fine grained, for those who already were very familiar with all the terminology and just needed to know a specific ecosystem. This one video bridged the gaps in my skillset perfectly! Thank you!
Honestly the best explanation of VLANs I have seen, especially the difference between tagged and untagged VLANs. Saved me days of going back and fourth on a help forum
I’ve been doing small to medium business sysadmin & networking for over 20 years and always got by with larger subnet blocks. I just now am needing to learn VLAN stuff. This helped significantly. Thank you for taking the time to do this!
I knew a little about VLANs, but often got confused and had to double check on things, this explanation made it much easier to understand and I'm not going to have any issues remembering this. Fantastic content as always!
This is by far THE BEST VLAN tutorial I've come across, I was so confused by Untagged/tagged VLAN, you are the only one who explain it clear as day (not mud 😅). Thank you so much for this! You are THE BEST!
@@CrosstalkSolutions This video should be shown in colleges and high schools for the younger generation to get exposed to networking concepts and terminology.
By far the best VLAN video I came across. The only missed info for me was about access port, but everything else explained on this video it’s very well clarified !
Very well explained. The biggest thing to get across to people is the difference between TAGGED and UNTAGGED. By switching UNTAGGED with DEFAULT, and TAGGED with OPTIONAL or/ ADDITIONAL, things start to become very clear very quickly.
You never AFAICR explicitly mentioned it to drive the point home, but: without VLANs, to achieve the same logical separation of networks, the networks need to be physically separated (dedicated cable runs and switches for each network so that the packets of two networks "never meet"), and that the whole point of VLANs is that there is only one physical network needed, where the separation of the logical networks is achieved "in software" by having the VLAN-aware routers and switches enforce on port-level the logical separation, based on the VLAN tags of the network packets that pass through.
This was such a helpful video for someone about to set up a new unify based network. Helps make your other unify VLAN setup videos much easier to understand. Thank you.
Hey Chris, great video. As someone who’s been networking for years and been the IT guy for the small companies I’ve worked for, I have set up and use VLANs, but this video did a great job clarifying and simplifying the topic, I feel more confident in my approach now. I’ll refer others to this when I see vlan questions on Reddit. Good job!
Superb! 👏 I have finally properly understood setting tagged vs. untagged VLANs on ports. It's the best explanation I have ever come across so far with multiple real world examples. Very informative video. Kudos and thank you! 🌟 Keep up the good work.
Great introduction to VLANs. Getting IPs sorted to different LANs is my main goal (while having access to the internet on all ports) without using a switch.
This is one of the most well done VLAN instructional videos I have ever seen. Is there any chance you can make a tutorial for Chromecast Multicast DNS over VLAN with Ubiquiti? Something that should be easy but never works as expected.
Another great video Chris. Your videos on Ubiquiti products are the sole reason that I settle on Unifi equipment a few years ago. Thanks for all your hard work.
Sorry to say, I feel exactly opposite on the horrible Ubiquiti controller. This week I struggled to resurrect a corrupted USG-3P and get LAN2 to function. It was nightmare flipping back to legacy view UniFi for the necessary menu items because V8 is incomplete. While USG demands a new VLAN for lan2, there’s no way to define tag, untag, or trunk. Very disappointing software and documentation.
What a great video. Can't tell you how many hours I've spent reading & watching videos on this topic and your presentation caused it all to gel. I suddenly love the new way UniFi does this and I figured out my ancient Dell PowerConnect switch while I was at it with these concepts. So pumped! Fantastic job, Chris. This could be a template for an industry standard.
Absolutely incredible video! Well done. I believe you may have misspoke between 30:38 and 30:47. I may be wrong, but I believe you referred to tagged ports as untagged. Easy to do, especially given the number of times you had to say tagged and untagged.
Excellent video! Glad you showed UniFi and then also a hodge podge of equipment as well. I am all UniFi here and have noticed my Flex-Mini is VLAN aware and configurable, but like that router you showed, if you configure a port as Native to a VLAN (not 1/default), you can't have tagged traffic.
When you were talking about VoIP phones, you could have mentioned the phones can also pass through the default LAN, so that a computer can be plugged into the back, so the computer and phone can share a single switch port.
Great presentation. I'm thinking of getting into Unifi in my new house so I've saved this to watch it all again later when trying to set it up as a nooob. 👍
Possible update to the beginning - show 4 switches as the "old school" way we would segregate networks physically for each dedicated usage (maybe use different colours of cables for each). Then show a single "VLAN-enabled" switch with all of those cables plugged into it.
One of the things that I absolutely LOVE about Macs is that they have built in functionality to understand VLAN's when given a trunk port by a switch. Even my 20 year old PowerMac G5 has this capability! In System Preferences you add the VLAN ID's and give the ethernet "profile" a name. Add as many VLAN interfaces on you Mac as you have VLANS's. So some of my Mac's have 10+ IP addresses all with using a single ethernet cable. No inter VLAN routing required as the computer is on all the networks at the same time and the traffic stays on the Layer 2 switch.
@@ChasEng-o6y Make sure your Mac is plugged into a trunk port on your switch. By default, your Mac will get an IP address in the untagged VLAN 1 "default" or management LAN. Open System Preferences (System Settings) > Network > and click the dropdown menu (depending on OS X or later version) > Manage Virtual Interfaces > Click "plus" button > New VLAN > Name your VLAN > Enter the VLAN ID created by your router or Layer 3 switch > select the NIC interface > click create. Do this process for as many tagged VLAN's you want your computer to be on. For me, after I do that, I disable ETH0 to get the computer off the untagged / management network.
With L2 switch and vlans when you copy files from pc A in vlan 10 to a pc B in vlan 20 it will be slow as hell because all traffic must go through the router to get data from pc a to pc b. With L3 switch the copy files action will go quick because the switch will do the routing using inter VLAN routing.
Thanks! This was extremely informative. 2 questions keep haunting me: 1) Why do we trust devices to tell us which VLAN they want to be part of? A hacker could simply tag his data with any VLAN in order to exploit that VLAN. Shouldn't the router assign each device to a VLAN based on some sort of pre-determined rules that we set? 2) Why would you have different VLANs available on different switch ports? Wouldn't it be best to make all VLANs available on all ports, with the default/untagged set to the guest VLAN? That would give us ultimate flexibility and convenience, such that any device can be patched into any switch port. Once again, the router would make sure that each device is assigned to the correct VLAN, no matter which port it is connected to.
Fantastic. Future Ubiquiti user in Zambia (gotta get equipment cleared through our version of the FCC) This helped me understand tagged vs. untagged so much better.
This is so comprehensive and I learned so much! I may need to watch this a few times to fully comprehend it but that is okay by me. In a mixed environment scenario where you may not know what is plugged into what, how would you go about identifying hardware? Would I use something like Nmap?
Again one of the great explaining videos 🎉. Q: Is it also possible to push a device to a VLAN by it’s MAC address? Let’s take the doctors waiting room. Here all devices normally connect to the guests network. But sometimes the doctor itself is in the waiting room and his computer should always connect to the main network. Is that possible (Unifi) ? Other questions: which devices do know / can I train to connect to a special VLAN?
Great video. I thought of some questions while watching, hopefully you (or someone!) can answer: Can you disallow untagged VLAN devices on a port? I.e, require that a VLAN is configured on a device (so someone can't plug in a random device) How do static IPs play into all this? What if you configured a device with a VLAN (or let it default) but set a static IP in the wrong subnet? (I.e, the hacker in the lobby tries to circumvent the allowed VLAN tags by setting a static IP) Can multiple VLANs have the same subnet? What effects would that have?
Here’s my idea for a “made easy” explanation: - Think of a switch as a house with multiple doors (ports) and of each device as a person. - Each person wears a T-shirt, and it can have a number printed on it (tagged) or not (untagged). - An access system at each door (port) checks the number on the shirt and dispenses a badge (think DHCP) based on the number on the T-shirt. - Persons with tagged shirts having a number that is allowed entry will get a badge (think IP address) for that group. - Persons with no number on the shirt will get another (default) badge. - Persons with a number that is not whitelisted will not get a badge, and cannot enter.
Thank you so much for doing this video!!! If you could please do a follow up video on firewall configurations in the Unifi Environment to allow or disallow traffic through different vLan setups. For example. Needing guests to be able to print to a printer that is on the untagged lan or Allowing Lan users to be able to talk to an IOT device. Preciate You Sir! Keep up the great work!
Great explanation of vlan concepts. What is still not clear is how a client device gets to know which vlan id it should ask for. In case of wireless connectivity, when the client device joins an SSID, which is assigned to a particular network, which, in turn, is configured to use a particular vlan id, then the client device will be tagged with that vlan id. Is this understanding correct? Because we don't configure vlan ids on our devices, we usually join an SSID. In the case of wired connectivity, say we plug in a device to a port, which has the default vlan and some tagged ones. Then our device will join the default vlan first. But what if we wanted that device to join a specific vlan when we plugged in? Do we have to configure the vlan id on the client device so that DHCP can assign an ip from that vlan? Or someone has to configure static ip for that client device from the desired vlan?
Thanks for making this great informative video. Your effort to simplify setting up Unifi networks is much appreciated. You demonstrated setting up the tagging for IoT, Guest and Access point ports, what would the suggested configuration be for a camera port?
After watching several YT’s on VLANS, I give kudos to Chris for doing a better job than all the others combined. Historically, I sparingly used vlans due to weak knowledge. Now, I’ll use them more. His examples and analogies are superb. It’s so good, I watched it twice.
Very good video. Now a video about firewall rules for the vlans.
For example how to stream from your secure vlan to the iot lan.
How will the Sonos app act on a phone vlan when it needs to stream to the iot vlan and the homeassistant app the same way. 😊💪🏼
Exactly. Currently i have all my security cameras on my default LAN. My Agent DVR is running on a computer on my default LAN as well. I manage it through a web browser on my desktop pc on my default LAN. If i segmented the camera's onto a VLAN (which i cannot do at the moment anyways, Google Wifi nojoy) how would i get that streaming traffic to go from it's own VLAN to my computer running the DVR software? If i segemented the DVR computer onto the same VLAN as the camera's, how would I manage it from my desktop PC? Questions... so many questions. I have never understood traffic routing rules for subnets and firewalls. That's the video you need to make for laymen like me.
@@comradeshadovshkithis is why Network engineers get paid the big bucks
@@kurti4432not really anymore. Companies fire expensive cisco network experts nowadays, and move towards dumb SDN. Where they dont need to employ highly paid experts. Its the worst time in history to be a ccie, as no company is willing to pay for networking experts, and after the recent 2-3 years of layoff spree, there are many suxh people on the job market, desperate to find a new job, pushing down the average salary.
Would love a follow up video on firewall rules and making sure cloud and local only devices work properly across the vlans. Thanks Chris!
This is the BEST VLAN guide available not just on YT!!! Thank you so much!!!
Greatest video I ever saw on UA-cam. You are the most articulate person I have ever encountered on a complex subject like this. I found you by accident and I will continue with your other videos. I wasn't even looking for a Vlan video but I really did understand 80% of what you talked about. You made a place on my google Drive :) Thanks much
I find one the biggest points of confusion people have about a layer 2 VLAN is that they think it is synonymous to a layer 3 Network. One can have multiple VLANs on the same piece of wire. One can have multiple layer 3 Networks on the same piece of wire. One can have a VLAN with multiple layer 3 Networks and vice versa they are independent of each other.
Thank you! VLANs are virtual broadcast domains.
@@mikelambert4490Bingo
Help
YES THIS EXACTLY
This met me right where i needed. There are plenty of videos on either side of the subject. Either they're too high level, just explaining the concept of VLANs, or too fine grained, for those who already were very familiar with all the terminology and just needed to know a specific ecosystem. This one video bridged the gaps in my skillset perfectly! Thank you!
This is hands down the best VLAN explanation video I have ever seen 🤩. Thanks to this video I finally have a full understanding of VLANs. 🥳
Honestly the best explanation of VLANs I have seen, especially the difference between tagged and untagged VLANs. Saved me days of going back and fourth on a help forum
I’ve been doing small to medium business sysadmin & networking for over 20 years and always got by with larger subnet blocks. I just now am needing to learn VLAN stuff. This helped significantly. Thank you for taking the time to do this!
The amount of videos I’ve watched on tagged, untagged and trunk ports FINALLY I now understand it thanks to this ❤
I knew a little about VLANs, but often got confused and had to double check on things, this explanation made it much easier to understand and I'm not going to have any issues remembering this. Fantastic content as always!
Just... WOW! Such clear, precise explanations delivered with a beautifully pleasant voice. Thank you, sir!
This is by far THE BEST VLAN tutorial I've come across, I was so confused by Untagged/tagged VLAN, you are the only one who explain it clear as day (not mud 😅). Thank you so much for this! You are THE BEST!
I wish you had made this video 5 years ago. Great job, sir! Thank you.
Excellent presentation. Lots of work went into making this video.
It did actually...not an easy topic to tackle!
@@CrosstalkSolutions This video should be shown in colleges and high schools for the younger generation to get exposed to networking concepts and terminology.
Thank you so much. You are a great teacher. I've learned so much from you these past 3 years. Your customers must love you.
As someone who knew almost nothing about VLAN's, this video was super informative. Thank you!
Well explained video, would love to see an extensive video with firewall rules using vlan
I new nothing about routers and switches. Now I feel confident about using them. This is a well laid out video. Thank you very much.
Cheers - glad it was helpful!
This is by far the best Vlan video I have come across. It answered my long time question about tag vs. untag vlans
finally a video that clearly explains the tagged/untagged issue.
By far the best VLAN video I came across. The only missed info for me was about access port, but everything else explained on this video it’s very well clarified !
I was confused about untagged and tagged ports. Not anymore! Thank you so much!
Selten haben so gute und anschauliche Erklärungen gehört. Wirklich ganz hervorragend! Vielen, vielen Dank!
Very well explained. VLANs for dummies. Impossible does not understand. Thanks for this video
Very well explained. The biggest thing to get across to people is the difference between TAGGED and UNTAGGED. By switching UNTAGGED with DEFAULT, and TAGGED with OPTIONAL or/ ADDITIONAL, things start to become very clear very quickly.
You never AFAICR explicitly mentioned it to drive the point home, but: without VLANs, to achieve the same logical separation of networks, the networks need to be physically separated (dedicated cable runs and switches for each network so that the packets of two networks "never meet"), and that the whole point of VLANs is that there is only one physical network needed, where the separation of the logical networks is achieved "in software" by having the VLAN-aware routers and switches enforce on port-level the logical separation, based on the VLAN tags of the network packets that pass through.
Give this mam am award
Best VLAN principles explanation I have seen on YT. Thank you.
This was such a helpful video for someone about to set up a new unify based network. Helps make your other unify VLAN setup videos much easier to understand.
Thank you.
This video is going to help soooo many people, including myself! :) I know how vlans work, but this just simplifies it and will help me help others.
Needed a VLAN review, this was very clear and thorough!
I would love a video explaining layer 3 vs layer 2.
This was fantastic. I always got confused with the tagging and untagged part of vlans but you explained this very well.
Hey Chris, great video. As someone who’s been networking for years and been the IT guy for the small companies I’ve worked for, I have set up and use VLANs, but this video did a great job clarifying and simplifying the topic, I feel more confident in my approach now. I’ll refer others to this when I see vlan questions on Reddit. Good job!
Superb! 👏 I have finally properly understood setting tagged vs. untagged VLANs on ports. It's the best explanation I have ever come across so far with multiple real world examples. Very informative video. Kudos and thank you! 🌟 Keep up the good work.
Great introduction to VLANs.
Getting IPs sorted to different LANs is my main goal (while having access to the internet on all ports) without using a switch.
Very well presented. Easy to understand and actually USE! Thank you.
This is one of the most well done VLAN instructional videos I have ever seen.
Is there any chance you can make a tutorial for Chromecast Multicast DNS over VLAN with Ubiquiti? Something that should be easy but never works as expected.
Another great video Chris. Your videos on Ubiquiti products are the sole reason that I settle on Unifi equipment a few years ago. Thanks for all your hard work.
Ditto for me too!
Sorry to say, I feel exactly opposite on the horrible Ubiquiti controller. This week I struggled to resurrect a corrupted USG-3P and get LAN2 to function.
It was nightmare flipping back to legacy view UniFi for the necessary menu items because V8 is incomplete. While USG demands a new VLAN for lan2, there’s no way to define tag, untag, or trunk. Very disappointing software and documentation.
What a great video. Can't tell you how many hours I've spent reading & watching videos on this topic and your presentation caused it all to gel. I suddenly love the new way UniFi does this and I figured out my ancient Dell PowerConnect switch while I was at it with these concepts. So pumped! Fantastic job, Chris. This could be a template for an industry standard.
Amazing video! All clear, I can finally say that I understand VLANs - Thank you!
Thanks! Finally an easy to understand explanation of VLANs. Didn't get it before, get it now.
Thank you!!! This was so helpful. For the first time, I finally understand VLANS.
Bless you for this video!! Been waiting for this one for awhile. Thank you!
Absolutely incredible video! Well done. I believe you may have misspoke between 30:38 and 30:47. I may be wrong, but I believe you referred to tagged ports as untagged. Easy to do, especially given the number of times you had to say tagged and untagged.
omg I scrolled a lot to find this comment! Thank you. I was struggling to know if it was just misspoken or if I was not understanding something!
Thank You especially for the practical examples on how to configure at the end.
Great video. Thank you for the information. It was clear as mud until the very end when you demonstrated. Then it all came together
Awesome video Chris, best one I've ever seen on the subject to date.
Excellent video! Glad you showed UniFi and then also a hodge podge of equipment as well. I am all UniFi here and have noticed my Flex-Mini is VLAN aware and configurable, but like that router you showed, if you configure a port as Native to a VLAN (not 1/default), you can't have tagged traffic.
When you were talking about VoIP phones, you could have mentioned the phones can also pass through the default LAN, so that a computer can be plugged into the back, so the computer and phone can share a single switch port.
Highly informative! Easy to follow, thanks!
Great presentation. I'm thinking of getting into Unifi in my new house so I've saved this to watch it all again later when trying to set it up as a nooob. 👍
Fantastic description and presentation.
Best VLAN explanation ever! Thank you Chris for this vid!
Possible update to the beginning - show 4 switches as the "old school" way we would segregate networks physically for each dedicated usage (maybe use different colours of cables for each). Then show a single "VLAN-enabled" switch with all of those cables plugged into it.
This right here. Visually showing what VLANs are logically doing is a great teaching tool.
And subscribed… by far the easiest video to understand this subject I’ve found.
Nicely done Chris, thoroughly enjoyed!
Lots a work on that video, great job! thanks for sharing your knownedge
One of the things that I absolutely LOVE about Macs is that they have built in functionality to understand VLAN's when given a trunk port by a switch. Even my 20 year old PowerMac G5 has this capability! In System Preferences you add the VLAN ID's and give the ethernet "profile" a name. Add as many VLAN interfaces on you Mac as you have VLANS's. So some of my Mac's have 10+ IP addresses all with using a single ethernet cable. No inter VLAN routing required as the computer is on all the networks at the same time and the traffic stays on the Layer 2 switch.
coul you expand on that just a bit, thx
@@ChasEng-o6y Make sure your Mac is plugged into a trunk port on your switch. By default, your Mac will get an IP address in the untagged VLAN 1 "default" or management LAN. Open System Preferences (System Settings) > Network > and click the dropdown menu (depending on OS X or later version) > Manage Virtual Interfaces > Click "plus" button > New VLAN > Name your VLAN > Enter the VLAN ID created by your router or Layer 3 switch > select the NIC interface > click create. Do this process for as many tagged VLAN's you want your computer to be on. For me, after I do that, I disable ETH0 to get the computer off the untagged / management network.
With L2 switch and vlans when you copy files from pc A in vlan 10 to a pc B in vlan 20 it will be slow as hell because all traffic must go through the router to get data from pc a to pc b. With L3 switch the copy files action will go quick because the switch will do the routing using inter VLAN routing.
Awesome video! Very well laid out to help me better understand VLANs and how to set them up on my Unifi network.
Dude this video is a gift from God
Okayyyy Now that is an excellent tutorial video. Leaving here ready to go setup my home VLANs; just need to get up to speed with firewalls.
thanks for that, helped me understand vlans and tagging in the unifi, especially the new interface, a little better
dude!!! the vlan "vans" theme shirt is really cool!
Thank you for this excellent explanation...
Fantastic video this was the best explanation I’ve seen on VLANs
outstanding video! one of the best VLAN videos on youtube. if not, the best video!!!
Thx. I am rookie in this topic, but you inspired me to dig in this area.
Respect and many thanks for this video. It's quite some information, but I think it covers it all. Great job!
Greatest VLAN video on UA-cam 💪💪🙏
I learned today that I can manually set the VLAN Tag on my Mac, thank you.
Awesome video and mega clear presentation
excellent video with spot-on explanation and the visuals rocked too
Great VLAN vid! Thanks a lot. I was able to get my Cloud gateway ultra and Netgear GS110tp talking to each other at least civilly
How does the IP phone know that needs to ask for VLAN 30 only? Great video as always!!!
It's probably manually setup with a static IP address in the "30" VLAN range
@@brightmanfanno he said it gets an ip address
it will option to define a VLAN in its settings, otherwise it will (if defined) use the untagged vlan.
Really nice video, you are so good in explaining network stuff the way anyone can understand... Chapeau!
Sir this was the perfect explanation about VLAN, grettings from Romania :)
Thanks! This was extremely informative. 2 questions keep haunting me:
1) Why do we trust devices to tell us which VLAN they want to be part of? A hacker could simply tag his data with any VLAN in order to exploit that VLAN. Shouldn't the router assign each device to a VLAN based on some sort of pre-determined rules that we set?
2) Why would you have different VLANs available on different switch ports? Wouldn't it be best to make all VLANs available on all ports, with the default/untagged set to the guest VLAN? That would give us ultimate flexibility and convenience, such that any device can be patched into any switch port. Once again, the router would make sure that each device is assigned to the correct VLAN, no matter which port it is connected to.
What a helpful video. Very good job, thank you
Ty for explaining everything, that helps a non techie like me!!
Great video. Do you have any videos on VLAN and firewall settings on a UDM for PCI compliance?
Tomorrow’s my exam you saved me buddy thank you
Fantastic. Future Ubiquiti user in Zambia (gotta get equipment cleared through our version of the FCC) This helped me understand tagged vs. untagged so much better.
one of the most underrated channel
This is so comprehensive and I learned so much! I may need to watch this a few times to fully comprehend it but that is okay by me. In a mixed environment scenario where you may not know what is plugged into what, how would you go about identifying hardware? Would I use something like Nmap?
What a great work and explanation, props to you!!
Again one of the great explaining videos 🎉. Q: Is it also possible to push a device to a VLAN by it’s MAC address? Let’s take the doctors waiting room. Here all devices normally connect to the guests network. But sometimes the doctor itself is in the waiting room and his computer should always connect to the main network. Is that possible (Unifi) ? Other questions: which devices do know / can I train to connect to a special VLAN?
One of your best video ! thanks a lot.
great shirt! should have added "off the LAN" quote though :D
Great video. I thought of some questions while watching, hopefully you (or someone!) can answer:
Can you disallow untagged VLAN devices on a port? I.e, require that a VLAN is configured on a device (so someone can't plug in a random device)
How do static IPs play into all this? What if you configured a device with a VLAN (or let it default) but set a static IP in the wrong subnet? (I.e, the hacker in the lobby tries to circumvent the allowed VLAN tags by setting a static IP)
Can multiple VLANs have the same subnet? What effects would that have?
yes, if you make a port tagged for VLAN x , but not untagged .. the device will have to use VLAN x otherwise it will not get an IP.
Beautifully explained.
thanks for this video Sir!
From Flanders Fields, Belgium : top quality, thank you very much..
Best video I've seen so far for VLAN beginners. Thank you!
Here’s my idea for a “made easy” explanation:
- Think of a switch as a house with multiple doors (ports) and of each device as a person.
- Each person wears a T-shirt, and it can have a number printed on it (tagged) or not (untagged).
- An access system at each door (port) checks the number on the shirt and dispenses a badge (think DHCP) based on the number on the T-shirt.
- Persons with tagged shirts having a number that is allowed entry will get a badge (think IP address) for that group.
- Persons with no number on the shirt will get another (default) badge.
- Persons with a number that is not whitelisted will not get a badge, and cannot enter.
Thank you!
Thank you so much for doing this video!!! If you could please do a follow up video on firewall configurations in the Unifi Environment to allow or disallow traffic through different vLan setups. For example. Needing guests to be able to print to a printer that is on the untagged lan or Allowing Lan users to be able to talk to an IOT device. Preciate You Sir! Keep up the great work!
Great explanation of vlan concepts. What is still not clear is how a client device gets to know which vlan id it should ask for.
In case of wireless connectivity, when the client device joins an SSID, which is assigned to a particular network, which, in turn, is configured to use a particular vlan id, then the client device will be tagged with that vlan id. Is this understanding correct? Because we don't configure vlan ids on our devices, we usually join an SSID.
In the case of wired connectivity, say we plug in a device to a port, which has the default vlan and some tagged ones. Then our device will join the default vlan first. But what if we wanted that device to join a specific vlan when we plugged in? Do we have to configure the vlan id on the client device so that DHCP can assign an ip from that vlan? Or someone has to configure static ip for that client device from the desired vlan?
Thanks for making this great informative video. Your effort to simplify setting up Unifi networks is much appreciated. You demonstrated setting up the tagging for IoT, Guest and Access point ports, what would the suggested configuration be for a camera port?