1
00:00:00,210 --> 00:00:02,009
In this lesson, I'm going to show you

2
00:00:02,009 --> 00:00:04,620
how to understand and configure VLANs.

3
00:00:04,620 --> 00:00:06,480
Now for this example, I'm going to be using

4
00:00:06,480 --> 00:00:10,440
a small office home office router known as a dream wall

5
00:00:10,440 --> 00:00:13,020
or a dream station, depending on the model you buy.

6
00:00:13,020 --> 00:00:14,880
In our particular offices, we are using one

7
00:00:14,880 --> 00:00:16,500
called the Dream Wall, and you can see

8
00:00:16,500 --> 00:00:19,410
the icon there displayed in the top left corner.

9
00:00:19,410 --> 00:00:21,660
Now when you log into this device, you're going to see

10
00:00:21,660 --> 00:00:24,090
all of this information, and this is telling you everything

11
00:00:24,090 --> 00:00:27,090
about your network, including who your internet provider is,

12
00:00:27,090 --> 00:00:29,790
how fast it is, what the health of your internet is,

13
00:00:29,790 --> 00:00:31,560
what kind of traffic is going across your network,

14
00:00:31,560 --> 00:00:33,540
and wifi and things like that.

15
00:00:33,540 --> 00:00:35,507
But for this lesson, we're not worried about any of that.

16
00:00:35,507 --> 00:00:38,880
We are just concerned with how we can configure VLANs.

17
00:00:38,880 --> 00:00:40,950
So what we're going to do is we're going to go down here

18
00:00:40,950 --> 00:00:42,630
in the bottom left corner and click on

19
00:00:42,630 --> 00:00:43,830
the gear for settings, and then

20
00:00:43,830 --> 00:00:45,660
click on the Networks button.

21
00:00:45,660 --> 00:00:47,880
From here, you're going to see all of your VLANs

22
00:00:47,880 --> 00:00:50,430
listed in this nice graphical user interface.

23
00:00:50,430 --> 00:00:54,060
Currently, and by default, this system only has one VLAN,

24
00:00:54,060 --> 00:00:56,400
which is the Default VLAN.

25
00:00:56,400 --> 00:00:58,650
You could see here that the Default VLAN is there,

26
00:00:58,650 --> 00:01:00,630
it's in the router Dion Training Offices,

27
00:01:00,630 --> 00:01:05,630
and it's using a subnet address of 192.168.0.0/24.

28
00:01:06,180 --> 00:01:07,200
The internet connection is going

29
00:01:07,200 --> 00:01:08,910
through our primary WAN1 connection,

30
00:01:08,910 --> 00:01:11,010
and there are 10 IP leases available,

31
00:01:11,010 --> 00:01:13,560
which means the first 10 devices can log in

32
00:01:13,560 --> 00:01:15,450
and use the Default VLAN without having

33
00:01:15,450 --> 00:01:17,100
to go to any other VLANs.

34
00:01:17,100 --> 00:01:19,140
Now, the next thing we want to do is we want to start creating

35
00:01:19,140 --> 00:01:21,960
some VLANs for different departments that we may have

36
00:01:21,960 --> 00:01:25,110
and want to put people into for that logical separation

37
00:01:25,110 --> 00:01:29,490
to break up one large broadcast domain with up to 254 hosts,

38
00:01:29,490 --> 00:01:31,620
which what we currently have, into much smaller

39
00:01:31,620 --> 00:01:33,210
broadcast domains based on

40
00:01:33,210 --> 00:01:35,310
organizational department structure.

41
00:01:35,310 --> 00:01:38,730
To do this, we're just going to click on new virtual network.

42
00:01:38,730 --> 00:01:40,800
Once you click on that, you're going to give it a name.

43
00:01:40,800 --> 00:01:42,450
So in my case, the first one I'm going to use

44
00:01:42,450 --> 00:01:44,430
is called Instructors, and I want to put

45
00:01:44,430 --> 00:01:45,840
all of my instructors in here because

46
00:01:45,840 --> 00:01:48,420
they should have access to things that other people may not

47
00:01:48,420 --> 00:01:51,330
like the answer keys to our exams or content

48
00:01:51,330 --> 00:01:53,280
that we're working on that's for an upcoming course

49
00:01:53,280 --> 00:01:54,750
that we don't want anybody to see yet.

50
00:01:54,750 --> 00:01:56,070
So I'm going to put all of my instructors

51
00:01:56,070 --> 00:01:58,470
into this group called Instructors.

52
00:01:58,470 --> 00:01:59,670
Now from here, you're going to select

53
00:01:59,670 --> 00:02:00,840
which router it applies to.

54
00:02:00,840 --> 00:02:03,690
In our case, it's just the Dion Training Offices router.

55
00:02:03,690 --> 00:02:06,270
And then we're going to have IPv4 or IPv6,

56
00:02:06,270 --> 00:02:08,400
and we're going to stay with IPv4.

57
00:02:08,400 --> 00:02:10,949
From here, we have the option to autoscale our network

58
00:02:10,949 --> 00:02:13,170
where it'll go up or down in size based on

59
00:02:13,170 --> 00:02:14,640
the number of things that are connecting.

60
00:02:14,640 --> 00:02:16,380
And this is one of the features of this particular

61
00:02:16,380 --> 00:02:18,030
small office home office router,

62
00:02:18,030 --> 00:02:19,980
and not all of them will support this.

63
00:02:19,980 --> 00:02:22,530
For now though, I'm going to leave that as the default option

64
00:02:22,530 --> 00:02:24,840
because it's going to increase or decrease in size

65
00:02:24,840 --> 00:02:26,130
based on the number of clients

66
00:02:26,130 --> 00:02:28,260
that are connecting to this VLAN.

67
00:02:28,260 --> 00:02:30,000
Then we're going to go down here to the Advanced area,

68
00:02:30,000 --> 00:02:31,500
and we're going to hit Manual.

69
00:02:31,500 --> 00:02:34,050
From here, we're going to give this VLAN a number.

70
00:02:34,050 --> 00:02:37,410
Now, instead of calling it two, we're going to call it 100.

71
00:02:37,410 --> 00:02:41,760
Personally, I like to use things like 100, 200, 300, 400

72
00:02:41,760 --> 00:02:43,560
for my different departments, and that way,

73
00:02:43,560 --> 00:02:46,230
if I need to have a subdivision underneath that department,

74
00:02:46,230 --> 00:02:48,480
I have room in my numbering scheme to do that.

75
00:02:48,480 --> 00:02:52,200
For example, I might use this for the instructors as 100,

76
00:02:52,200 --> 00:02:54,750
and then printers for the instructors as 101

77
00:02:54,750 --> 00:02:56,490
and voice lines for the instructors

78
00:02:56,490 --> 00:02:59,820
as our voice VLAN of 102 and things like that.

79
00:02:59,820 --> 00:03:01,740
The next thing we have is isolation.

80
00:03:01,740 --> 00:03:03,870
If you check this box here, it means that

81
00:03:03,870 --> 00:03:05,520
everybody who's in the instructor VLAN

82
00:03:05,520 --> 00:03:08,310
can only talk to people in the Instructor VLAN.

83
00:03:08,310 --> 00:03:10,080
If this is not checked, then there's going to be

84
00:03:10,080 --> 00:03:12,150
an open connection between your different VLANs

85
00:03:12,150 --> 00:03:13,830
and you're losing that security.

86
00:03:13,830 --> 00:03:16,590
So I always like to use isolation in my network

87
00:03:16,590 --> 00:03:18,600
to create this as a logical isolation

88
00:03:18,600 --> 00:03:20,400
between my different VLANs.

89
00:03:20,400 --> 00:03:23,640
Now, this device also is a unified threat management system,

90
00:03:23,640 --> 00:03:26,280
so it has a firewall and a proxy server

91
00:03:26,280 --> 00:03:28,590
and content filtering all built into it.

92
00:03:28,590 --> 00:03:30,450
Now here we can say none if we want

93
00:03:30,450 --> 00:03:32,910
no kind of content filtering, or we could say

94
00:03:32,910 --> 00:03:35,940
we want the work policies or the family policies.

95
00:03:35,940 --> 00:03:37,920
In our case, this is a work environment.

96
00:03:37,920 --> 00:03:39,630
So I'm going to select the work policies,

97
00:03:39,630 --> 00:03:42,780
which includes blocking things like gambling and pornography

98
00:03:42,780 --> 00:03:44,640
and other things that we don't want our instructors

99
00:03:44,640 --> 00:03:46,290
working on when they're at work

100
00:03:46,290 --> 00:03:47,940
because we want them working when they're at work

101
00:03:47,940 --> 00:03:49,710
and not doing things like that.

102
00:03:49,710 --> 00:03:51,840
As we scroll down, you'll see we also have things

103
00:03:51,840 --> 00:03:54,240
like DHCP server, which we're going to leave in place,

104
00:03:54,240 --> 00:03:56,160
and then we'll just add this to our network.

105
00:03:56,160 --> 00:03:58,410
So now you can see we have two VLANs.

106
00:03:58,410 --> 00:04:00,270
We have our first VLAN, which is our Default

107
00:04:00,270 --> 00:04:02,850
or native VLAN, which is VLAN 1,

108
00:04:02,850 --> 00:04:05,880
and then we have our instructor VLAN of VLAN 100.

109
00:04:05,880 --> 00:04:08,700
Let's go ahead and add another one called Instructor VOIP,

110
00:04:08,700 --> 00:04:12,210
and this will be our instructors voiceover IP lines,

111
00:04:12,210 --> 00:04:15,540
and we're going to create this as VLAN 101,

112
00:04:15,540 --> 00:04:17,640
and we will also give it network isolation

113
00:04:17,640 --> 00:04:20,040
and call it work as our content filtering.

114
00:04:20,040 --> 00:04:22,140
And then we'll add that to our group.

115
00:04:22,140 --> 00:04:23,640
Now that we've done that, we'll go in here

116
00:04:23,640 --> 00:04:25,410
and go to our new virtual network

117
00:04:25,410 --> 00:04:27,180
and we'll give another group of people.

118
00:04:27,180 --> 00:04:30,270
In this case, we're going to call it student support.

119
00:04:30,270 --> 00:04:33,090
And then we're going to go ahead and select this as manual

120
00:04:33,090 --> 00:04:34,950
and we'll call this 200.

121
00:04:34,950 --> 00:04:37,020
And we'll also give this network isolation

122
00:04:37,020 --> 00:04:38,400
and work content filtering,

123
00:04:38,400 --> 00:04:40,560
and then we'll add that to our network.

124
00:04:40,560 --> 00:04:42,690
Next, we'll click on New Virtual Network

125
00:04:42,690 --> 00:04:44,880
and we'll call this Student Support VOIP.

126
00:04:44,880 --> 00:04:46,020
And this is going to be the voice lines

127
00:04:46,020 --> 00:04:47,580
for all of our student support staff.

128
00:04:47,580 --> 00:04:49,170
So somebody calls our offices, they'll be able

129
00:04:49,170 --> 00:04:51,180
to reach one of our service agents.

130
00:04:51,180 --> 00:04:53,610
And then we'll again give that content filtering for work,

131
00:04:53,610 --> 00:04:55,470
and then we'll hit Add.

132
00:04:55,470 --> 00:04:56,810
Next, we'll create another department.

133
00:04:56,810 --> 00:04:58,050
In this case, we're going to call this

134
00:04:58,050 --> 00:05:00,030
the executive department.

135
00:05:00,030 --> 00:05:01,500
And you can get the idea here as you go

136
00:05:01,500 --> 00:05:03,510
and create all of your different VLANs

137
00:05:03,510 --> 00:05:04,950
for all of your different ones.

138
00:05:04,950 --> 00:05:07,110
And then we'll hit Add, and then we'll do the last one,

139
00:05:07,110 --> 00:05:08,310
which is going to be the Executive VOIP.

140
00:05:08,310 --> 00:05:11,160
And so we'll just put that in there, Executive VOIP.

141
00:05:11,160 --> 00:05:12,780
And then again, we're going to hit Manual.

142
00:05:12,780 --> 00:05:15,240
We'll make this one 301, and then

143
00:05:15,240 --> 00:05:16,560
the network will be Network.

144
00:05:16,560 --> 00:05:17,970
We'll scroll down a little bit,

145
00:05:17,970 --> 00:05:19,740
and then from here, and then we'll click Add.

146
00:05:19,740 --> 00:05:22,050
All right, now that we are here, we can see

147
00:05:22,050 --> 00:05:24,690
all of our different VLANs and we have seven of them total.

148
00:05:24,690 --> 00:05:27,480
We have our Default, our Instructors, our Instructor VOIP,

149
00:05:27,480 --> 00:05:29,760
our Student Support, our Student Support VOIP,

150
00:05:29,760 --> 00:05:31,980
our Executive, and our Executive VOIP.

151
00:05:31,980 --> 00:05:34,350
Now from here, we haven't really done any configurations yet

152
00:05:34,350 --> 00:05:36,660
except to say that we have these VLANs

153
00:05:36,660 --> 00:05:39,090
and each person who is put into one of these VLANs

154
00:05:39,090 --> 00:05:41,970
will only be able to access other people in those VLANs

155
00:05:41,970 --> 00:05:43,620
because that's how we have the security set up

156
00:05:43,620 --> 00:05:45,810
by default here with that isolation.

157
00:05:45,810 --> 00:05:47,430
Now if we want to see what these VLANs look like

158
00:05:47,430 --> 00:05:48,900
on the physical switch, we'll go ahead

159
00:05:48,900 --> 00:05:50,100
and click on VLAN Viewer.

160
00:05:50,100 --> 00:05:53,340
We're going to see the actual ports going across my switch

161
00:05:53,340 --> 00:05:54,960
on the top here, and those are represented

162
00:05:54,960 --> 00:05:56,880
by those numbers one, and you can see

163
00:05:56,880 --> 00:05:59,340
that this is a 24-port switch.

164
00:05:59,340 --> 00:06:02,940
Now, in addition to that, I have VLAN tagging listed below,

165
00:06:02,940 --> 00:06:05,580
and from here, you could see which VLANs

166
00:06:05,580 --> 00:06:07,650
have which ports enabled on them.

167
00:06:07,650 --> 00:06:11,130
Right now, all of our ports are set up by default

168
00:06:11,130 --> 00:06:12,960
to be open on all VLANs.

169
00:06:12,960 --> 00:06:15,600
So any device can connect to any of our different ports

170
00:06:15,600 --> 00:06:18,480
and then choose which VLAN it wants to be a part of

171
00:06:18,480 --> 00:06:20,730
using different tagging and configuration.

172
00:06:20,730 --> 00:06:22,680
This is a insecure way of doing things.

173
00:06:22,680 --> 00:06:25,080
So what I want to do is be able to choose which devices

174
00:06:25,080 --> 00:06:27,660
on which ports can go to which VLANs.

175
00:06:27,660 --> 00:06:30,990
So for example, if I have an instructor's office cabled up

176
00:06:30,990 --> 00:06:34,560
to port number one, I would simply click on port number one,

177
00:06:34,560 --> 00:06:36,480
and then from here, I'm going to go down

178
00:06:36,480 --> 00:06:39,180
and select my native VLAN for that port.

179
00:06:39,180 --> 00:06:41,130
In this case, that is going to go ahead

180
00:06:41,130 --> 00:06:44,400
and be the instructor one of Instructor 100.

181
00:06:44,400 --> 00:06:45,810
From there, I'm going to go ahead and say

182
00:06:45,810 --> 00:06:48,780
block all for all of the tagged VLAN management.

183
00:06:48,780 --> 00:06:50,190
Now the way this is configured,

184
00:06:50,190 --> 00:06:54,120
I can only have instructors on port one and nobody else.

185
00:06:54,120 --> 00:06:56,880
Once I hit Apply, this will save that setting.

186
00:06:56,880 --> 00:06:58,290
Then we can go back here to VLANs

187
00:06:58,290 --> 00:07:00,990
and you'll see that that default is no longer there.

188
00:07:00,990 --> 00:07:02,700
It's grayed out because it's blocked.

189
00:07:02,700 --> 00:07:04,920
But on port one, we are allowing the instructors

190
00:07:04,920 --> 00:07:07,500
as the native VLAN because the native now

191
00:07:07,500 --> 00:07:11,490
for the Instructor VLAN or port one is VLAN 100.

192
00:07:11,490 --> 00:07:13,440
And then we have all the other ones being blocked.

193
00:07:13,440 --> 00:07:16,080
Now if we want it on port two to allow something

194
00:07:16,080 --> 00:07:18,210
like the instructor VOIP phones,

195
00:07:18,210 --> 00:07:20,310
we can do that by clicking on two

196
00:07:20,310 --> 00:07:21,660
and then going here to default

197
00:07:21,660 --> 00:07:23,640
and we'll select the Instructor VOIP.

198
00:07:23,640 --> 00:07:24,810
Now that's going to be the default,

199
00:07:24,810 --> 00:07:27,450
but if I also want to allow somebody to be an instructor

200
00:07:27,450 --> 00:07:30,450
to connect their laptop to it, I can click on custom

201
00:07:30,450 --> 00:07:31,740
and then select the one I want

202
00:07:31,740 --> 00:07:34,470
such as Instructors, and then hit Save.

203
00:07:34,470 --> 00:07:36,120
At this point, I'll apply those changes

204
00:07:36,120 --> 00:07:38,100
and then we'll go back to our VLAN viewer.

205
00:07:38,100 --> 00:07:40,140
Now you can see that on port two,

206
00:07:40,140 --> 00:07:43,080
which is VLAN 101 is the default.

207
00:07:43,080 --> 00:07:45,450
That is my default for Instructor VOIP.

208
00:07:45,450 --> 00:07:47,580
But you'll also see that Instructors

209
00:07:47,580 --> 00:07:49,770
is able to be used on port two.

210
00:07:49,770 --> 00:07:52,470
Default is not, and all the other ones are not

211
00:07:52,470 --> 00:07:54,030
because port two has been blocked

212
00:07:54,030 --> 00:07:56,220
because we only configured it so that port two

213
00:07:56,220 --> 00:08:00,420
can be used by default as a VOIP phone or a VOIP laptop here

214
00:08:00,420 --> 00:08:02,970
by allowing this green tagging to happen.

215
00:08:02,970 --> 00:08:04,740
Now, if we want to do the same thing, we can go here

216
00:08:04,740 --> 00:08:06,270
to port number three and let's go ahead

217
00:08:06,270 --> 00:08:08,430
and set this one to the Executive.

218
00:08:08,430 --> 00:08:10,350
So we'll go ahead and scroll down to the Executive

219
00:08:10,350 --> 00:08:12,420
and we'll block everybody else.

220
00:08:12,420 --> 00:08:14,070
And then from there we'll hit Apply.

221
00:08:14,070 --> 00:08:16,020
And then port number four, I'm going to go ahead

222
00:08:16,020 --> 00:08:18,630
and make this one the executive's voice phone.

223
00:08:18,630 --> 00:08:20,880
And so we'll do that right here, Executive VOIP.

224
00:08:20,880 --> 00:08:23,820
And we will do a custom to also allow

225
00:08:23,820 --> 00:08:26,820
the executive channel to be there as well.

226
00:08:26,820 --> 00:08:27,810
And then we'll hit Apply.

227
00:08:27,810 --> 00:08:29,040
And if we go here to our VLANs,

228
00:08:29,040 --> 00:08:31,920
you can see now that the default is no longer available

229
00:08:31,920 --> 00:08:33,630
on ports one through four.

230
00:08:33,630 --> 00:08:36,750
On port one, we allow the Instructors by default.

231
00:08:36,750 --> 00:08:39,720
On port two, we allow the Instructors VOIP by default

232
00:08:39,720 --> 00:08:42,539
or the instructors using a tagged VLAN.

233
00:08:42,539 --> 00:08:45,090
So either VLAN 100 or VLAN 101

234
00:08:45,090 --> 00:08:47,760
will support on port number two.

235
00:08:47,760 --> 00:08:49,770
For port number three, you'll see it's all blocked out

236
00:08:49,770 --> 00:08:51,510
until we get all the way down here

237
00:08:51,510 --> 00:08:53,730
to the Executives being the default.

238
00:08:53,730 --> 00:08:56,010
And then we see on port four the Executive Voice

239
00:08:56,010 --> 00:08:57,660
was the default, but we also allowed

240
00:08:57,660 --> 00:08:59,430
Executive to be there as well.

241
00:08:59,430 --> 00:09:01,020
And we can continue to do this for each

242
00:09:01,020 --> 00:09:02,760
and every one of our ports.

243
00:09:02,760 --> 00:09:04,170
Now, what I just showed you here was

244
00:09:04,170 --> 00:09:06,930
a very, very basic overview of how to set up

245
00:09:06,930 --> 00:09:10,110
a VLAN inside of a graphical user environment.

246
00:09:10,110 --> 00:09:12,960
If you move on to be a full fledged network administrator

247
00:09:12,960 --> 00:09:14,880
or network engineer, you are going to get into

248
00:09:14,880 --> 00:09:17,610
the command line environment for your specific device,

249
00:09:17,610 --> 00:09:19,230
whether that's going to be a Cisco device,

250
00:09:19,230 --> 00:09:21,510
a UniFi device, a Juniper device,

251
00:09:21,510 --> 00:09:23,880
a Brocade device, or any other one out there.

252
00:09:23,880 --> 00:09:26,310
And each one has different configurations

253
00:09:26,310 --> 00:09:27,810
that you'll be able to set up, but they're all using

254
00:09:27,810 --> 00:09:29,816
the same concepts of using VLAN

255
00:09:29,816 --> 00:09:32,370
and VLAN tagging on specific ports to allow

256
00:09:32,370 --> 00:09:35,370
or deny traffic based on those frame tags.

257
00:09:35,370 --> 00:09:37,020
So you can now have these logical networks

258
00:09:37,020 --> 00:09:39,270
being created on a single physical switch,

259
00:09:39,270 --> 00:09:41,100
which is exactly what we did here.

260
00:09:41,100 --> 00:09:43,710
Right now, as you see this switch, you can see

261
00:09:43,710 --> 00:09:46,320
that with that number one on all the other ports,

262
00:09:46,320 --> 00:09:49,320
that means everybody can use those for all VLAN.

263
00:09:49,320 --> 00:09:51,780
But those first four ports, which we've now assigned

264
00:09:51,780 --> 00:09:56,100
as 100, 101, 300, 301, is going to be for the Instructors,

265
00:09:56,100 --> 00:09:59,250
the Instructor VOIP, the Executives, and the Executive VOIP

266
00:09:59,250 --> 00:10:01,350
on those four ports individually

267
00:10:01,350 --> 00:10:03,510
and shown in this graphical manner.

268
00:10:03,510 --> 00:10:05,220
By doing this, we're allowed to have

269
00:10:05,220 --> 00:10:06,840
four different virtual networks

270
00:10:06,840 --> 00:10:09,090
that are all individually segmented from each other,

271
00:10:09,090 --> 00:10:11,730
and communications cannot occur across those ports

272
00:10:11,730 --> 00:10:13,410
except where we have allowed them.

273
00:10:13,410 --> 00:10:16,560
So on port two, for example, we are going to allow

274
00:10:16,560 --> 00:10:18,180
the Instructor and the Instructor VOIP

275
00:10:18,180 --> 00:10:20,100
to both be supported on port two.

276
00:10:20,100 --> 00:10:23,340
So we can use either a phone or a laptop on that port.

277
00:10:23,340 --> 00:10:25,740
But for port one, we can only use a laptop

278
00:10:25,740 --> 00:10:27,990
because it's only going to go into the Instructor VLAN,

279
00:10:27,990 --> 00:10:30,060
not the Instructor VOIP VLAN.

280
00:10:30,060 --> 00:10:31,800
I hope this helps you understand a little bit more

281
00:10:31,800 --> 00:10:33,300
about the configuration of a VLAN

282
00:10:33,300 --> 00:10:34,950
and what it looks like in the real world.

283
00:10:34,950 --> 00:10:36,900
Now for the exam, you do not need to know

284
00:10:36,900 --> 00:10:39,180
how to do anything I showed you in this video.

285
00:10:39,180 --> 00:10:40,830
This was just for your understanding,

286
00:10:40,830 --> 00:10:43,860
so you can understand better how configuring VLANs works

287
00:10:43,860 --> 00:10:46,530
in the real world on a small office home office device

288
00:10:46,530 --> 00:10:48,183
like this one from UniFi.