You are definately my go to channel on tech for networking, storage (FreeNas) and virtualization to mention a few. I recently helped a friend build a FreeNas box which is not my first but this time around I set it up to sync with BackBlaze inspired by one of your videos on that topic. You are perfect for my skill level, not as slow and repetitive as "Eli the Computer Guy", definately not over the top nor spending time on promotions. no bullshit, no nonsense, to the point. You inspire me.
I’ve been following your Virtualisation videos for a while and I’m noticing how much of the same skills I’m using for VMs can apply to how rules within networks function. Thank you Tom for sharing this all.
As much as I am learning, I still like to watch your videos because you bring the practical side to light. Things beyond specs and straight "how to". Your experience and "pit falls" are gold.
I’ve done a lot of basic networks and had a mild understanding of higher level networking. Honestly you guys make me want to get more and more into this stuff!
0:05:48 'As long as that last octet right here is 1 to 254 it's able to talk'. Now it's quite possible that I could have been confused about your explanation but I do not see a 254 in the graphic. The video was very detailed and you put out a lot in just under 15 minutes. Still I do think that I better understand how a layered three switch or VLAN is supposed to function within a network. Still I'll need to watch the video again; the next time with the transcript running. And this will be very useful for me in my preparation for the A+ exam. So thank you.
A good use for L3 is setting the switch as the default gateway. Then you can swap firewalls, do HA and what not all from the switch. It saves the firewall all the extra routing effort.
Easiest way to digest what a Layer 3 switch does and if I really need one. I'm a network newbie and I'm still trying to grasp some of the terminologies. Thanks for this wonderful video!
Thank you. Informative, educational and interesting. Like a breath of fresh air. The network guys at the company I am using in Berlin are just on another planet and have been unable to explain this as clearly.
I view layer 3 switches as useful for reducing complexity and time spent administering devices. In the they allow you to remove a device from the chain. Something most people don't seem to understand is they are really a Router with lots of interfaces.
Watched your channel for for at least 3 years now. Always great info from network beginners to network experts. Been very helpful getting my PFsense firewall up and running and integrating it into my home network. I was curious if someday you would review more true enterprise class hardware ie Brocade ICX 6610 Quanta LB6M which have real L3 routing capabilities.
This was helpful (as usual). I've been doing home networking for 20+ years but struggling to understand the underpinnings of VLANS. When I finally figured it out, I didn't understand why no one seems to mention it when talking VLANs (maybe you did in other videos I haven't seen yet). But the key to my understanding was that VLANs are essentially a band-aid for the lack of layer 3 routing. Even though VLANS are typically combined with subnetting, they are actually two separate things. What surprised me is all VLAN traffic having to go to the router for routing. Wouldn't that not create a huge bottleneck? I assumed the managed switches would route VLAN traffic. Makes me re-think my plan to use VLANs. Or maybe I don't understand as much as I think i do.
From the Cisco architecture playbook, the typical small-office architecture would be distributionaccess. At the distribution layer would be routing, connecting to the access layer with high-speed connections (typically gigabit fiber or faster). The access-layer would be layer 2 with multiple Vlans as needed. The individual access ports would either be single native Vlan (example, a single workstation) or trunking two Vlans (example, a voice-over-IP phone on its voice Vlan that has a switchport to connect a workstation on the data Vlan). The user access ports are typically copper, topping out at 1 gigabit. The fiber uplinks are at least one (and typically two or more) fiber links at 1 gigabit or 10 gigabit. Bottlenecking on the distributionaccess link? Add more physical ports to the uplink to the distribution (Link Aggregation Connection Protocol or Cisco's Etherchannel) or change out your uplinks from 1 gigabit to 10 gigabit. The overall topology would be a star, with the distribution layer in the center. In a larger environment (such as a multi-building campus), a core layer is added - core at the main building with connections to internet and other offices, distribution and access in all the other buildings.
Interesting, from your previous video I had understood the 10GB switch would slow down for all traffic as soon as it has to do some routing. But if it is only slow for the routed bits but fast for everything else then that's better. But then we need a video explaining how to ensure the main traffic is not considered routed...
This was most enlightening. Basically, if you need to keep traffic separated, like a guests network incapable of accessing your machines, your NAS and the sort... You don't need layer-3, just a managed switch and access points to go along with your firewall. I think that's the route I want to go.
I would like to make a comment base on experience with networking, electrical modulation of signal and so on. I used to work for an AV company with home automation systems deployments, we used to configure small to big enterprise networks using different equipment. Based on our observations we notice strange network behaviour and issues in some of our projects, the common factor was using less then 1 metres network cables between active devices (switch, routers etc). I wouldn’t have any issues showing on the cable tester on anything like that but when connecting cables between active devices we would find the strangest issues in networking. Specifically in the application level things would not work, at first glance and investigating everything will look normal. Tried changing the cables thinking must be a faulty cable with the measure same problems. Once we put at lest one meter of cable between them problem sorted in a instant. Further more we verified with engineers in electrical field explaining to us why this was a problem.
Thanks for that video. I just started to design my home networtk. And the explanation in your video helped a lot. Greetings from Germany Oli BTW: Your background screen is showing a picture of Cologne/Germany where i live.
on the Mikrotik you can have multiple bridges and choose which ports are hardware bridged together at full line speeds. Only when traffic is routed off these switched group ports that you have IP Packet routing overhead... ie lower than full line speed. Routing thruput depends on CPU resources and complexety of the routing rules. Complex high Security networks may have hundreds of routing rules. Itmay be some months till low cost CPU's can route at multigig speeds.
Man, that IRL is so damn true! Look at my network, My ER-X is my primary gateway, At first, I thought, that I would go from it to a wireless bridge to get internet in to our garage directly... Well, nope. Dad wouldn't let me run enough cables to the kitchen, which has direct line of sight and is the only such place, plus I needed to add second AP in the kitchen to cover surrounding rooms. Because of this, I had to go with UAP-AC-Pro for coverage (I know, hillarious overkill for five wireless stations at a time max), because it has passthrough port. So now, when I want to go on the Internet from the garage, say for some video tutorial, I have to go ER-X > Zyxel 1900-24E > PoE injector > UAP-AC-Pro > Zyxel 1200-5 > PoE injector > Ubiquiti NanoM5 > Ubiquiti NanoLocoM2 > Ubiquiti NanoLocoM2 > PoE injector > Zyxel 1200-5 > PoE injector > UAP-AC-Lite. That's three switches and five different APs in a row.
My question here is: If i got 2 switches and just one of em is connected to the router, doesnt this make this single cable from switch to switch a bottleneck if i use up all bandwith say i copy a file from switch 1 to switch 2 PC and then another PC on switch 1 tries to connect to internet which is connected to switch 2? How do you manage this problem?
My go-to setup for anything that is a bit larger is a split with a internal firewall, an interconnect vlan/subnet and a external firewall. Then the internal firewall can do the routing between subnets, and the external firewall the NAT and the complex rules. Yes this means more layers for forwarding traffic from the outside to the inside, but that is the point. This interconnect subnet is also handy when adding 3rd party VPN servers or EVPN circuits and maintaining a route table (e.g. OSPF) and prevent assymetric routing. (which firewalls *really* don't like) I did this with pfSense and a 1U server with 10GBe card and had no trouble crossing > 3gbit. An entry level 1U server is about a thousand +500 for the NIC. So about 3k for a redundant cluster.
This video would have benefited from a simple definition in the beginning of "What a Layer 3 switch is and What does it do differently then other switches?"
Layer 3 refers to Open Systems Interconnection or OSI Layer 3. Please do your own research on OSI layers and you'd know what layer 3 and 2 mean. For home setup layer 2 switches are good enough. Especially if you don't care to learn about network design, OSI layers and are looking for the most affordable switch in the market you're looking into an unmanaged layer 2 switch. These are often aptly advertised as ethernet splitters, they take an input (aka uplink) and dynamically splits that bandwidth into the output ports (aka downlinks). As this video states, if you have plans to upgrade your network later into a more complicated setup, these may not do the job as it's not guaranteed that they will pass-thru the VLAN tags etc. IMO now a days there are many affordable "smart managed" switch options, that work out of the box as "ethernet splitter" and allows you to do some configurations(management) including VLAN when you are ready for that. These can evolve with your networking needs. On the other hand, unmanaged layer 2 switches aka ethernet splitters also can be valuable at the inner-most segment of your network where you just want maybe your media centre equipment to have multiple ethernet ports to connect to, without needing to do any traffic shaping. In this case you would still be better off if these unmanaged switches do not strip off the VLAN tags setup by a parent switch.
Thank you for this! I have layer3 capable switches and have all my vlans on all my switches at home. Why? Because I didn't know any better. I have a rebuild coming with no more vlan spanning and all layer2 switching.
I need to use one computer for surfing only and the other computer for business purpose only.The business computer is only going to be used log onto one site at all times.What connection would you recommend?
Hello Lawrence Systems, If you a change/configure the layer 2 switch to a layer 3 switch, will there be no other configuration needed on the router doing inter-vlan routing? Could you please do a video about that? Thank you very much!
Would I be okay with a VLAN trunked to unmanaged switch ASSUMING that the devices on said unmanaged switch were all the same VLAN? I merely want to seperate my single server so it will live on its own VLAN from the rest of my network which consists of like 4 other devices on two unmanaged switches. I assume I would just give each unmanaged switch the port they trunk off its own VLAN and then open rules for those two vlans to talk?
@@LAWRENCESYSTEMS Thanks for response. Lawrance, I have a quite rookie question to ask you. the firewall rule means the firewall software individually or is a firewall hardware like the switch?
@@LAWRENCESYSTEMSThanks you for the video! My current network is to only have one port(1Gb/s) to router, router did all of VLAN and firewall, and that doing up and down with, I want to using LACP and get good I Gb/s speed for upload from one network to another for LAN transmission speed.
We get insecure D-Link type router/modem/hub units supplied by Internet Service Providers here in England, how do you connect a decent router (PFsense, Edge, etc) to the internet without using the D-Link type unit as the unit is insecure and allows man-in-the-middle attacks?
We have an ISP that does pretty much the same thing here in Canada. The D-Link router uses a modified firmware (OpenWRT I believe?) and is only used to provide the static public IP address to customers. Maybe it’s the same thing with your ISPs?
Smart switches have a web interface so you can configure some things, but the features are often cut down/crippled to cut costs. A managed switch is usually made with more powerful processor and let's you get really, really fine grained in exactly how you control the network. Usually at the cost of a more expensive switch
Great vid, really well explained. Altho i still have an maybe silly question: What if i put an unmanaged switch on an unmanaged port, will those client automaticly be in the native vlan? So still separate from vlan 69/1337?
Generally speaking yes. Unmanaged switches have no concept of VLAN tags, so in most cases it just expands the network and gives you extra ports on the native VLAN
I've been looking hard for a 12"ish" port 2.5gb managed switch with POE+ and two 10g SFP+ ports for under $600, that isn't some no-name overseas unit, without luck. Even used. @@LAWRENCESYSTEMS
What do you mean "some unmanaged switches will not parse, but pass. VLAN traffic"? Why would an "unmanaged" switch filter any traffic at all? Is even the simplest networking gear plagued with hidden "features"?
Question i have 3 buildings for my home network i just updated to 2.5gb unmanaged switches in all 3 buildings.) building 1 has the router and 1 computer connected. building 2 has one computer one truenas server and on printer, it also has a 1 gb switch hooked to it with 2 nas servers hooked to that. in both building 1 and 2 i get 280 mps. download speed pulling from the Truenas server. building 3 i have 2 computers connected but only one needs 2.5gb to the truenas server but i am only getting 113mps. why? building 3 is where the truenas server is to be installed and it was in there before and the computer in building was getting 280mps download. had to move it for other reasons but will be put back in building 3 . can you give me a little help ? on where to look? thanks ps. all cables between the building's is cat 7 as is all jumpers are cat 6 and building 1 and 2 are just opposite ends of the house building 3 is 100 foot away in my office shed.
sorry, I'm really new to this whole networking stuff and all of this is so confusing to me! I bought a new ASUS router in january and set it up in a room by the modem, now I have a used unmanaged switched that use to be used on my security camera system but I had to get a new poe switch. I am currently running a long ethernet cable across the house to my room for internet . the thing is I want to use more than one device on ethernet for faster speeds and was wondering if its possible to use that 4 port switch in my room to give more devices the ability to connect to the internet? I wont be home for the next two days so I can't test it out and this idea just popped into my head. It alright if you don't respond to this comment and awesome video dude!
I have been having an issue with ethernet. We have an ISP provided modem (cable) with an ethernet cable going to our router, We then have an ethernet cable going from our router (netgear mr60) to an unmanaged switch (tp link tl-sg108) which is working fine in our upstairs office. We have another ethernet cable ran downstairs to a wall connection which then goes to another unmanaged switch. This is where the problem starts. I have been through 3 switches downstairs and now the third one doesn't work. I re-spliced the wall connection, swapped ethernet cables and still nothing. The only cable I have not swapped is the one from upstairs to downstairs because it is running through a bunch of conduit. Am I connecting something wrong? It has worked before for a few months. Would you say the next step is to replace the 150' of cable between the 2 floors or should I spring for a signal tester first. It is very frustrating running most of the house on wifi. I am thinking of getting another internet connection brought into the basement but I don't really want to spring for 2 bills. Any advice is greatly appreciated.
Hey Tom, since most of the layer 2 switches on Ubiquiti website are sold out can I just get the layer 3 switches that they currently have and use them as layer 2 switches?
@@LAWRENCESYSTEMS I'm new to vlan-ing and interested to setup vlans with unifi but most of their layer 2 switches are gone. I don't want to over complicated things since i'm new. Thanks for all the videos that you have posted in your channel. I learned a lots!
i purchase this TP-Link 16 Port Gigabit Switch, Easy Smart Managed, Plug & Play, Limited Lifetime Protection, Desktop/Wall-Mount, Sturdy Metal w/Shielded Ports, Support QoS, Vlan, IGMP and LAG (TL-SG116E) because i needs some additional ethernet ports . Everything seems fine until i have to start my Work VPN , as soon as it connect , the network lose all connections , can't browse . or work. Any idea to help, when i reconnect my old D-link 8 port everything is fine.
I have checked a few videos and there is one thing i don't understand. On all the switches in the organization you would create your Vlans. Vlan 1 with ip 192.168.1.2 and assign ports 5 - 20 on this vlan for example. vlan 20 with ip 192.168.20.2 and assign ports 21- 31 on this vlan vlan 50 with ip 192.168.50.2 and assign ports 32 -48 on this vlan. So my question is if my laptop is set to DHCP, and i plug my laptop into port 23, what IP do i get? Does the switch automatically assign an IP address to my laptop in the range 192.168.20.1 - 192.168.20.254 ? This is if those ports are (untagged).
Tom, Do you have a video that covers vlans and APs? I want to segment my network into vlans since I've picked up two decent switches used and rolled a pfsense box, but currently my garbage all-in-one Asus router/firewall I've repurposed into being just an AP isn't up to the task I'm pretty sure. So I need 2 (or more) APs if I want to segment my IoT devices from guests from trusted wireless devices? Or do higher end APs do such things in one device? Do they need multiple physical network ports (one per vlan) or can it all be done over one network port? That's the only thing I'm still lost on, how wifi fits into the vlan equation.
Yep, get yourself a UniFi controller (either in the cloud, a cloudkey or setup on one of your devices), and any Ubiquiti UniFi AP. You'll be able to direct an AP to pair SSIDs with VLANs under "Wireless Networks" settings.
@@michaeljaques77 Well, it depands. If you want to run captive portal for guests, then controller is required 24/7, otherwise, no. The controller is not just an interface, but APs, switches and gateways from UniFi family can work without it, once they're set up. I personaly believe that on premisis controller is the best choice, but, controller software has trouble with power outages, so unless you're willing to buy Gen2 cloud key, or go cloud, you would need UPS to make sure, that nothing bad happens to the controller, while it is running. The biggest benefit of controller running 24/7 is that you see your network performance and thus can better handle your network better. Another benefit lies in automated updates of your APs. But, you can run it only when configuring new equipment and then turning it off too, in which case, Raspberry Pi would be the best choice for platform for the controller.
@@michaeljaques77 In that case, make sure you'll open/forward ports 80 and 8443 to that VM. Port 80 is to access the GUI, port 8443 is for managed devices
Thanks to viewer GRG for suggesting turning on bridge mode in the router/modem/hub; essentially turning it into a modem only. Does anyone know if this cures the TR-069 problem?
What are the steps to securing let say an enterprise of Two Seperate LANs of Class B (300 Workers ) each site? And through what means by hardware and software? This enterprise has a WEB SERVER, Connects Via OpenVPN, Has Workstations, and MFC type printers scanners faxes, or and like HP laserjet (COLOR), and Drafting CAD type software, and a NAS to centralize the DATA for constant writing to, and sharing over the OpenVPN. And A Mail Server, With a Domain (DC)! I guess im painting you an example type drafting Company with the intentions of protecting their data, so I was asking in the beginning AS TO HOW TO PROTECT THE COMPANY'S DATA THROUGH HARDWARE / SOFTWARE THE TYPES AND TOPOLOGY YOU WOULD APPLY TOWARDS THIS EXAMPLE???
@@LAWRENCESYSTEMS Its not a big deal but it is there on most of your videos, does not stop the excellent content though. I only mention it because I notice the video quality has improved a lot recently.
@@hufforguk Hi, all standard here and I seem to watch you tube a lot. I dont see the same issue on many other channels. Its subtle on this video but after about 45seconds it does go out of sync, though not major. I am in the UK dont know if that makes a difference.
This channel has been my spirit animal the past couple of weeks as I've upgraded my home network. Every dang upload is so useful
yup added mesh to the house, it's been a significant step up, the roaming is great!
You are definately my go to channel on tech for networking, storage (FreeNas) and virtualization to mention a few. I recently helped a friend build a FreeNas box which is not my first but this time around I set it up to sync with BackBlaze inspired by one of your videos on that topic. You are perfect for my skill level, not as slow and repetitive as "Eli the Computer Guy", definately not over the top nor spending time on promotions. no bullshit, no nonsense, to the point. You inspire me.
I’ve been following your Virtualisation videos for a while and I’m noticing how much of the same skills I’m using for VMs can apply to how rules within networks function. Thank you Tom for sharing this all.
As much as I am learning, I still like to watch your videos because you bring the practical side to light. Things beyond specs and straight "how to". Your experience and "pit falls" are gold.
I’ve done a lot of basic networks and had a mild understanding of higher level networking. Honestly you guys make me want to get more and more into this stuff!
Why are you like the BEST , true-school technologist on the tube these days man? you are like all the guys that taught me I.T. Love your content man.
0:05:48 'As long as that last octet right here is 1 to 254 it's able to talk'. Now it's quite possible that I could have been confused about your explanation but I do not see a 254 in the graphic. The video was very detailed and you put out a lot in just under 15 minutes. Still I do think that I better understand how a layered three switch or VLAN is supposed to function within a network. Still I'll need to watch the video again; the next time with the transcript running. And this will be very useful for me in my preparation for the A+ exam. So thank you.
A good use for L3 is setting the switch as the default gateway. Then you can swap firewalls, do HA and what not all from the switch. It saves the firewall all the extra routing effort.
yup, this is often used in very large networks.
Easiest way to digest what a Layer 3 switch does and if I really need one. I'm a network newbie and I'm still trying to grasp some of the terminologies. Thanks for this wonderful video!
I love the IT Crowd analogy
I was wondering who else would get that. Then I thought of the target audience and figured everyone would get it. lol.
Thank you. Informative, educational and interesting. Like a breath of fresh air. The network guys at the company I am using in Berlin are just on another planet and have been unable to explain this as clearly.
Glad it was helpful!
Thanks Tom, appreciate to see real world applications for all these concepts. Very informative!
I view layer 3 switches as useful for reducing complexity and time spent administering devices. In the they allow you to remove a device from the chain. Something most people don't seem to understand is they are really a Router with lots of interfaces.
What application do you use to create this network diagram? Do you have recommendations on which applications to use?
Watched your channel for for at least 3 years now. Always great info from network beginners to network experts. Been very helpful getting my PFsense firewall up and running and integrating it into my home network. I was curious if someday you would review more true enterprise class hardware ie Brocade ICX 6610 Quanta LB6M which have real L3 routing capabilities.
Lawrence is always to the rescue when you need him :-D
This was helpful (as usual). I've been doing home networking for 20+ years but struggling to understand the underpinnings of VLANS. When I finally figured it out, I didn't understand why no one seems to mention it when talking VLANs (maybe you did in other videos I haven't seen yet). But the key to my understanding was that VLANs are essentially a band-aid for the lack of layer 3 routing. Even though VLANS are typically combined with subnetting, they are actually two separate things. What surprised me is all VLAN traffic having to go to the router for routing. Wouldn't that not create a huge bottleneck? I assumed the managed switches would route VLAN traffic. Makes me re-think my plan to use VLANs. Or maybe I don't understand as much as I think i do.
A managed switch may or may not have layer 3 routing. Look at hpe 1920s it’s a layer 3 “lite” spec.
From the Cisco architecture playbook, the typical small-office architecture would be distributionaccess. At the distribution layer would be routing, connecting to the access layer with high-speed connections (typically gigabit fiber or faster). The access-layer would be layer 2 with multiple Vlans as needed. The individual access ports would either be single native Vlan (example, a single workstation) or trunking two Vlans (example, a voice-over-IP phone on its voice Vlan that has a switchport to connect a workstation on the data Vlan). The user access ports are typically copper, topping out at 1 gigabit. The fiber uplinks are at least one (and typically two or more) fiber links at 1 gigabit or 10 gigabit.
Bottlenecking on the distributionaccess link? Add more physical ports to the uplink to the distribution (Link Aggregation Connection Protocol or Cisco's Etherchannel) or change out your uplinks from 1 gigabit to 10 gigabit.
The overall topology would be a star, with the distribution layer in the center. In a larger environment (such as a multi-building campus), a core layer is added - core at the main building with connections to internet and other offices, distribution and access in all the other buildings.
Interesting, from your previous video I had understood the 10GB switch would slow down for all traffic as soon as it has to do some routing. But if it is only slow for the routed bits but fast for everything else then that's better.
But then we need a video explaining how to ensure the main traffic is not considered routed...
This was most enlightening. Basically, if you need to keep traffic separated, like a guests network incapable of accessing your machines, your NAS and the sort... You don't need layer-3, just a managed switch and access points to go along with your firewall.
I think that's the route I want to go.
This guy was born to network!
This was a fantastic explanation, thank you for taking the time.
The IT Crowd reference is just brilliant
I would like to make a comment base on experience with networking, electrical modulation of signal and so on.
I used to work for an AV company with home automation systems deployments, we used to configure small to big enterprise networks using different equipment.
Based on our observations we notice strange network behaviour and issues in some of our projects, the common factor was using less then 1 metres network cables between active devices (switch, routers etc). I wouldn’t have any issues showing on the cable tester on anything like that but when connecting cables between active devices we would find the strangest issues in networking. Specifically in the application level things would not work, at first glance and investigating everything will look normal. Tried changing the cables thinking must be a faulty cable with the measure same problems. Once we put at lest one meter of cable between them problem sorted in a instant.
Further more we verified with engineers in electrical field explaining to us why this was a problem.
Again! The IT Crowd reference is great to see!
Thanks for that video. I just started to design my home networtk. And the explanation in your video helped a lot.
Greetings from Germany
Oli
BTW: Your background screen is showing a picture of Cologne/Germany where i live.
Great video! Which software is it that you are using?
our great Elders Of The Internet approve of these diagrams!
sources: youtu.be/watch?v=iDbyYGrswtg
on the Mikrotik you can have multiple bridges and choose which ports are hardware bridged together at full line speeds. Only when traffic is routed off these switched group ports that you have IP Packet routing overhead... ie lower than full line speed. Routing thruput depends on CPU resources and complexety of the routing rules. Complex high Security networks may have hundreds of routing rules. Itmay be some months till low cost CPU's can route at multigig speeds.
First off, very informative video. Thank you. What tool did you use to diagram the Network used for this video.
Man, that IRL is so damn true! Look at my network, My ER-X is my primary gateway, At first, I thought, that I would go from it to a wireless bridge to get internet in to our garage directly... Well, nope. Dad wouldn't let me run enough cables to the kitchen, which has direct line of sight and is the only such place, plus I needed to add second AP in the kitchen to cover surrounding rooms. Because of this, I had to go with UAP-AC-Pro for coverage (I know, hillarious overkill for five wireless stations at a time max), because it has passthrough port. So now, when I want to go on the Internet from the garage, say for some video tutorial, I have to go ER-X > Zyxel 1900-24E > PoE injector > UAP-AC-Pro > Zyxel 1200-5 > PoE injector > Ubiquiti NanoM5 > Ubiquiti NanoLocoM2 > Ubiquiti NanoLocoM2 > PoE injector > Zyxel 1200-5 > PoE injector > UAP-AC-Lite. That's three switches and five different APs in a row.
Thanks so much for this, clears up some misconceptions for me.
My question here is: If i got 2 switches and just one of em is connected to the router, doesnt this make this single cable from switch to switch a bottleneck if i use up all bandwith say i copy a file from switch 1 to switch 2 PC and then another PC on switch 1 tries to connect to internet which is connected to switch 2? How do you manage this problem?
My go-to setup for anything that is a bit larger is a split with a internal firewall, an interconnect vlan/subnet and a external firewall.
Then the internal firewall can do the routing between subnets, and the external firewall the NAT and the complex rules. Yes this means more layers for forwarding traffic from the outside to the inside, but that is the point.
This interconnect subnet is also handy when adding 3rd party VPN servers or EVPN circuits and maintaining a route table (e.g. OSPF) and prevent assymetric routing. (which firewalls *really* don't like)
I did this with pfSense and a 1U server with 10GBe card and had no trouble crossing > 3gbit. An entry level 1U server is about a thousand +500 for the NIC. So about 3k for a redundant cluster.
Love your videos, I learn a lot and you explain very well.
Thanks
Would be good if you can do a video on setting up layer 3 on an edge switch.
This video would have benefited from a simple definition in the beginning of "What a Layer 3 switch is and What does it do differently then other switches?"
Layer 3 refers to Open Systems Interconnection or OSI Layer 3. Please do your own research on OSI layers and you'd know what layer 3 and 2 mean. For home setup layer 2 switches are good enough. Especially if you don't care to learn about network design, OSI layers and are looking for the most affordable switch in the market you're looking into an unmanaged layer 2 switch. These are often aptly advertised as ethernet splitters, they take an input (aka uplink) and dynamically splits that bandwidth into the output ports (aka downlinks). As this video states, if you have plans to upgrade your network later into a more complicated setup, these may not do the job as it's not guaranteed that they will pass-thru the VLAN tags etc. IMO now a days there are many affordable "smart managed" switch options, that work out of the box as "ethernet splitter" and allows you to do some configurations(management) including VLAN when you are ready for that. These can evolve with your networking needs. On the other hand, unmanaged layer 2 switches aka ethernet splitters also can be valuable at the inner-most segment of your network where you just want maybe your media centre equipment to have multiple ethernet ports to connect to, without needing to do any traffic shaping. In this case you would still be better off if these unmanaged switches do not strip off the VLAN tags setup by a parent switch.
Thank you for this! I have layer3 capable switches and have all my vlans on all my switches at home. Why? Because I didn't know any better. I have a rebuild coming with no more vlan spanning and all layer2 switching.
+ Router sub-interfaces and trunking and span-ports
I need to use one computer for surfing only and the other computer for business purpose only.The business computer is only going to be used log onto one site at all times.What connection would you recommend?
nice little clarification
Thanks, well explplained! Looks like I'm gonna go with a managed switch for now instead of the unmanaged one. BTW that's libreoffice draw right?
I was looking for an article about multiple light switches not Networks.
Hello Lawrence Systems,
If you a change/configure the layer 2 switch to a layer 3 switch, will there be no other configuration needed on the router doing inter-vlan routing?
Could you please do a video about that?
Thank you very much!
Good videos.
P.S. Good evening from Finland :)
Would I be okay with a VLAN trunked to unmanaged switch ASSUMING that the devices on said unmanaged switch were all the same VLAN?
I merely want to seperate my single server so it will live on its own VLAN from the rest of my network which consists of like 4 other devices on two unmanaged switches.
I assume I would just give each unmanaged switch the port they trunk off its own VLAN and then open rules for those two vlans to talk?
Bravo! This video was very helpful.
Hi , at time 8:28, why 192 can talk to 172 in different subnet mask?
Because the firewall rules allow it to.
@@LAWRENCESYSTEMS Thanks for response. Lawrance, I have a quite rookie question to ask you. the firewall rule means the firewall software individually or is a firewall hardware like the switch?
Very good explanation, Thank you.
What network design software are you using?
ua-cam.com/video/mpF1i9sfEJ0/v-deo.html
What kind of cable from fire wall to first switch??
How about using link aggregation(EtherChannel), eg 4 of 1Gb/s together with Inter VLAN routing.
It would work
@@LAWRENCESYSTEMSThanks you for the video!
My current network is to only have one port(1Gb/s) to router, router did all of VLAN and firewall, and that doing up and down with, I want to using LACP and get good I Gb/s speed for upload from one network to another for LAN transmission speed.
We get insecure D-Link type router/modem/hub units supplied by Internet Service Providers here in England, how do you connect a decent router (PFsense, Edge, etc) to the internet without using the D-Link type unit as the unit is insecure and allows man-in-the-middle attacks?
We have an ISP that does pretty much the same thing here in Canada. The D-Link router uses a modified firmware (OpenWRT I believe?) and is only used to provide the static public IP address to customers. Maybe it’s the same thing with your ISPs?
Thanks for making this video. It is really helpful!
What is the software tool you use to make those diagrams?
Diagrams.net I have a video here ua-cam.com/video/P3ieXjI7ZSk/v-deo.html
@@LAWRENCESYSTEMS Thanks for answering my question!
is the Image for the internet a reference to the IT Crowd?
Yup!
Hello Sir, What is Managed Vs Smart Switches? Model Cisco SG220. The Smart Switch are they the same Manage
Smart switches have a web interface so you can configure some things, but the features are often cut down/crippled to cut costs. A managed switch is usually made with more powerful processor and let's you get really, really fine grained in exactly how you control the network. Usually at the cost of a more expensive switch
Great vid, really well explained. Altho i still have an maybe silly question: What if i put an unmanaged switch on an unmanaged port, will those client automaticly be in the native vlan? So still separate from vlan 69/1337?
Generally speaking yes. Unmanaged switches have no concept of VLAN tags, so in most cases it just expands the network and gives you extra ports on the native VLAN
Whats the name of the tool you using for your diagrams?
DIA
What is that diagram application you're using?
ua-cam.com/video/mpF1i9sfEJ0/v-deo.html
@@LAWRENCESYSTEMS thanks man. Nice video too!
Can you do a new video about layer 2 vs layer 3 switches and unmanaged switches that have been proven to pass vlan tags. Thanks
Since this video managed switch prices have come down even more so if you need VLAN traffic then get a managed switch.
I've been looking hard for a 12"ish" port 2.5gb managed switch with POE+ and two 10g SFP+ ports for under $600, that isn't some no-name overseas unit, without luck. Even used. @@LAWRENCESYSTEMS
sir , in my network i am using 3 unmanageable switch i want ask .
broadcast can jaam my all internet or 1 single switch can be stop when broadcasting
maybe this has already been answered but i cant find it in the comments. What software is he is using to draw the diagrams?
All my equipemnt is 2.5gb ports looking for L3 swtich x8 2.5gb do know of any
What do you mean "some unmanaged switches will not parse, but pass. VLAN traffic"? Why would an "unmanaged" switch filter any traffic at all? Is even the simplest networking gear plagued with hidden "features"?
No, some don't know what to do with the extra bits so they through them out.
You got a new subscriber
Welcome!
What do I need to manage two different networks from my PC? Wi-Fi it's not an option.
Question i have 3 buildings for my home network i just updated to 2.5gb unmanaged switches in all 3 buildings.) building 1 has the router and 1 computer connected. building 2 has one computer one truenas server and on printer, it also has a 1 gb switch hooked to it with 2 nas servers hooked to that. in both building 1 and 2 i get 280 mps. download speed pulling from the Truenas server. building 3 i have 2 computers connected but only one needs 2.5gb to the truenas server but i am only getting 113mps. why? building 3 is where the truenas server is to be installed and it was in there before and the computer in building was getting 280mps download. had to move it for other reasons but will be put back in building 3 . can you give me a little help ? on where to look? thanks ps. all cables between the building's is cat 7 as is all jumpers are cat 6 and building 1 and 2 are just opposite ends of the house building 3 is 100 foot away in my office shed.
sorry, I'm really new to this whole networking stuff and all of this is so confusing to me! I bought a new ASUS router in january and set it up in a room by the modem, now I have a used unmanaged switched that use to be used on my security camera system but I had to get a new poe switch. I am currently running a long ethernet cable across the house to my room for internet . the thing is I want to use more than one device on ethernet for faster speeds and was wondering if its possible to use that 4 port switch in my room to give more devices the ability to connect to the internet? I wont be home for the next two days so I can't test it out and this idea just popped into my head. It alright if you don't respond to this comment and awesome video dude!
Yes, you can go from switch to switch.
@@LAWRENCESYSTEMS thank you so much!
What application is that?
Hi, what is called the software used to draw the diagram please? Thank you
I was using DIA in that video, but now I use Diagrams net. I have a tutorial here:
ua-cam.com/video/P3ieXjI7ZSk/v-deo.html
I have been having an issue with ethernet. We have an ISP provided modem (cable) with an ethernet cable going to our router, We then have an ethernet cable going from our router (netgear mr60) to an unmanaged switch (tp link tl-sg108) which is working fine in our upstairs office. We have another ethernet cable ran downstairs to a wall connection which then goes to another unmanaged switch. This is where the problem starts. I have been through 3 switches downstairs and now the third one doesn't work. I re-spliced the wall connection, swapped ethernet cables and still nothing. The only cable I have not swapped is the one from upstairs to downstairs because it is running through a bunch of conduit. Am I connecting something wrong? It has worked before for a few months. Would you say the next step is to replace the 150' of cable between the 2 floors or should I spring for a signal tester first. It is very frustrating running most of the house on wifi. I am thinking of getting another internet connection brought into the basement but I don't really want to spring for 2 bills. Any advice is greatly appreciated.
My guess would be ad cable in the wall.
what is the software( network simulator ) you are using?
ua-cam.com/video/P3ieXjI7ZSk/v-deo.html
What's that program you're using to build diagrams?
Diagrams.net ua-cam.com/video/P3ieXjI7ZSk/v-deo.html
Hey Tom, since most of the layer 2 switches on Ubiquiti website are sold out can I just get the layer 3 switches that they currently have and use them as layer 2 switches?
Yes
@@LAWRENCESYSTEMS I'm new to vlan-ing and interested to setup vlans with unifi but most of their layer 2 switches are gone. I don't want to over complicated things since i'm new. Thanks for all the videos that you have posted in your channel. I learned a lots!
Do you have any video on your thoughts about the stability of unifi switches and access points since i've been hearing about them lately?
Yes, we find them very reliable ua-cam.com/video/Xqfz5xDqMBE/v-deo.html
i purchase this TP-Link 16 Port Gigabit Switch, Easy Smart Managed, Plug & Play, Limited Lifetime Protection, Desktop/Wall-Mount, Sturdy Metal w/Shielded Ports, Support QoS, Vlan, IGMP and LAG (TL-SG116E) because i needs some additional ethernet ports . Everything seems fine until i have to start my Work VPN , as soon as it connect , the network lose all connections , can't browse . or work.
Any idea to help, when i reconnect my old D-link 8 port everything is fine.
Sounds like the VPN is misconfigured
I have checked a few videos and there is one thing i don't understand.
On all the switches in the organization you would create your Vlans.
Vlan 1 with ip 192.168.1.2 and assign ports 5 - 20 on this vlan for example.
vlan 20 with ip 192.168.20.2 and assign ports 21- 31 on this vlan
vlan 50 with ip 192.168.50.2 and assign ports 32 -48 on this vlan.
So my question is if my laptop is set to DHCP, and i plug my laptop into port 23, what IP do i get?
Does the switch automatically assign an IP address to my laptop in the range 192.168.20.1 - 192.168.20.254 ?
This is if those ports are (untagged).
Tom,
Do you have a video that covers vlans and APs?
I want to segment my network into vlans since I've picked up two decent switches used and rolled a pfsense box, but currently my garbage all-in-one Asus router/firewall I've repurposed into being just an AP isn't up to the task I'm pretty sure.
So I need 2 (or more) APs if I want to segment my IoT devices from guests from trusted wireless devices? Or do higher end APs do such things in one device? Do they need multiple physical network ports (one per vlan) or can it all be done over one network port?
That's the only thing I'm still lost on, how wifi fits into the vlan equation.
Yep, get yourself a UniFi controller (either in the cloud, a cloudkey or setup on one of your devices), and any Ubiquiti UniFi AP. You'll be able to direct an AP to pair SSIDs with VLANs under "Wireless Networks" settings.
So its all done in software? Does the controller need to be running 24/7 or is it just an interface to setup and administer the AP on demand?
@@michaeljaques77 Well, it depands. If you want to run captive portal for guests, then controller is required 24/7, otherwise, no.
The controller is not just an interface, but APs, switches and gateways from UniFi family can work without it, once they're set up.
I personaly believe that on premisis controller is the best choice, but, controller software has trouble with power outages, so unless you're willing to buy Gen2 cloud key, or go cloud, you would need UPS to make sure, that nothing bad happens to the controller, while it is running. The biggest benefit of controller running 24/7 is that you see your network performance and thus can better handle your network better. Another benefit lies in automated updates of your APs. But, you can run it only when configuring new equipment and then turning it off too, in which case, Raspberry Pi would be the best choice for platform for the controller.
@@looseycanon I guess could just spin up a small VM on my xcp-ng to host the controller software :) thanks for your help, it clarifies things so much.
@@michaeljaques77 In that case, make sure you'll open/forward ports 80 and 8443 to that VM. Port 80 is to access the GUI, port 8443 is for managed devices
Very good and clear video, thx.
Which Software is for the Flow is this! I just use draw.io
This Mikrotik switch does wire-speed vlan tagging, switch rules (ACL), mirroring, basic shaping, etc: wiki.mikrotik.com/wiki/Manual:CRS3xx_series_switches
what is the name of the program that you use to design the local network?
dia ... "sudo apt install dia dia-shapes dia-rib-network"
how calls this program you use?
Awesome video thanks for the helpful info push a video of manage switch that you’ll recommend
What software are you using to make your diagrams?
Dia
3:17 what software is that?
Awesome Video!!!
Thanks to viewer GRG for suggesting turning on bridge mode in the router/modem/hub; essentially turning it into a modem only. Does anyone know if this cures the TR-069 problem?
What are the steps to securing let say an enterprise of Two Seperate LANs of Class B (300 Workers ) each site? And through what means by hardware and software? This enterprise has a WEB SERVER, Connects Via OpenVPN, Has Workstations, and MFC type printers scanners faxes, or and like HP laserjet (COLOR), and Drafting CAD type software, and a NAS to centralize the DATA for constant writing to, and sharing over the OpenVPN. And A Mail Server, With a Domain (DC)! I guess im painting you an example type drafting Company with the intentions of protecting their data, so I was asking in the beginning AS TO HOW TO PROTECT THE COMPANY'S DATA THROUGH HARDWARE / SOFTWARE THE TYPES AND TOPOLOGY YOU WOULD APPLY TOWARDS THIS EXAMPLE???
employee phishing training is very important here in 2020
man this is a loaded question
Nice explanation.... but slow down your delivery 10%
Thank you for the knowledge
Is it "ME-crotic" or "MICRO-tic"? I need to know.
Micro
@@JakeLoeppky phew. Thought so.
It's Latvian. ME-KRO-TICK . It's a play on words of "Mikrotīkls" or "small network".
how to join the forum? the link
Which cad software is that?
What recommendations do you have for security hardware in a home lab that can handle 1.5gbps Fiber from my ISP?
What's your budget? And what do you define as "security hardware"?
Neil Hanlon $3-500. Router/Firewall
@@AdamCohen95 Is that three dollars starting or three hundred? 'Cause if it's three dollars I'm right there with you. :)
Percy Blakeney lol 300-500 😅
Maybe one of these with SFP+ port and a SFP+ FC module?
mikrotik.com/products/group/ethernet-routers?filter&s=c&f=[%22sfp%22]#!
Great video!
Love your channel and will love it even more if you can get the lip sync sorted :)
It does not appear to be out of sync
@@LAWRENCESYSTEMS Its not a big deal but it is there on most of your videos, does not stop the excellent content though. I only mention it because I notice the video quality has improved a lot recently.
@@garethsnaim8174 are you watching at high speed? Some UA-cam videos go slightly out of sync when watching at 1.25 or higher.
@@hufforguk Hi, all standard here and I seem to watch you tube a lot. I dont see the same issue on many other channels. Its subtle on this video but after about 45seconds it does go out of sync, though not major. I am in the UK dont know if that makes a difference.
Slightly out of sync .. watching at 720p ... love the channel
VLAN 69. Nice.
amazing Tom
Another great video
Think you man
Thank you!