1
00:00:00,210 --> 00:00:03,150
In this video let's talk about VLAN settings.

2
00:00:03,150 --> 00:00:05,160
Remember, when it comes to VLANs, you need

3
00:00:05,160 --> 00:00:07,200
to route the traffic between the VLANs,

4
00:00:07,200 --> 00:00:09,738
otherwise your devices aren't going to be able to communicate.

5
00:00:09,738 --> 00:00:13,440
So let's pretend I have two VLANs, one called IT

6
00:00:13,440 --> 00:00:14,940
and one called HR.

7
00:00:14,940 --> 00:00:17,670
Even though both IT and HR are connected to switch one

8
00:00:17,670 --> 00:00:19,950
and switch two physically, they can't communicate

9
00:00:19,950 --> 00:00:21,720
with each other until I route traffic

10
00:00:21,720 --> 00:00:23,640
between them using a router.

11
00:00:23,640 --> 00:00:26,190
Also, if you're going to have devices in the same VLAN,

12
00:00:26,190 --> 00:00:28,530
they need to be in the same logical subnet.

13
00:00:28,530 --> 00:00:31,350
So in this example, all of my clients are part

14
00:00:31,350 --> 00:00:32,307
of the IT VLAN

15
00:00:32,307 --> 00:00:37,307
and they should be using the same subnet of 192.168.1.0/24.

16
00:00:38,310 --> 00:00:41,553
And all of my HR VLAN clients should use their own subnet,

17
00:00:42,441 --> 00:00:45,870
something like 192.168.2.0/24.

18
00:00:45,870 --> 00:00:48,210
So let's take a look at this using a basic

19
00:00:48,210 --> 00:00:49,980
network logical diagram.

20
00:00:49,980 --> 00:00:53,340
Here we see one IT client and one HR client.

21
00:00:53,340 --> 00:00:56,850
Each one is assigned an IP address in a slash 24 network.

22
00:00:56,850 --> 00:00:59,550
The IT client is assigned to the IT subnet

23
00:00:59,550 --> 00:01:04,437
of 192.168.10/24 in VLAN 100,

24
00:01:04,437 --> 00:01:09,437
and the HR client is going to be assigned to 192.168.2.0/24

25
00:01:09,840 --> 00:01:12,300
as its network in VLAN 200.

26
00:01:12,300 --> 00:01:15,071
To simplify this topology, I left out all the other IT

27
00:01:15,071 --> 00:01:17,120
and HR clients, but there could be 50

28
00:01:17,120 --> 00:01:19,680
or 60 of these connected there as well either

29
00:01:19,680 --> 00:01:21,090
to switch one or two.

30
00:01:21,090 --> 00:01:23,310
It really doesn't matter for our purposes as long

31
00:01:23,310 --> 00:01:25,560
as they're configured into the proper VLAN.

32
00:01:25,560 --> 00:01:27,810
Now, as this is a logical diagram

33
00:01:27,810 --> 00:01:30,920
and how we see it set up here, IT client cannot communicate

34
00:01:30,920 --> 00:01:32,790
to the HR client and neither

35
00:01:32,790 --> 00:01:35,130
of those clients can communicate with the internet.

36
00:01:35,130 --> 00:01:36,570
Why is that?

37
00:01:36,570 --> 00:01:38,520
Alright, I want you to pause the video here

38
00:01:38,520 --> 00:01:39,600
and I'm going to count to five

39
00:01:39,600 --> 00:01:42,000
and I want you to come back and give me the answer.

40
00:01:42,000 --> 00:01:46,230
1, 2, 3, 4, 5, all right, you're back.

41
00:01:46,230 --> 00:01:47,760
Did you figure out the issue?

42
00:01:47,760 --> 00:01:49,950
Well, this issue is all going to come down to the fact

43
00:01:49,950 --> 00:01:51,810
that there are not gateways for the IT

44
00:01:51,810 --> 00:01:54,060
or HR clients to communicate with.

45
00:01:54,060 --> 00:01:57,300
Notice in this logical topology, we only have one router,

46
00:01:57,300 --> 00:01:59,190
and that router has an interface IP

47
00:01:59,190 --> 00:02:04,190
of 10.0.0.1 in the 10.0.0.0/24 network.

48
00:02:04,560 --> 00:02:07,500
This means it's the default VLAN, VLAN 1

49
00:02:07,500 --> 00:02:10,020
and its network isn't on the same logical network

50
00:02:10,020 --> 00:02:12,450
as either the IT or HR VLANs.

51
00:02:12,450 --> 00:02:14,250
So for us to allow the IT

52
00:02:14,250 --> 00:02:17,130
and HR clients to communicate, they're going to need a place

53
00:02:17,130 --> 00:02:20,250
to route traffic between switch one and switch two.

54
00:02:20,250 --> 00:02:22,950
Then to allow both of them to communicate with the internet,

55
00:02:22,950 --> 00:02:25,260
we need to connect them to a new router that's connected

56
00:02:25,260 --> 00:02:26,760
to the internet as well.

57
00:02:26,760 --> 00:02:29,490
Now, our easiest and cheapest solution in this case would be

58
00:02:29,490 --> 00:02:32,610
to remove the connection between switch one and switch two.

59
00:02:32,610 --> 00:02:35,430
Then we can connect switch one to router one

60
00:02:35,430 --> 00:02:38,070
and assign it a new interface on an IP address

61
00:02:38,070 --> 00:02:39,360
in the IT VLAN.

62
00:02:39,360 --> 00:02:41,760
We could also connect switch two directly to router one

63
00:02:41,760 --> 00:02:44,550
and assign it interface with the HR VLAN.

64
00:02:44,550 --> 00:02:48,953
Now we can use router one to route traffic between VLAN 100,

65
00:02:48,953 --> 00:02:52,140
the IT VLAN, and VLAN 200, the HR VLAN,

66
00:02:52,140 --> 00:02:54,570
and we can route both of those VLANs out

67
00:02:54,570 --> 00:02:57,180
to the internet going through router one as well.

68
00:02:57,180 --> 00:02:59,820
So remember, if you start having devices

69
00:02:59,820 --> 00:03:01,800
that can't communicate with each other, like one

70
00:03:01,800 --> 00:03:03,630
of the IT clients can't communicate with one

71
00:03:03,630 --> 00:03:05,550
of the HR clients, it could be an

72
00:03:05,550 --> 00:03:07,500
improper VLAN configuration.

73
00:03:07,500 --> 00:03:09,360
Make sure you check your configuration

74
00:03:09,360 --> 00:03:10,740
and if there's a proper routing setup

75
00:03:10,740 --> 00:03:12,030
between the different VLANs,

76
00:03:12,030 --> 00:03:14,370
because the number one cause of issues when you're dealing

77
00:03:14,370 --> 00:03:16,860
with VLANs that will communicate is people aren't

78
00:03:16,860 --> 00:03:18,630
routing the traffic right.

79
00:03:18,630 --> 00:03:20,310
Another common mistake people make when dealing

80
00:03:20,310 --> 00:03:22,770
with VLANs is simply that they don't use them.

81
00:03:22,770 --> 00:03:24,390
Now, if you don't use VLANs, all

82
00:03:24,390 --> 00:03:27,452
of your traffic will end up in the default VLAN, VLAN 1.

83
00:03:27,452 --> 00:03:30,270
When this occurs, you're going to have a really large

84
00:03:30,270 --> 00:03:31,890
single broadcast domain.

85
00:03:31,890 --> 00:03:33,480
For example, if you have a server

86
00:03:33,480 --> 00:03:36,210
that's operating in VLAN 1, the default VLAN,

87
00:03:36,210 --> 00:03:37,920
it can experience slow load types

88
00:03:37,920 --> 00:03:40,950
because there's too many devices located inside VLAN 1

89
00:03:40,950 --> 00:03:42,690
and the number of broadcasts are going to slow

90
00:03:42,690 --> 00:03:44,400
down the entire VLAN.

91
00:03:44,400 --> 00:03:47,820
Instead, this server, which currently has an untagged port,

92
00:03:47,820 --> 00:03:50,340
and therefore it's assigned to VLAN 1 by default,

93
00:03:50,340 --> 00:03:53,240
should be added to the server VLAN with the other servers.

94
00:03:54,240 --> 00:03:55,890
This will segregate them from all the other client VLANs

95
00:03:55,890 --> 00:03:57,790
and increase their speed dramatically.