Haha that physical shudder when mentioning "The Printer". We have a printer in our office and we also have that reaction when we actually have to use physical media. God its awful .
@@Kvantum I dont know I have had good with the canon image class printers. The only printer that I ever had less problem with was a HP laserjet 4000, well once I got that pesky jet direct card set up.
Imagine getting over 30 users on a vpn and having them print to their local printers through rdp, it's either really simple or a terrible nightmare, you can save A LOT of time by just using hp printers and their awesome hp universal printer driver.
Minor thing: the /24 does not indicate a class. Classes were abandoned in the 90s :) See CIDR (the C stands for classless). In a classful network your 10.0.0/24 would not be 'possible' as it would technically be part of one of 128 class A networks (ranging from 0/8 to 127/8). To get a /24 you would have to use 192.0.0/24 to 223.255.255/24. Yes, classes were really that silly... (I know that 10/8 was private even in classful times but it is an illustration.)
This video conflates VLANs (Layer 2) and subnetting (Layer 3). Both are valuable topics for discussion, and often go hand in hand, but it is worth distinguishing between the two. Reducing broadcast traffic is a layer 3 issue that can be solved through subnetting and using a router. VLANs are layer 2 segmentation, and are more akin to virtualization of switch hardware. You don't need VLANs to reduce broadcast traffic, you just need additional subnets on a router (or routers) with a sufficient amount of distinct ports and separate switch networks for each of those subnets. Obviously VLANs help solve the multiple ports and multiple switch networks by virtualizing all of that infrastructure on top of a single set of physical infrastructure, but VLANs are really only incidental to the reduction of broadcast domain sizes.
So if I wanted to separate printers and computers from let's say ip phones I could use subletting rather than vlans? Does that mean say example phone son 192.168.1.x and other PC's and hardware on 192.168.10.x??
@@darrenfalconer3267 In enterprise networking, the phrase "Make a VLAN" is implying that you will be creating both a VLAN and a subnet that would be associated with that new VLAN. The way I always introduce this topic is by saying All VLANs are subnets; but not all subnets are VLANs. They are doing two different things at two different layers, as indicated by Luc Lagarde, but they go hand-in-hand when implemented on your network.
I noticed this first I started watching his videos. Psivevri does the same thing. After a while, it becomes kinda natural for them if you don't focus on it. Just a mannerism
Literally just hooked up my UDMP and saw this before powering it on - glad I stopped to watch this! always appreciate your videos and have learned so much this year from you a long with network chuck! Cheers!
I'd like to also like to add to the 'asking nicely', have PiHole DNS and unbound working nicely, but the PiHole DHCP tutorial would be good since I can't find anything decent on the 'web explaining how to set this up for VLANs, and would be greatly appreciated
Nice high level video. I'd like to give a heads up. A broadcast on a VLAN gets sent to every switchport the VLAN is assigned to. The switch isn't looking for a specific IP address, but a specific MAC address. All F's in the MAC header in the frame. Unifi makes it very easy but blurs the divide between layer 2 and layer 3. Otherwise great video. I love the topics you bring up!
Have to correct at 6:45 , although you're using a /24 SNM it's still a class A network since it's in the A class "block". The three private ranges are each in a seperate class btw. 10 A Class 172 B Class 192 C Class
It's using a VLSM, and its called a classless address - that is very much a class C. The beauty of private networks is you can carve them up however you want. You can create any ip space you want you do not need to have a classfull address of 192.168.1.x to only use a /24. You can literally make any subnet a /24 but the rules of subnetting still apply to your host, and network bits. The mask is what determines your network size. Not your network address.
Hey, thank you for the video. I'd like to see some firewall setup in future videos, is that possible? You know, what ports and protokolls are allowed from certain networks to certain networks and why?
With this setup you are still hitting your router each time you need to pass a packet across to another vlan. Router on a stick is not an ideal configuration. Having a layer 3 core switch that does inter vlan routing would be better.
Jeff does a wave with his arms and and head like 50 times in one video. Right elbow > right shoulder > headwiggle > left shoulder > (left elbow). Once you see it, you cant unsee it...
When I switched over to my pfSense box, I set up different physical networks and made pfSense route between them instead. It's not feasable when you need more than however many ports you have, but in my case it was just enough (5+WAN).
Nice to see VLANs getting promoted. I have used the 10 network range for the last 25 years. And vlans for about 8 years. Really helps trusted stuff, iot stuff, guest, cctv and voice all on separate networks. Networks like guests and iot go out to the internet through a vpn unlike the trusted stuff
When you mentioned the 192 address space as the default I was like, aww, he doesn't have a Unifi device. But then you set everything up in the exact same UDM Pro I have, so thanks so much for the video! Love your content, it's excellent.
I only occasionally alter my network settings when I'm dabbling with something new and VLANs have always been semi confusing. You helped clear some stuff up! On a completely separate note, a Four Loko would probably be an entertaining addition as the "post credits scene" drink. Just be prepared for the foggy memory that comes afterwards.
"[...] and one printer [shudders]" same. I've managed to keep my printer working pretty well but I don't have room near my router to hard-wire it and its WiFi support is... well... it exists... When I have a non-rented place of my own, I intend to put my printer somewhere where it can reach a network port or switch port so I don't have to worry about the wifi ever again.
"Class C" actually has nothing to do with subnetting of private networks. In the olden times (before the introduction of CIDR in the mid-90s), you would request a "Class C" from the IP address registry and they would assign a publicly routeable block of 255 addresses to you. I mention this because new network admins seem to think that using /24 blocks is something to conform to, when you are probably better off using larger (or smaller) address spaces for different network setups. IPs for DHCP pools, for example, start adding up quick when you have redundant servers.
Thanks for mentioning the history of classful networking in your correction. I was getting very confused why it was being brought up with private networking and when it has been superseded by CIDR.
@@miawgogo Even though classful networking has been effectively dead since 1993, it was still being taught in IP theory classes well after the fact. It was so ingrained in the "old school" instructors minds that they couldn't stop referring to IP classes. This perpetuated well into the 2000s, my first IP theory class instructor went over classful networking then made a proclamation of "But don't worry about any of that stuff I just went over..." I think that within the last 10 years, we've finally seen classful networking not being taught in networking classes. This is actually the first time I've seen someone on the UA-cams mention anything about a "Class C" network or any Class for that matter in a long long time.
No jokes, i could have used this on Monday. Using a UDM to set up a whole school and trying to figure this shit out on the fly! Thanks a million regardless!
Over Covid, I used your videos to set up a simple Unifi home network (USG, 8 port unifi poe switch & Nano AP). Would you consider a video on how to set up Unifi to give the BEST possible Zoom meeting experience? I have 300mb Fios, and sometimes, intermittently, my Zoom meetings just come to a crawl or even disconnect. I'm hoping you might have some advice on settings for QoS to prioritize Zoom traffic. I saw something about enabling "Smart Queues ". The info icon says "Prioritizes traffic and reduces delays when the router/bandwidth becomes overloaded" I did that, but I don't really know what it did or if it helped yet. It seems to have reduced my network speed when I do a speed test. I have struggled to find a good video that walks me through this in a way that is easy to follow and understand. Thanks again, and keep up the GREAT work!!
I'm with you about the HAZE CRAZE. They don't look like beer, and frustratingly simple. I do have a Managed switch in the mail to help tame my home network. Looking forward to digging in further.
my former boss told me years ago he once ran out of IP addresses at his house...needless to say it made me pause. later on, he told me whatever was doing dhcp was for some reason not cleaning up address leases and kept using new addresses until the scope was exhausted. good reason for vLANs :)
I hear ya there, have recently set up a S5800 24 PoE, it's actually not super loud, but audible while I'm in bed. Fan swap seems to be the gist of quieting it, have yet to open the lid though.
perfect timing on the vid. Been considering a UDM pro. I wasnt sure what vlanning looked like. Tho im still not sure if i want too. As i currently have pfsense virtualized in proxmox with a pcie nic passed through.
Love it!!! I'll do it for sure... but please, please, please, do a video on Pi-Hole as DNS and DHCP server for the main network. Just to explain my idea. Here at my home I have a total of 5 computers, 5 portable devices, 3 game consoles, 1 rack server with some virtual servers (one being the Pi-Hole DNS as you teach in the past video), I also have some IP cameras in the network a NVR device for recording the cameras and Smart TV's. Mainly, what I want to achieve here is to separate the Computers, Consoles, Devices from the cameras and some servers. My router is a TP-LINK ER-6120 and it does support VLAN and also is the main DHCP server in my network. I can also use a MikroTik Hex Rb750gr3 but I'm still studding it. My main doubt is about having access to my cameras from different VLAN's, and still have my main network protected. Also, do a video on Pi-Hole DHCP, this is very interesting.
So many vlan numbers to pick from and then you pick vlan numbers in the 1002-1005 range which are reserved for token ring and fddi.. You probably don't use either token ring of fddi, but still - thousands of vlans to pick from and you manage to use some of the very few that are reserved for other things.
Being a network engineer as my day job I particularly enjoyed this video! But for real... you ain’t styling with VLANS until you stretch them across geographic data centers!
I have just setup a PiHole VM with DHCP and Lancache Monolithic on my home network (st00pid new mobem/router has preset DNS settings - so disabling that DHCP and running my own is superb).
separating servers from clients can be tricky....you would then rely on the routing capacity of your router to route traffic between networks (unless you have a router on a stick configuration in which your switch is acting as a L3 switch and is doing inter-vlan routing) - this is fine if every vlan has its own physical interface, but becomes tricky if you use the same interface for many many vlans. You avoid broadcasting traffic at the expense of pushing all traffic through the same interface and saturating its bandwidth.
So quick newbie question: how do the devices in one VLAN communicate with those on another? Is there some form of routing involved, hence the need for a DHCP server?
It's called inter-vlan-routing and it is most of the time handled by a core-router ... It's basically doing the same thing it does between your LAN and WAN but on the same side of the firewall *Yes this is a really short explanation and may trigger someone, I don't care as this is a youtube comment and not a network engineer course
I want to make a homelab/managed home network. I've thought about making physical connections between everything, a main DHCP/DNS and have it branch off to data storage/clients/WAPs each with their own subnet. Is a VLAN a better way of networking than that? It's cheaper I know that, less NICs needed per network. Is there a setup where it would be better to physically segregate a network?
IMO you'd only need to physically segregate a network if you need SUPER-high security, like NSA level security. However another benefit of using separate cables (but not necessarily physically separate hardware) is that each connection gets its own dedicated bandwidth.
Question about 8:40 mark, or there about, how would it work if my access point has the option of vlans, do I setup the ssid it broadcasts to the vlan desired and the switch will pick that up and anything on that network is then that vlan or am I missing something?
just a heads up, some IoT devices can't handle having an IP address outside of the 192.168.X.X range. I can't remember if it was my chromecast or amazon fire stick that threw a fit, but it completely refused to connect to anything when I assigned it a 10.0.0.X address. It threw off all of my plans, and my network still doesn't look the way I want it to look.
I've never had anything complain about my networks in 172.16/16. That includes Chromecasts, google home devices, fire sticks, rokus, android TVs, smart bulbs and plugs, etc.
One important note/warning about using the 10.x.x.x range: Some ISP uses this for clients and/or their own equipment. Don't know how common this is but if you pick the same range as the ISP use you'll run into issues. (I am using a 10... address myself but I have seen these address used both for clients in mobile networks as well as used for routers in ISP's infrastructure.)
Pihole doesn’t have GUI support for multiple DHCP ranges, but I am considering putting in the work in the config files manually to set it up. Please do make a video about it if you do this.
I wonder if the flavors you're getting from the hazy IPAs are about temperature. What about cooling more for the initial open and taste and then considering the profile more as it warms? What if you just like hazy IPAs when they're colder?
Vlans are amazing if done right. If done wrong, like Ive seen, its a nightmare. Ive worked with people who have some weird mindset where they think absolutely everything ever need to be Vlanned off. Vlan for laptops when on ethernet, vlans for laptops when on wifi etc. Too many vlans becomes a support nightmare. I think its more of an older mindset though.
4 роки тому
you never mention how to set up IGMP Snooping in new VLANs (if possible that is) in a network. I have an IPTV setup box from my isp a having a hard time routing tv through my L3 switch. the tv setup box gets an IP from the router but also receives IP addresses outside the scope from the isp. somehow this isn't working properly or am I missing something?
Most homelabs aren't going to have that much broadcast or arp traffic on the collision domain to justify vlans. Its cool practice, but you should be exploring the security angle and not necessarily the speed angle.
Good info, thanks for the video. Maybe one day I'll get there, but I feel if I start shopping for servers my wife will need a better reason than "just to tinker".
I don't know if this is something you would be intrested in doing but can you make a tutorial on how to build and setup a NAS and recommend to us the minimum specs we should use? i'm very confused on what parts should i buy, and i'm worried that if I buy low specs or old hardware it might not work properly
Your timing is suspect Jeff...! I finished part one of my home lab changes last night. Look forward to what you present next. I agree with avoiding 192.168 .x.x.x scheme, have avoided that one for years.
how do you manage traffic between vlans? like if you want say devices on you guest network to have access to your plex server on an other vlan. is it just a matter of giving the plex server access to both vlans so that it has one ip address for each vlan?
Saying the switch forwards out broadcasts to addresses 1-254 is a little misleading since switches are layer 2 devices. I know it's a little pedantic, but it's true :)
Please do the pihole video? more VLAN videos in general would be great. This might have actually finally unlocked the concept of VLANs in my head. I have 1 question though and its the reason why I never could comprehend how to set this up: When you set up your IOT devices to their own vlan and your servers on a seperate vlan how can you get your IOT devices to communicate with your servers? Example: I have a temp sensor in my IOT VLAN and then I run a server on the Server VLAN that logs the temp data how would I be able to keep the communication between these two devices? I've always tried to setup VLANs and then lost the ability to access a web interface for the device or whatever and this always made me say ahhh forget this. EDIT: ahh 💡 I think Id have to have a device setup for inter-vlan communication as described by the "Corporate" setting for purpose in your video.
I did this a couple days ago. Now I have to figure out how to cast to my smart tv. For now I’m just switching my phone to the same WiFi network to do it, then switching back, but that’s frustrating.
Yea I read something that the issue is actually that the packets sent out are set to 1ms, so they won’t jump, but you have to set something in your router to up that to multiple ms, so it can jump. I’d love some sort of tutorial to do this
In follow up videos can I request a focus on how to share things like printers and NAS drives across VLANS? I’ve had a go in the past but got stuck on that point.
This seems like such a good idea, but I am a bit scared to implement... careful planning... also don't want to mess up work situations with all the work from home going on...
Configured VLAN on mikrotik first time with a point-to-point trunk (WLAN) link to my basement. so technically my server's are on WiFi XD (luckily radios on mikrotik are super stable)
Imagine you have 2 physical switches with 10 computers attached to each. The switches are not connected together. Both networks are totally separate physically and logically. Now with VLAN, you have 1 physical switch with all 20 computers connected, but both networks are still logically separate, so a computer in network 1 can't talk to something in network 2 by default. A subnet mask on the other hand mainly determines how many addresses are available in a network. EDIT: Subnet masks were heavily important in the early days of big corporate networks that had "old" network equipment that struggled with performance. With the increase in network equipment power and switched ethernet itself, subnetting became less of a thing as network impact of broadcasts was far less than in the early days with hubs and 10Mb cable
@@craigmurray4746 Okay that makes sense. Thank you a lot. I'm taking a Networking course in my vocational school and they suck at describing these things. I liked your way of describing it. I have a home lab and do testing on it but still sometimes have issues grasping concepts. So I think I'm going to change over from subnets to VLANs here soon. Thanks again!
Haha that physical shudder when mentioning "The Printer". We have a printer in our office and we also have that reaction when we actually have to use physical media. God its awful .
Anytime I get asked to troubleshoot a printer issue it hurts me, that's an hour of my time im not getting back
Any printer beyond a simple, dumb Brother B&W laser printer is an exercise in frustration.
@@Kvantum I dont know I have had good with the canon image class printers. The only printer that I ever had less problem with was a HP laserjet 4000, well once I got that pesky jet direct card set up.
Imagine getting over 30 users on a vpn and having them print to their local printers through rdp, it's either really simple or a terrible nightmare, you can save A LOT of time by just using hp printers and their awesome hp universal printer driver.
Minor thing: the /24 does not indicate a class. Classes were abandoned in the 90s :)
See CIDR (the C stands for classless).
In a classful network your 10.0.0/24 would not be 'possible' as it would technically be part of one of 128 class A networks (ranging from 0/8 to 127/8).
To get a /24 you would have to use 192.0.0/24 to 223.255.255/24. Yes, classes were really that silly...
(I know that 10/8 was private even in classful times but it is an illustration.)
came here to say this basically, thanks for point it out.
This video conflates VLANs (Layer 2) and subnetting (Layer 3). Both are valuable topics for discussion, and often go hand in hand, but it is worth distinguishing between the two.
Reducing broadcast traffic is a layer 3 issue that can be solved through subnetting and using a router. VLANs are layer 2 segmentation, and are more akin to virtualization of switch hardware. You don't need VLANs to reduce broadcast traffic, you just need additional subnets on a router (or routers) with a sufficient amount of distinct ports and separate switch networks for each of those subnets. Obviously VLANs help solve the multiple ports and multiple switch networks by virtualizing all of that infrastructure on top of a single set of physical infrastructure, but VLANs are really only incidental to the reduction of broadcast domain sizes.
So if I wanted to separate printers and computers from let's say ip phones I could use subletting rather than vlans?
Does that mean say example phone son 192.168.1.x and other PC's and hardware on 192.168.10.x??
@@darrenfalconer3267 In enterprise networking, the phrase "Make a VLAN" is implying that you will be creating both a VLAN and a subnet that would be associated with that new VLAN.
The way I always introduce this topic is by saying All VLANs are subnets; but not all subnets are VLANs. They are doing two different things at two different layers, as indicated by Luc Lagarde, but they go hand-in-hand when implemented on your network.
@@darrenfalconer3267 yes but you will need the hardware to do that. Most home oriented routers don't.
@@thebadness6217 hardware?
Would I just be setting static ips on all devices based on the range I need?
@@darrenfalconer3267 no you need a router that can create multiple subnets and be able to assign those subnets to ports on the router.
Fun side quest: Count the number of times the elbows lift off the table. Have a drink for every 10 lifts.
Just had to point it out and now it’s all I can see!
✞
speed the video up times 10 and watch it's always the same pattern right elbow left elbow neck I noticed this a few months back
Better drink near beer or you’ll be wrecked lol.
NOW I CAN'T STOP NOTICING!!
VLAN's are those things which make my homelab complicated. Got a dozend VLAN's hehe
Asking nicely for that pihole dhcp video. Also would love to see more about configuring firewall rules across vlans on the udm pro
You are now aware of Jeff’s restless elbows.
Now I can't unsee them...
I had to put a window over the right side of the screen while he's talking.
Damn it!!
It’s worse at 1.5x
I noticed this first I started watching his videos. Psivevri does the same thing. After a while, it becomes kinda natural for them if you don't focus on it. Just a mannerism
Literally just hooked up my UDMP and saw this before powering it on - glad I stopped to watch this! always appreciate your videos and have learned so much this year from you a long with network chuck! Cheers!
Asking nicely for pi hole tutorials for DNS and DHCP!
Didn’t he already do this
Thank you for asking nicely. I join the motion!
I'd like to also like to add to the 'asking nicely', have PiHole DNS and unbound working nicely, but the PiHole DHCP tutorial would be good since I can't find anything decent on the 'web explaining how to set this up for VLANs, and would be greatly appreciated
For those wondering how to do DNS and PiHole with VLANS, you just do it exactly the same way you would without them, just on a network with VLANS.
Dude, he's got the best Pi-hole video on YT and I'm now running it. "You're using your Pi-Hole Wrong" or something like that.
Nice timing. I just started looking into setting up vlan for home NVR.
Two items....1)I would love to see a video on PIhole setup for dhcp/dns 2)I heard you mention Procurve. My first love of network switches it was :)
Nice high level video. I'd like to give a heads up. A broadcast on a VLAN gets sent to every switchport the VLAN is assigned to. The switch isn't looking for a specific IP address, but a specific MAC address. All F's in the MAC header in the frame. Unifi makes it very easy but blurs the divide between layer 2 and layer 3.
Otherwise great video. I love the topics you bring up!
Have to correct at 6:45 , although you're using a /24 SNM it's still a class A network since it's in the A class "block".
The three private ranges are each in a seperate class btw.
10 A Class
172 B Class
192 C Class
It's using a VLSM, and its called a classless address - that is very much a class C. The beauty of private networks is you can carve them up however you want. You can create any ip space you want you do not need to have a classfull address of 192.168.1.x to only use a /24. You can literally make any subnet a /24 but the rules of subnetting still apply to your host, and network bits. The mask is what determines your network size. Not your network address.
Hey, thank you for the video. I'd like to see some firewall setup in future videos, is that possible? You know, what ports and protokolls are allowed from certain networks to certain networks and why?
1:28
Ah, yes. Szajsung. The polish internet has peaked in it's glory. (rough translation? Shitsung).
I knew what I was doing when I picked that clipart image ;-)
Thanks for clarification
With this setup you are still hitting your router each time you need to pass a packet across to another vlan. Router on a stick is not an ideal configuration. Having a layer 3 core switch that does inter vlan routing would be better.
Jeff does a wave with his arms and and head like 50 times in one video. Right elbow > right shoulder > headwiggle > left shoulder > (left elbow). Once you see it, you cant unsee it...
"As always, I'm Jeff..." Have you ever not been Jeff? That would be an experience...
Nice! It's painful to switch but once you do it's well worth it!
Oh, and be prepared for the half baked mDNS with UniFI. I've been fighting it work months. Your printer may not be happy.
I've got my own mDNS solution ;-)
When I switched over to my pfSense box, I set up different physical networks and made pfSense route between them instead. It's not feasable when you need more than however many ports you have, but in my case it was just enough (5+WAN).
Nice to see VLANs getting promoted. I have used the 10 network range for the last 25 years. And vlans for about 8 years. Really helps trusted stuff, iot stuff, guest, cctv and voice all on separate networks. Networks like guests and iot go out to the internet through a vpn unlike the trusted stuff
When you mentioned the 192 address space as the default I was like, aww, he doesn't have a Unifi device. But then you set everything up in the exact same UDM Pro I have, so thanks so much for the video! Love your content, it's excellent.
Thank you for a fun video to watch. I hope to see more!.
Are we just not gonna acknowledge that Klingon D'k tahg in the thumbnail, Jeff? I see what you did there.
that's the first thing I noticed too, before the title even.
Well, now I know what I'M gunna be doing with the home network this next weekend!!! Thank you for the great tutorials. 👍
I only occasionally alter my network settings when I'm dabbling with something new and VLANs have always been semi confusing. You helped clear some stuff up! On a completely separate note, a Four Loko would probably be an entertaining addition as the "post credits scene" drink. Just be prepared for the foggy memory that comes afterwards.
Jeff: "I probably know the IP address of your router..." Everyone else! OMG!!!... Me...WRONG! LOL
Just want to say thanks for providing these videos man. Also, I'm a fan of how you go about presenting them. Good stuff my friend!
Perfect timing, was going to set something like this up to segment the clients, cameras and servers.
Perfect timing!
I'm currently looking into using VLANs in my home network and have 0 knowledge about them.
Are you only going to do IPv4 networking? How about IPv6?
Oh, and I agree about hazy beers often becoming unpleasant after the first few sips.
IPv6 has very little use in a home network, or even a business network. I mean what are you gonna do with billons of IP addresses?
Good video dude.
I just got my UDM Pro installed last week, lit up Pi-hole several days ago. I'd love to see your implementation!
A nice in-depth video on PiHole with this setup would be handy for sure. I myself would love to see it.
"[...] and one printer [shudders]"
same. I've managed to keep my printer working pretty well but I don't have room near my router to hard-wire it and its WiFi support is... well... it exists...
When I have a non-rented place of my own, I intend to put my printer somewhere where it can reach a network port or switch port so I don't have to worry about the wifi ever again.
"Class C" actually has nothing to do with subnetting of private networks. In the olden times (before the introduction of CIDR in the mid-90s), you would request a "Class C" from the IP address registry and they would assign a publicly routeable block of 255 addresses to you.
I mention this because new network admins seem to think that using /24 blocks is something to conform to, when you are probably better off using larger (or smaller) address spaces for different network setups. IPs for DHCP pools, for example, start adding up quick when you have redundant servers.
Thanks for mentioning the history of classful networking in your correction.
I was getting very confused why it was being brought up with private networking and when it has been superseded by CIDR.
@@miawgogo Even though classful networking has been effectively dead since 1993, it was still being taught in IP theory classes well after the fact. It was so ingrained in the "old school" instructors minds that they couldn't stop referring to IP classes. This perpetuated well into the 2000s, my first IP theory class instructor went over classful networking then made a proclamation of "But don't worry about any of that stuff I just went over..."
I think that within the last 10 years, we've finally seen classful networking not being taught in networking classes. This is actually the first time I've seen someone on the UA-cams mention anything about a "Class C" network or any Class for that matter in a long long time.
No jokes, i could have used this on Monday. Using a UDM to set up a whole school and trying to figure this shit out on the fly! Thanks a million regardless!
It raises the question of why are you setting up a school network without knowledge of VLANs?
Over Covid, I used your videos to set up a simple Unifi home network (USG, 8 port unifi poe switch & Nano AP).
Would you consider a video on how to set up Unifi to give the BEST possible Zoom meeting experience?
I have 300mb Fios, and sometimes, intermittently, my Zoom meetings just come to a crawl or even disconnect.
I'm hoping you might have some advice on settings for QoS to prioritize Zoom traffic. I saw something about enabling "Smart Queues ".
The info icon says "Prioritizes traffic and reduces delays when the router/bandwidth becomes overloaded"
I did that, but I don't really know what it did or if it helped yet. It seems to have reduced my network speed when I do a speed test.
I have struggled to find a good video that walks me through this in a way that is easy to follow and understand.
Thanks again, and keep up the GREAT work!!
I'm with you about the HAZE CRAZE. They don't look like beer, and frustratingly simple. I do have a Managed switch in the mail to help tame my home network. Looking forward to digging in further.
2:43 Yes, every IT guy knows the pain printers bring to us 😃
Do you have any recommendations vlan switch for use with pfsense?
So glad I stumbled upon your channel! It’s great!
my former boss told me years ago he once ran out of IP addresses at his house...needless to say it made me pause. later on, he told me whatever was doing dhcp was for some reason not cleaning up address leases and kept using new addresses until the scope was exhausted. good reason for vLANs :)
2:44 Somehow that took me back to high school vocab CCNA/A+ in the early 00s.
Procurve switch info would be very useful. Especially how to quiet the fans.
I hear ya there, have recently set up a S5800 24 PoE, it's actually not super loud, but audible while I'm in bed.
Fan swap seems to be the gist of quieting it, have yet to open the lid though.
Good stuff!
What about less common ip ranges reserved for carrier-grade NAT?
Hey, definitely looking forward to a prtg video!
perfect timing on the vid. Been considering a UDM pro. I wasnt sure what vlanning looked like. Tho im still not sure if i want too. As i currently have pfsense virtualized in proxmox with a pcie nic passed through.
Love it!!! I'll do it for sure... but please, please, please, do a video on Pi-Hole as DNS and DHCP server for the main network. Just to explain my idea. Here at my home I have a total of 5 computers, 5 portable devices, 3 game consoles, 1 rack server with some virtual servers (one being the Pi-Hole DNS as you teach in the past video), I also have some IP cameras in the network a NVR device for recording the cameras and Smart TV's. Mainly, what I want to achieve here is to separate the Computers, Consoles, Devices from the cameras and some servers. My router is a TP-LINK ER-6120 and it does support VLAN and also is the main DHCP server in my network. I can also use a MikroTik Hex Rb750gr3 but I'm still studding it. My main doubt is about having access to my cameras from different VLAN's, and still have my main network protected. Also, do a video on Pi-Hole DHCP, this is very interesting.
The printer shiver. My god, I felt that. They're the bain of any technical person- myself included.
Good video! 172.x here ! I don't shudder when i se emy Nice Lexmark Printer because "knocks on wood" behaves :)
So many vlan numbers to pick from and then you pick vlan numbers in the 1002-1005 range which are reserved for token ring and fddi.. You probably don't use either token ring of fddi, but still - thousands of vlans to pick from and you manage to use some of the very few that are reserved for other things.
I heard it was bad to use the .local domain suffix, because it can cause issues with mDNS or any apple services?
Being a network engineer as my day job I particularly enjoyed this video! But for real... you ain’t styling with VLANS until you stretch them across geographic data centers!
I have just setup a PiHole VM with DHCP and Lancache Monolithic on my home network (st00pid new mobem/router has preset DNS settings - so disabling that DHCP and running my own is superb).
I'd love to see how you get pi-hole to provide DHCP for multiple subnets (vlans)? Did you make a video for this?
7:15 not quite right. Switch does not care if it's IP broadcast address or not, as they are operating on L2 so IP addresses are left untouched.
I started looking for video about setting up vlans last night, nice timing lol
separating servers from clients can be tricky....you would then rely on the routing capacity of your router to route traffic between networks (unless you have a router on a stick configuration in which your switch is acting as a L3 switch and is doing inter-vlan routing) - this is fine if every vlan has its own physical interface, but becomes tricky if you use the same interface for many many vlans. You avoid broadcasting traffic at the expense of pushing all traffic through the same interface and saturating its bandwidth.
So quick newbie question: how do the devices in one VLAN communicate with those on another? Is there some form of routing involved, hence the need for a DHCP server?
It's called inter-vlan-routing and it is most of the time handled by a core-router ... It's basically doing the same thing it does between your LAN and WAN but on the same side of the firewall
*Yes this is a really short explanation and may trigger someone, I don't care as this is a youtube comment and not a network engineer course
I was just trying to plan out how to do this on a udm pro! Perfect timing!
Wow , I have actually been wanting to research this for a small site.
Thanks
I want to make a homelab/managed home network. I've thought about making physical connections between everything, a main DHCP/DNS and have it branch off to data storage/clients/WAPs each with their own subnet. Is a VLAN a better way of networking than that? It's cheaper I know that, less NICs needed per network. Is there a setup where it would be better to physically segregate a network?
IMO you'd only need to physically segregate a network if you need SUPER-high security, like NSA level security. However another benefit of using separate cables (but not necessarily physically separate hardware) is that each connection gets its own dedicated bandwidth.
Nice, I've been hoping you were going to do PRTG
also use a UDM pro, have fun trying to get chromecasts to work across Vlan's
That’s cause unifi is pro-Sumer. Mist/juniper/Cisco can do mDNS/bonjour gateway’ing across vlans.
Question about 8:40 mark, or there about, how would it work if my access point has the option of vlans, do I setup the ssid it broadcasts to the vlan desired and the switch will pick that up and anything on that network is then that vlan or am I missing something?
A slightly off topic question, do you have any plans on making a caching server, for games, windows updates, etc, etc?
just a heads up, some IoT devices can't handle having an IP address outside of the 192.168.X.X range. I can't remember if it was my chromecast or amazon fire stick that threw a fit, but it completely refused to connect to anything when I assigned it a 10.0.0.X address. It threw off all of my plans, and my network still doesn't look the way I want it to look.
I've never had anything complain about my networks in 172.16/16. That includes Chromecasts, google home devices, fire sticks, rokus, android TVs, smart bulbs and plugs, etc.
One important note/warning about using the 10.x.x.x range: Some ISP uses this for clients and/or their own equipment. Don't know how common this is but if you pick the same range as the ISP use you'll run into issues. (I am using a 10... address myself but I have seen these address used both for clients in mobile networks as well as used for routers in ISP's infrastructure.)
Pihole doesn’t have GUI support for multiple DHCP ranges, but I am considering putting in the work in the config files manually to set it up. Please do make a video about it if you do this.
Would love to see how to set up something link this with pfSense/OPNsense.
I wonder if the flavors you're getting from the hazy IPAs are about temperature. What about cooling more for the initial open and taste and then considering the profile more as it warms? What if you just like hazy IPAs when they're colder?
Nice video. Thanks.
You are brilliant! Can't wait for the PRTG video
Awesome... I wanted to ask..
Why use pi-hole as DHCP too? Will it be better to use UniFi as DHCP and pi-hole as DNS like your other tutorial?
Vlans are amazing if done right. If done wrong, like Ive seen, its a nightmare. Ive worked with people who have some weird mindset where they think absolutely everything ever need to be Vlanned off. Vlan for laptops when on ethernet, vlans for laptops when on wifi etc. Too many vlans becomes a support nightmare. I think its more of an older mindset though.
you never mention how to set up IGMP Snooping in new VLANs (if possible that is) in a network.
I have an IPTV setup box from my isp a having a hard time routing tv through my L3 switch.
the tv setup box gets an IP from the router but also receives IP addresses outside the scope from the isp.
somehow this isn't working properly or am I missing something?
What are those 2 blue servers on top of the pile beside you ?
Why do you prefer a class A address ? Just curious
Also there are Vlans that are reserved
Most homelabs aren't going to have that much broadcast or arp traffic on the collision domain to justify vlans. Its cool practice, but you should be exploring the security angle and not necessarily the speed angle.
Actually vlans do not deny multicast traffic @ layer 3 . Refer RFC 7761 .... just isolates broadcast to a single routing domain
Good info, thanks for the video. Maybe one day I'll get there, but I feel if I start shopping for servers my wife will need a better reason than "just to tinker".
Your "progress bar" is a very cool idea :)
I don't know if this is something you would be intrested in doing but can you make a tutorial on how to build and setup a NAS and recommend to us the minimum specs we should use? i'm very confused on what parts should i buy, and i'm worried that if I buy low specs or old hardware it might not work properly
Your timing is suspect Jeff...! I finished part one of my home lab changes last night. Look forward to what you present next. I agree with avoiding 192.168 .x.x.x scheme, have avoided that one for years.
how do you manage traffic between vlans? like if you want say devices on you guest network to have access to your plex server on an other vlan. is it just a matter of giving the plex server access to both vlans so that it has one ip address for each vlan?
Saying the switch forwards out broadcasts to addresses 1-254 is a little misleading since switches are layer 2 devices. I know it's a little pedantic, but it's true :)
Please do the pihole video? more VLAN videos in general would be great.
This might have actually finally unlocked the concept of VLANs in my head. I have 1 question though and its the reason why I never could comprehend how to set this up:
When you set up your IOT devices to their own vlan and your servers on a seperate vlan how can you get your IOT devices to communicate with your servers?
Example:
I have a temp sensor in my IOT VLAN and then I run a server on the Server VLAN that logs the temp data how would I be able to keep the communication between these two devices?
I've always tried to setup VLANs and then lost the ability to access a web interface for the device or whatever and this always made me say ahhh forget this.
EDIT: ahh 💡 I think Id have to have a device setup for inter-vlan communication as described by the "Corporate" setting for purpose in your video.
I did this a couple days ago. Now I have to figure out how to cast to my smart tv. For now I’m just switching my phone to the same WiFi network to do it, then switching back, but that’s frustrating.
That's actually your only option, unless you let the two vlans see each other, which just defeats the purpose of a vlan in the first place.
Actually, there is a method to Chromecast across networks. Stay tuned ;-)
Yea I read something that the issue is actually that the packets sent out are set to 1ms, so they won’t jump, but you have to set something in your router to up that to multiple ms, so it can jump. I’d love some sort of tutorial to do this
@@MrMcp76 it's not your only option. You can repeat mDNS across subnets.
Did I miss the Pihole DHCP and DNS server for the different VLANs video? Or did the fans not ask nicely enough?
One of these days he's going to hit us with a "..and as of today, I'm Craig"
I've been meaning to do VLANs in my home and homelab but Im lazy and suck at understanding it. I have subnets to divide up things rn though
I use RADIUS with Unifi APs to assign vlans per user
In follow up videos can I request a focus on how to share things like printers and NAS drives across VLANS? I’ve had a go in the past but got stuck on that point.
The dog barking analogy was awesome
This seems like such a good idea, but I am a bit scared to implement... careful planning... also don't want to mess up work situations with all the work from home going on...
This video is missing information on why to use VLANs ontop of regular subnetting.
Configured VLAN on mikrotik first time with a point-to-point trunk (WLAN) link to my basement.
so technically my server's are on WiFi XD (luckily radios on mikrotik are super stable)
I think it's great that this guy literally just tells you what he's typing without explaining why.
Shout out to Ex Novo brewery in Corrales New Mexico :)
Can you explain the difference between VLANs and Subnets? I am so lost between the two.
Imagine you have 2 physical switches with 10 computers attached to each. The switches are not connected together. Both networks are totally separate physically and logically. Now with VLAN, you have 1 physical switch with all 20 computers connected, but both networks are still logically separate, so a computer in network 1 can't talk to something in network 2 by default. A subnet mask on the other hand mainly determines how many addresses are available in a network.
EDIT: Subnet masks were heavily important in the early days of big corporate networks that had "old" network equipment that struggled with performance. With the increase in network equipment power and switched ethernet itself, subnetting became less of a thing as network impact of broadcasts was far less than in the early days with hubs and 10Mb cable
@@craigmurray4746 Okay that makes sense. Thank you a lot. I'm taking a Networking course in my vocational school and they suck at describing these things. I liked your way of describing it. I have a home lab and do testing on it but still sometimes have issues grasping concepts. So I think I'm going to change over from subnets to VLANs here soon. Thanks again!