WEBVTT 00:04.069 --> 00:06.270 >> We talked about hubs. 00:06.270 --> 00:07.300 In the last section, 00:07.300 --> 00:08.470 >> we had talked about routers 00:08.470 --> 00:10.030 >> and said routers are going to isolate 00:10.030 --> 00:12.020 >> our network into broadcast domains. 00:12.020 --> 00:13.560 They can help subnet my network 00:13.560 --> 00:15.790 so I have different quality of service segments 00:15.790 --> 00:18.159 >> and privacy and security segments. 00:18.159 --> 00:19.930 >> A router really does a lot of good things 00:19.930 --> 00:22.674 >> for my network but a router is expensive. 00:22.674 --> 00:25.480 >> I'm not really taking a Linksys or a NETGEAR router. 00:25.480 --> 00:27.130 I'm talking about grown-up routers 00:27.130 --> 00:30.144 >> like you'd use in production, a real router. 00:30.144 --> 00:31.330 >> When we have these 00:31.330 --> 00:33.550 >> and I have the situation of my folks on the left 00:33.550 --> 00:34.510 >> and the sales team 00:34.510 --> 00:36.055 >> and my HR folks in the middle, 00:36.055 --> 00:37.960 and the VoIP network over on the right, 00:37.960 --> 00:38.710 I still want to create 00:38.710 --> 00:40.419 >> the separate segments or subnets, 00:40.419 --> 00:42.190 >> but I want to do it cheaper. 00:42.190 --> 00:44.050 That's when I bring back my switch 00:44.050 --> 00:47.639 >> and I enable a feature called VLANs, virtual LANs. 00:47.639 --> 00:49.460 >> A virtual LAN is a function of 00:49.460 --> 00:51.350 the operating system on a switch. 00:51.350 --> 00:53.735 Not every switch has VLAN capability. 00:53.735 --> 00:56.540 It's not required for a switch to support VLANs, 00:56.540 --> 00:57.620 but to tell you the truth, 00:57.620 --> 00:59.884 >> just about all of them today do. 00:59.884 --> 01:02.480 >> Typically a switch is a layer to a device. 01:02.480 --> 01:04.355 We said switches are layered too, 01:04.355 --> 01:06.965 they use MAC addresses to direct traffic. 01:06.965 --> 01:09.470 But when you implement a VLAN on the switch, 01:09.470 --> 01:10.790 you start to script the waters 01:10.790 --> 01:12.724 >> into meeting a Layer 3 switch, 01:12.724 --> 01:14.515 >> which is the next layer up. 01:14.515 --> 01:17.240 With VLANs, you assign certain ports 01:17.240 --> 01:19.494 >> on the switch to a particular VLAN. 01:19.494 --> 01:21.950 >> That VLAN all the hosts on that VLAN 01:21.950 --> 01:23.450 >> will share the same network ID, 01:23.450 --> 01:25.114 >> so all the hosts connected, 01:25.114 --> 01:27.145 >> say into ports 2, 3, and 8. 01:27.145 --> 01:30.365 Whatever ports I want will be part of the sales VLAN. 01:30.365 --> 01:32.300 The HR VLAN assigned 01:32.300 --> 01:34.040 >> to whatever ports I'm plugging into 01:34.040 --> 01:36.270 >> and the same with VoIP. 01:36.270 --> 01:39.155 >> Broadcast isolation is done through these VLANs. 01:39.155 --> 01:41.060 The sales VLAN broadcasts stay 01:41.060 --> 01:43.340 within the ports assigned to the sales VLAN, 01:43.340 --> 01:46.715 same thing for HR and same thing for VoIP. 01:46.715 --> 01:49.040 However, if you're trying to create VLANs on 01:49.040 --> 01:51.470 a Layer 2 switch because a Layer 2 switch does 01:51.470 --> 01:53.539 not understand IP addresses 01:53.539 --> 01:54.710 even though these VLANs 01:54.710 --> 01:56.389 >> can be created and kept separate, 01:56.389 --> 01:58.760 >> the VLANs cannot communicate. 01:58.760 --> 02:01.730 The reason for that is that a switch can't say, 02:01.730 --> 02:05.630 "An IP address at 172.16 goes out these ports," 02:05.630 --> 02:06.140 >> because the switch 02:06.140 --> 02:08.470 >> doesn't understand the IP addresses. 02:08.470 --> 02:10.410 What happens if you set up a VLAN 02:10.410 --> 02:11.649 >> with a Layer 2 switch, 02:11.649 --> 02:13.460 >> is that you have three separate subnets 02:13.460 --> 02:15.785 because they can't communicate with each other. 02:15.785 --> 02:17.090 There are some cases 02:17.090 --> 02:19.414 >> where that might actually be desirable. 02:19.414 --> 02:21.245 >> You might, for security purposes, 02:21.245 --> 02:23.855 truly want three totally isolated networks, 02:23.855 --> 02:25.280 but you probably want your networks 02:25.280 --> 02:26.704 >> to be able to communicate. 02:26.704 --> 02:28.370 >> If you want your VLANs to be able 02:28.370 --> 02:29.930 >> to communicate you need a device 02:29.930 --> 02:31.190 >> that functions at Layer 3 02:31.190 --> 02:33.609 >> and understands IP addresses. 02:33.609 --> 02:35.480 >> We can go back to the router 02:35.480 --> 02:37.550 >> or we can upgrade our Layer 2 switch 02:37.550 --> 02:39.380 >> and instead have a Layer 3 switch. 02:39.380 --> 02:41.450 >> Going back to the OSI model, 02:41.450 --> 02:44.470 that Layer 3 switch is where IP addressing is used. 02:44.470 --> 02:47.550 Your Layer 3 switches use IP addresses. 02:47.550 --> 02:50.945 Wrapping up with our network connectivity devices, 02:50.945 --> 02:52.039 we talked about hubs, 02:52.039 --> 02:53.210 >> which sends all data out, 02:53.210 --> 02:54.590 >> all ports all the time. 02:54.590 --> 02:56.690 Then we looked at switches that use MAC 02:56.690 --> 02:59.245 addressing because they are Layer 2 devices. 02:59.245 --> 03:01.640 They isolate traffic into collision domains, 03:01.640 --> 03:02.930 that way we can use all 03:02.930 --> 03:05.674 >> but eliminated collisions on our Ethernet networks. 03:05.674 --> 03:08.120 >> Then we looked at routers that isolate traffic 03:08.120 --> 03:09.410 >> and broadcast domains 03:09.410 --> 03:11.780 >> and they're able to interconnect different networks 03:11.780 --> 03:13.449 >> based on IP addresses, 03:13.449 --> 03:15.345 >> but routers are expensive. 03:15.345 --> 03:17.340 We talked about using VLANs to 03:17.340 --> 03:19.605 create that same broadcast isolation. 03:19.605 --> 03:22.280 If we create our VLANs on a Layer 3 switch, 03:22.280 --> 03:24.304 not only do we get the same isolation, 03:24.304 --> 03:28.260 but we also get inter-VLAN communication.