I love VLANS. I only have 5: MGMT, secure, IoT, guest, and WireGuard. It’s a small home network but being able to separate and set access rules like this is great.
No second guesses... always use VLAN's. I have a UDM-Pro and the the Pro-24 switch. I currently have 9 VLAN's setup. LAN, Admin, Printers, Guest, IoT, Cameras, Media Center, VPN, WebPage. Slowly getting them all set up with desired rules. A lot of Trial and Error, but I eventually will get them all the way I want them. Good video!
Clever title. I'm not currently using VLANs at home, but it's a project that I've wanted to undertake for quite some time. At the library, we use VLANs to keep the "Staff" traffic and the "Public" traffic separated.
A video on vlans and home automation would be interesting. Let’s say a home with cameras, lighting, heating, blinds, smart tv, computers etc. How do you keep it all secure but make Automation still work
I love VLans! In my industry Vlan's are important. Separating the clients devices, the "home automation" system and IoT devices is a must. I have reduced down default network to either /29 or /28 with GS because you can't turn off that network.
Thank you for defining what you consider to be IoT devices. I have the same definition. Some folks get too carried away and think (for example) their mobile phone and such are IoT, then come out looking for help asking why they can't (again, for example) chromecast to their TV, whatever.
My two kids have such a hard time sharing I gave them each their own VLAN. 😀 I have had many VLAN's in my home/homelab and I have had as few as possible. Right now I am sitting at 6 VLAN's total looking at Unifi "Networks" listing. The one VLAN I have needed to add is an IoT network for things like smart switches and wifi LED lights and the like.
@WillieHowe UniFi. Seems like they have some of the old gateway selection options in the network settings that create the VLAN for L3, but they also have Switch Isolation Settings and the new ACL rules tab under security. I would imagine none of the old settings are needed with the newer L3 settings they have implemented, but I haven't seen any good examples or documentation of its use.
I would say that VLANs should be implemented when there is a *need* since they add complexity to a physical network that must be managed. So, as you mentioned, in the case of a VoIP setup, one should use a dedicated VLAN to segregate VoIP from LAN traffic, thus improving VoIP quality. Another need would be security if, say, one wants to make camera traffic inaccessible from the main LAN. I would not implement VLANs just because they are nifty but because there is a genuine need or substantial benefit (as when a subnet is too busy).
As mentioned above I have 9 and no issues at all. Of course, it is my residence and we may have 2 or 3 videos running with surfing. The IoT uses nothing and I refuse to upgrade to 1GB service (ISP is pushing), I only have 500mbps and it is plenty for us, although I am looking at Star-link Mini for Failover and or maybe just activate it during hurricane season.
As a point of clarification, VLANs are a Layer 2 (MAC address) concept that exists inside a switch and, by definition ,have no relation to IP addresses, which is a Layer 3 routing concept. Systems like UniFi make it all too easy to simultaneously setup both the Layer 2 VLAN *and* the Layer 3 DHCP/routing config for devices connected to that particular VLAN. Such ease of configuration can blur the lines between the two concepts. This means you can also setup a “raw” VLAN that has no Layer 3 IP routing whatsoever. The ports assigned to such a VLAN basically function together as a virtual unmanaged switch. This can come in handy when you need, say, a 4-port unmanaged switch and you have some otherwise unused RJ45 and/or SFP ports on your USW-48.
I use vlans both at home and work. Work is pretty obvious (separate corp traffic from guest, IOT, management, DMZ, etc). If your business has more then a few employee's, I dont see how you could effectively operate a network without vlans, especially if you are using VOIP for your primary phone system. For home, I have all IOT devices of any kind on one network, separated from my home and guest wifi, I also have all gaming devices on their own vlan as well, just to keep any potential risk, limited to those devices.
An added level of home network security. The security cameras, kids, IoT devices (smart lights, switches, streaming device, etc) must keep separate from the home management network.
I think if the process of making a vlan was demystified and more clear, it would make more sense overall to people. I never cared about vlans until I needed to but that was when I had a small business network. Once we kept growing yea your going to need a vlan at a minimum. Eventually you’ll need 5-10 vlans.
The analogy is instead of a house where all occupants live in one room, we would have some living in one room while others in other rooms. These rooms are VLANs. However, the doors between these rooms can still be opened from both sides, allowing everyone to freely move from one room to the others. Therefore VLANs by default are not secured by any means. In a network, I can ping another computer from one VLAN to the other. Ping is a good test of this permeability. To secure VLANs, I have to set up firewall rules for them. Back to the analogy of rooms, I can erect speciality doors where some doors cannot be opened from ether side or a one way door like those in a cockroach traps that allow the critters in but they cannot leave. The directionality of the doors are the egress and ingress rules of the firewall. I can even modularize the firewall rules by allowing specific devices in 1 VLAN to reach another VLAN, but not others in the same VLAN based on the device’s MAC. Basically setting up VLANs is just the start. To make them functional and useful, we need firewall rules.
I love VLANS. I only have 5: MGMT, secure, IoT, guest, and WireGuard. It’s a small home network but being able to separate and set access rules like this is great.
No second guesses... always use VLAN's. I have a UDM-Pro and the the Pro-24 switch. I currently have 9 VLAN's setup. LAN, Admin, Printers, Guest, IoT, Cameras, Media Center, VPN, WebPage. Slowly getting them all set up with desired rules. A lot of Trial and Error, but I eventually will get them all the way I want them. Good video!
Clever title. I'm not currently using VLANs at home, but it's a project that I've wanted to undertake for quite some time. At the library, we use VLANs to keep the "Staff" traffic and the "Public" traffic separated.
A video on vlans and home automation would be interesting. Let’s say a home with cameras, lighting, heating, blinds, smart tv, computers etc. How do you keep it all secure but make Automation still work
Thanks Willie! I would love to see more videos on vlans.
Great video thank you
Always vlan unless you just need an ultra simple flat lan. Good video man bout to check it out!
I love VLans! In my industry Vlan's are important. Separating the clients devices, the "home automation" system and IoT devices is a must. I have reduced down default network to either /29 or /28 with GS because you can't turn off that network.
Thank you for defining what you consider to be IoT devices. I have the same definition. Some folks get too carried away and think (for example) their mobile phone and such are IoT, then come out looking for help asking why they can't (again, for example) chromecast to their TV, whatever.
My two kids have such a hard time sharing I gave them each their own VLAN. 😀
I have had many VLAN's in my home/homelab and I have had as few as possible. Right now I am sitting at 6 VLAN's total looking at Unifi "Networks" listing. The one VLAN I have needed to add is an IoT network for things like smart switches and wifi LED lights and the like.
Do you plan on doing a video on the new ACL feature? Would love to see if you've done this in production yet.
For which vendor? Some do it better than others.
@WillieHowe UniFi. Seems like they have some of the old gateway selection options in the network settings that create the VLAN for L3, but they also have Switch Isolation Settings and the new ACL rules tab under security.
I would imagine none of the old settings are needed with the newer L3 settings they have implemented, but I haven't seen any good examples or documentation of its use.
Every room should have a vlan, and all the fridges should have a vlan, even the Puppy should have one :). Good video Sir.
I would say that VLANs should be implemented when there is a *need* since they add complexity to a physical network that must be managed. So, as you mentioned, in the case of a VoIP setup, one should use a dedicated VLAN to segregate VoIP from LAN traffic, thus improving VoIP quality. Another need would be security if, say, one wants to make camera traffic inaccessible from the main LAN. I would not implement VLANs just because they are nifty but because there is a genuine need or substantial benefit (as when a subnet is too busy).
I would be interested to know more if there are any performance issues we should be aware of using VLANs, (UDM-Pro user)
As mentioned above I have 9 and no issues at all. Of course, it is my residence and we may have 2 or 3 videos running with surfing. The IoT uses nothing and I refuse to upgrade to 1GB service (ISP is pushing), I only have 500mbps and it is plenty for us, although I am looking at Star-link Mini for Failover and or maybe just activate it during hurricane season.
Always to VLAN.
As a point of clarification, VLANs are a Layer 2 (MAC address) concept that exists inside a switch and, by definition ,have no relation to IP addresses, which is a Layer 3 routing concept. Systems like UniFi make it all too easy to simultaneously setup both the Layer 2 VLAN *and* the Layer 3 DHCP/routing config for devices connected to that particular VLAN. Such ease of configuration can blur the lines between the two concepts.
This means you can also setup a “raw” VLAN that has no Layer 3 IP routing whatsoever. The ports assigned to such a VLAN basically function together as a virtual unmanaged switch. This can come in handy when you need, say, a 4-port unmanaged switch and you have some otherwise unused RJ45 and/or SFP ports on your USW-48.
I have tried vlans and had issues, but that is probably a me issue. I'm trying to separate my home network (personal, iot, work, etc).
I use vlans both at home and work. Work is pretty obvious (separate corp traffic from guest, IOT, management, DMZ, etc). If your business has more then a few employee's, I dont see how you could effectively operate a network without vlans, especially if you are using VOIP for your primary phone system. For home, I have all IOT devices of any kind on one network, separated from my home and guest wifi, I also have all gaming devices on their own vlan as well, just to keep any potential risk, limited to those devices.
An added level of home network security. The security cameras, kids, IoT devices (smart lights, switches, streaming device, etc) must keep separate from the home management network.
I think if the process of making a vlan was demystified and more clear, it would make more sense overall to people. I never cared about vlans until I needed to but that was when I had a small business network. Once we kept growing yea your going to need a vlan at a minimum. Eventually you’ll need 5-10 vlans.
VRF for the win.
Reduced broadcast domain, which improves network organization, performance, growth, and expanded capabilities.
The analogy is instead of a house where all occupants live in one room, we would have some living in one room while others in other rooms. These rooms are VLANs. However, the doors between these rooms can still be opened from both sides, allowing everyone to freely move from one room to the others. Therefore VLANs by default are not secured by any means. In a network, I can ping another computer from one VLAN to the other. Ping is a good test of this permeability. To secure VLANs, I have to set up firewall rules for them. Back to the analogy of rooms, I can erect speciality doors where some doors cannot be opened from ether side or a one way door like those in a cockroach traps that allow the critters in but they cannot leave. The directionality of the doors are the egress and ingress rules of the firewall. I can even modularize the firewall rules by allowing specific devices in 1 VLAN to reach another VLAN, but not others in the same VLAN based on the device’s MAC. Basically setting up VLANs is just the start. To make them functional and useful, we need firewall rules.
@@JasonTechSF good analogy!
Hey good morning buddy
From Alpha to Charlie ? (lol)
Target at the back ?
To Be or Not to Be in a VLAN, that's the question
No thats not the question ,, always vlan!