1 00:00:08,946 --> 00:00:11,608 - So let's talk a little bit more about broadcast domains 2 00:00:11,608 --> 00:00:15,435 and how we can manipulate them and control them on switches. 3 00:00:15,435 --> 00:00:17,768 Because after all this is one of the big benefits 4 00:00:17,768 --> 00:00:19,379 of switches is it gives us the ability 5 00:00:19,379 --> 00:00:23,837 to control and configure something called virtual LANs. 6 00:00:23,837 --> 00:00:26,565 So here we're going to talk about what are virtual LANs, 7 00:00:26,565 --> 00:00:30,732 why do we need them, and how do we configure and test them. 8 00:00:32,361 --> 00:00:35,033 Alright so in this particular picture right here 9 00:00:35,033 --> 00:00:37,537 we have two physically distinct, 10 00:00:37,537 --> 00:00:40,460 separate local area networks. 11 00:00:40,460 --> 00:00:42,857 We have a local area network for Sales 12 00:00:42,857 --> 00:00:45,641 and a local area network for Marketing. 13 00:00:45,641 --> 00:00:46,746 They're completely separate. 14 00:00:46,746 --> 00:00:48,809 They're not connected in any way. 15 00:00:48,809 --> 00:00:50,010 Maybe we did that intentionally 16 00:00:50,010 --> 00:00:51,865 because we have security reasons. 17 00:00:51,865 --> 00:00:53,777 You know those people in Sales, you know sometimes 18 00:00:53,777 --> 00:00:55,185 they get a little funny and we don't want them 19 00:00:55,185 --> 00:00:58,204 sending information to those people in Marketing, 20 00:00:58,204 --> 00:01:02,392 so we want to keep them completely separate and distinct. 21 00:01:02,392 --> 00:01:05,674 So we look at this and we say okay this is great 22 00:01:05,674 --> 00:01:09,260 but wouldn't it be better if instead of having 23 00:01:09,260 --> 00:01:12,364 two separate networking devices, two bridges, 24 00:01:12,364 --> 00:01:16,795 wouldn't it be great if we could just have one device? 25 00:01:16,795 --> 00:01:19,539 Both departments are connected to that one device 26 00:01:19,539 --> 00:01:23,858 but we're still able to keep them separated from each other. 27 00:01:23,858 --> 00:01:28,040 Because right now Sales is in their own broadcast domain. 28 00:01:28,040 --> 00:01:29,936 Right, because we know that bridges and switches 29 00:01:29,936 --> 00:01:34,103 when they receive in a frame, if the destination address 30 00:01:35,042 --> 00:01:37,050 of that frame is unknown, 31 00:01:37,050 --> 00:01:39,074 the switch does not have that in its table. 32 00:01:39,074 --> 00:01:41,778 Like a broadcast, like a multicast, 33 00:01:41,778 --> 00:01:43,794 or like a unicast MAC address that 34 00:01:43,794 --> 00:01:45,698 just has never been learned, 35 00:01:45,698 --> 00:01:48,892 the switch or the bridge will flood that frame. 36 00:01:48,892 --> 00:01:50,722 It'll send it out to all the other ports 37 00:01:50,722 --> 00:01:53,067 other than the one where it came in. 38 00:01:53,067 --> 00:01:55,034 So on the left we have a broadcast domain, 39 00:01:55,034 --> 00:01:56,922 and on the right we have a broadcast domain. 40 00:01:56,922 --> 00:02:00,244 Wouldn't it be nice if we could get rid of those two bridges 41 00:02:00,244 --> 00:02:02,524 and replace them with just a single device 42 00:02:02,524 --> 00:02:05,028 that still everybody could connect to 43 00:02:05,028 --> 00:02:08,164 but could maintain our isolation and separation 44 00:02:08,164 --> 00:02:10,972 of different broadcast domains? 45 00:02:10,972 --> 00:02:14,389 And that's exactly what virtual LANs are. 46 00:02:15,762 --> 00:02:18,130 So now we have a switch and we have configured 47 00:02:18,130 --> 00:02:20,842 our virtual LANs, and we've put the ports 48 00:02:20,842 --> 00:02:23,434 into those virtual LANs. 49 00:02:23,434 --> 00:02:27,210 And now it separates out our broadcast domains. 50 00:02:27,210 --> 00:02:30,001 So a virtual LAN that is the purpose of it. 51 00:02:30,001 --> 00:02:31,705 It separates broadcast domains. 52 00:02:31,705 --> 00:02:34,752 It gives you a little bit of flexibility and control. 53 00:02:34,752 --> 00:02:36,824 Now you might be wondering, well why would I want to 54 00:02:36,824 --> 00:02:39,089 separate out my broadcast domains? 55 00:02:39,089 --> 00:02:40,992 A variety of reasons. 56 00:02:40,992 --> 00:02:41,909 Number one. 57 00:02:43,186 --> 00:02:46,304 Every time an actual broadcast, 58 00:02:46,304 --> 00:02:50,011 an Ethernet frame with a destination MAC address of FFFFFFFF 59 00:02:50,011 --> 00:02:53,306 or all ones in binary, every time an Ethernet frame 60 00:02:53,306 --> 00:02:57,480 with a destination of a broadcast hits your NIC card, 61 00:02:57,480 --> 00:03:00,400 your NIC card has to take that in, 62 00:03:00,400 --> 00:03:03,064 send it up to the CPU of your laptop, 63 00:03:03,064 --> 00:03:05,312 and your laptop has to inspect it. 64 00:03:05,312 --> 00:03:09,368 Now if it's just one broadcast, not a big deal. 65 00:03:09,368 --> 00:03:11,599 But as the broadcast domain gets bigger and bigger 66 00:03:11,599 --> 00:03:16,040 and bigger, if I go from having four devices to 14 devices 67 00:03:16,040 --> 00:03:19,722 to 400 devices all in one broadcast domain, 68 00:03:19,722 --> 00:03:21,974 you're going to see a lot of broadcasts. 69 00:03:21,974 --> 00:03:24,395 Broadcasts are used by a lot of legitimate protocols. 70 00:03:24,395 --> 00:03:26,147 ARP uses broadcasts. 71 00:03:26,147 --> 00:03:28,539 DHCP uses broadcasts. 72 00:03:28,539 --> 00:03:30,859 There's a lot of things that use broadcasts. 73 00:03:30,859 --> 00:03:32,347 You would be surprised at how frequently 74 00:03:32,347 --> 00:03:34,827 your laptop is sending out broadcasts 75 00:03:34,827 --> 00:03:36,587 without you even touching it, 76 00:03:36,587 --> 00:03:38,677 without you even touching the keyboard. 77 00:03:38,677 --> 00:03:42,619 So if you can imagine your CPU is getting busier and busier 78 00:03:42,619 --> 00:03:45,371 and busier, processing all these broadcasts 79 00:03:45,371 --> 00:03:46,916 as they're coming in. 80 00:03:46,916 --> 00:03:48,859 That's going to have an effect on you. 81 00:03:48,859 --> 00:03:51,307 Your websites are going to seem to load slower. 82 00:03:51,307 --> 00:03:52,827 Your email's going to load slower. 83 00:03:52,827 --> 00:03:55,805 Anything that has to do with networking on your laptop 84 00:03:55,805 --> 00:03:58,267 is going to start grinding to a halt. 85 00:03:58,267 --> 00:04:00,563 So that's one reason why we might want to take 86 00:04:00,563 --> 00:04:02,323 a rather large network and partition it 87 00:04:02,323 --> 00:04:06,333 into different VLANs, into different broadcast domains. 88 00:04:06,333 --> 00:04:08,915 Also for security restrictions. 89 00:04:08,915 --> 00:04:11,979 So from a layer 3 perspective, an IP perspective, 90 00:04:11,979 --> 00:04:14,420 all the devices in one broadcast domain 91 00:04:14,420 --> 00:04:16,075 are in the same subnet. 92 00:04:16,075 --> 00:04:18,755 They're in the same IP network. 93 00:04:18,755 --> 00:04:21,779 Well when it comes to doing security like say, 94 00:04:21,779 --> 00:04:26,005 okay I want Joe to be able to get to this server over here, 95 00:04:26,005 --> 00:04:29,366 but I don't want Sally to be able to get to the server. 96 00:04:29,366 --> 00:04:32,455 If everybody's on the same subnet and same broadcast domain, 97 00:04:32,455 --> 00:04:34,955 that's possible but it's hard. 98 00:04:35,824 --> 00:04:37,432 As a matter of fact at the CCNA level, 99 00:04:37,432 --> 00:04:38,792 you don't even learn how to do that. 100 00:04:38,792 --> 00:04:40,416 Once you go into the CCNP level 101 00:04:40,416 --> 00:04:42,824 and you're starting for your CCNP switch exam, 102 00:04:42,824 --> 00:04:45,120 then you'll learn of ways to do that. 103 00:04:45,120 --> 00:04:46,983 But it's difficult. 104 00:04:46,983 --> 00:04:48,576 It's a lot easier if I can separate people 105 00:04:48,576 --> 00:04:52,743 into different broadcast domains, different subnets, 106 00:04:53,744 --> 00:04:56,112 there's a lot of other ways, a lot of easier ways, 107 00:04:56,112 --> 00:04:59,112 to prevent devices from one subnet 108 00:04:59,112 --> 00:05:01,402 from talking to another subnet. 109 00:05:01,402 --> 00:05:03,784 But when we're all in the same subnet on the same VLAN, 110 00:05:03,784 --> 00:05:05,690 that gets kind of tricky. 111 00:05:05,690 --> 00:05:07,600 So from a security perspective, you might want to 112 00:05:07,600 --> 00:05:09,907 break up your network into different partitions 113 00:05:09,907 --> 00:05:11,490 or different VLANs. 114 00:05:12,752 --> 00:05:16,409 So provides better security, controls broadcast like ARP, 115 00:05:16,409 --> 00:05:20,412 and provides hierarchical subnet usage. 116 00:05:20,412 --> 00:05:23,271 Not really going to expand on that one all that much. 117 00:05:23,271 --> 00:05:26,021 So as far as VLANs are concerned, 118 00:05:26,940 --> 00:05:29,204 and this is the way it's been for decades, 119 00:05:29,204 --> 00:05:32,778 the VLAN range is from 1 to 4094. 120 00:05:32,778 --> 00:05:35,011 So that's the VLANs you have available to you. 121 00:05:35,011 --> 00:05:39,178 Now there are some VLANs that are called normal-range VLANs, 122 00:05:40,105 --> 00:05:41,355 1 through 1001. 123 00:05:42,224 --> 00:05:44,062 And usually people just stick with VLANs 124 00:05:44,062 --> 00:05:47,094 in that number, in that range. 125 00:05:47,094 --> 00:05:48,414 Now it's completely up to you. 126 00:05:48,414 --> 00:05:50,990 You say okay, so I've decided that I want Payroll, 127 00:05:50,990 --> 00:05:54,351 all of the people in Payroll to be in one IP subnet, 128 00:05:54,351 --> 00:05:56,159 and I'll put them in a VLAN. 129 00:05:56,159 --> 00:05:57,730 Which VLAN should it be? 130 00:05:57,730 --> 00:05:58,671 It's up to you. 131 00:05:58,671 --> 00:06:00,464 You could select VLAN 2 for them. 132 00:06:00,464 --> 00:06:03,319 You could select VLAN 359. 133 00:06:03,319 --> 00:06:05,015 Completely up to you. 134 00:06:05,015 --> 00:06:06,487 Completely up to you. 135 00:06:06,487 --> 00:06:08,471 It's just the main thing to remember is that 136 00:06:08,471 --> 00:06:13,216 one IP subnet has to be in its own unique VLAN number, 137 00:06:13,216 --> 00:06:17,432 and another IP subnet has to be in a different VLAN number. 138 00:06:17,432 --> 00:06:20,900 You can't have two different subnets at Layer 3 139 00:06:20,900 --> 00:06:22,860 sharing the same VLAN. 140 00:06:22,860 --> 00:06:24,406 Because if you do that, 141 00:06:24,406 --> 00:06:26,805 now they're seeing each other's broadcasts. 142 00:06:26,805 --> 00:06:29,787 And that's exactly what we wanted to avoid. 143 00:06:29,787 --> 00:06:31,868 Also just the reverse is true. 144 00:06:31,868 --> 00:06:35,222 I can't have a user over here who's in one subnet, 145 00:06:35,222 --> 00:06:38,537 a user over here who's in the exact same subnet, 146 00:06:38,537 --> 00:06:41,489 same network, but they're in two different VLANs. 147 00:06:41,489 --> 00:06:43,498 If they're in two different VLANs, 148 00:06:43,498 --> 00:06:45,193 they're not sharing broadcasts. 149 00:06:45,193 --> 00:06:49,128 At Layer 3, they think they're in the same broadcast domain. 150 00:06:49,128 --> 00:06:51,296 They say, oh I'm in the same subnet as that guy. 151 00:06:51,296 --> 00:06:52,879 I can ARP for him. 152 00:06:52,879 --> 00:06:54,824 But ARP is a broadcast. 153 00:06:54,824 --> 00:06:56,584 When you send out an ARP request for something 154 00:06:56,584 --> 00:06:59,279 that you think is in your network, 155 00:06:59,279 --> 00:07:00,823 that's making the assumption 156 00:07:00,823 --> 00:07:03,659 that that broadcast can get to that guy. 157 00:07:03,659 --> 00:07:06,442 But if in reality, he's in a different VLAN, 158 00:07:06,442 --> 00:07:09,226 even if at Layer 3, he's in the same subnet as you. 159 00:07:09,226 --> 00:07:11,785 But if he's in a different broadcast domain, 160 00:07:11,785 --> 00:07:15,766 in a different VLAN, your broadcast will not reach him. 161 00:07:15,766 --> 00:07:19,334 And I'm going to demonstrate that here in just a moment. 162 00:07:19,334 --> 00:07:20,870 So some of the VLANs right there in the middle, 163 00:07:20,870 --> 00:07:23,537 1002 through 1005, are reserved. 164 00:07:24,422 --> 00:07:27,046 I don't think you're ever going to be tested on that 165 00:07:27,046 --> 00:07:29,622 they're reserved for token ring necessarily, 166 00:07:29,622 --> 00:07:30,974 but you should remember that those ones 167 00:07:30,974 --> 00:07:32,183 there in the middle are reserved. 168 00:07:32,183 --> 00:07:33,392 You cannot use them. 169 00:07:33,392 --> 00:07:34,225 They're unusable. 170 00:07:34,225 --> 00:07:35,262 So you should probably remember 171 00:07:35,262 --> 00:07:38,262 that 1002 through 1005 are unusable. 172 00:07:39,302 --> 00:07:42,734 And then the higher numbers 1006 through 4094 173 00:07:42,734 --> 00:07:45,512 are extended-range VLANs. 174 00:07:45,512 --> 00:07:48,398 Once again, once you get to the CCNP switch exam, 175 00:07:48,398 --> 00:07:50,190 we learn more about those. 176 00:07:50,190 --> 00:07:52,480 And there are some caveats and gotchas as far as 177 00:07:52,480 --> 00:07:55,748 if you want to use those, there are certain other things 178 00:07:55,748 --> 00:07:57,603 you have to do first. 179 00:07:57,603 --> 00:08:02,258 At the CCNA level though, we don't really get into that. 180 00:08:02,258 --> 00:08:04,619 Okay so how do I configure VLAN? 181 00:08:04,619 --> 00:08:09,079 So remember that initially when you turn on a switch, 182 00:08:09,079 --> 00:08:12,772 review question, when you turn on a switch are the ports 183 00:08:12,772 --> 00:08:16,605 on the switch by default administratively down 184 00:08:17,626 --> 00:08:19,959 or administratively enabled? 185 00:08:22,479 --> 00:08:25,021 They are administratively enabled. 186 00:08:25,021 --> 00:08:26,814 Routers, their interfaces are 187 00:08:26,814 --> 00:08:29,181 administratively shut down by default. 188 00:08:29,181 --> 00:08:31,309 But by default, switch ports are up 189 00:08:31,309 --> 00:08:32,629 as soon as you plug something in. 190 00:08:32,629 --> 00:08:34,421 Now when you get a switch, 191 00:08:34,421 --> 00:08:38,919 whether it's got eight ports or whether it's got 200 ports, 192 00:08:38,919 --> 00:08:42,208 the default behavior is that all those interfaces 193 00:08:42,208 --> 00:08:44,875 are in VLAN 1, the default VLAN. 194 00:08:45,822 --> 00:08:46,655 You should remember that. 195 00:08:46,655 --> 00:08:47,781 VLAN 1 is already there. 196 00:08:47,781 --> 00:08:49,294 You don't have to configure it. 197 00:08:49,294 --> 00:08:53,261 It is the default VLAN and all the interfaces are in it. 198 00:08:53,261 --> 00:08:55,446 Now if you say, oh okay well that's cool 199 00:08:55,446 --> 00:08:58,213 because that one switch is going to be connected to Payroll. 200 00:08:58,213 --> 00:09:01,549 Nobody but Payroll is going to be connected to that switch. 201 00:09:01,549 --> 00:09:03,917 And everybody in Payroll is going to be in the same subnet, 202 00:09:03,917 --> 00:09:06,477 so they're going to be in the same broadcast domain. 203 00:09:06,477 --> 00:09:07,525 No problem then. 204 00:09:07,525 --> 00:09:08,741 You don't have to create any VLANs. 205 00:09:08,741 --> 00:09:10,550 You don't have to change any VLANs. 206 00:09:10,550 --> 00:09:13,810 But if you do want to go on a switch 207 00:09:13,810 --> 00:09:15,090 and you want to create some new VLANs, 208 00:09:15,090 --> 00:09:17,191 it's a two-step process. 209 00:09:17,191 --> 00:09:21,358 Step number one is just creating it and naming it, 210 00:09:22,502 --> 00:09:26,107 like VLAN 2, VLAN 9, just basically telling the switch 211 00:09:26,107 --> 00:09:29,283 I'm creating a new VLAN on you. 212 00:09:29,283 --> 00:09:33,366 VLAN 200, VLAN 300, that's literally the command. 213 00:09:34,562 --> 00:09:36,226 VLAN and the VLAN ID. 214 00:09:36,226 --> 00:09:37,762 Don't even worry about the legacy way. 215 00:09:37,762 --> 00:09:39,474 Nobody does that. 216 00:09:39,474 --> 00:09:41,082 This is the way you're going to do it. 217 00:09:41,082 --> 00:09:42,466 This is the way you're going to do it. 218 00:09:42,466 --> 00:09:44,905 Config t, go into global config mode, 219 00:09:44,905 --> 00:09:47,378 and then just type vlan and the number. 220 00:09:47,378 --> 00:09:49,045 Like vlan 5, vlan 7. 221 00:09:50,691 --> 00:09:52,179 Optionally if you want to. 222 00:09:52,179 --> 00:09:53,347 This is optional. 223 00:09:53,347 --> 00:09:54,995 You can provide it a name. 224 00:09:54,995 --> 00:09:56,051 And this kind of helps if you're looking at 225 00:09:56,051 --> 00:09:58,612 the running config and it says VLAN 2 226 00:09:58,612 --> 00:10:01,420 and then underneath it it says Engineering VLAN. 227 00:10:01,420 --> 00:10:03,323 And then VLAN 3, Marketing VLAN. 228 00:10:03,323 --> 00:10:07,057 Now you know, oh okay, I know why these VLANs were created. 229 00:10:07,057 --> 00:10:08,833 You don't have to give it a name, 230 00:10:08,833 --> 00:10:11,745 but it's just kind of nice, a descriptive characteristic. 231 00:10:11,745 --> 00:10:14,297 Now that's step number one. 232 00:10:14,297 --> 00:10:17,193 Just because I created VLAN 5, 233 00:10:17,193 --> 00:10:19,633 the switch can't read my mind. 234 00:10:19,633 --> 00:10:20,907 It doesn't have telepathy. 235 00:10:20,907 --> 00:10:23,357 It doesn't know which interfaces 236 00:10:23,357 --> 00:10:26,074 I want to put into that broadcast domain. 237 00:10:26,074 --> 00:10:27,897 So that's the second step. 238 00:10:27,897 --> 00:10:29,898 Now we have to go into the interfaces, right. 239 00:10:29,898 --> 00:10:32,481 Interface, Fast Ethernet, whatever. 240 00:10:32,481 --> 00:10:35,564 And apply that VLAN to the interface. 241 00:10:37,002 --> 00:10:38,890 And here's how we do that. 242 00:10:38,890 --> 00:10:41,547 We type switchport mode access. 243 00:10:41,547 --> 00:10:42,938 We saw that in the last slide, right? 244 00:10:42,938 --> 00:10:43,954 In the last video? 245 00:10:43,954 --> 00:10:45,519 That's saying this interface 246 00:10:45,519 --> 00:10:48,399 is in one broadcast domain only. 247 00:10:48,399 --> 00:10:52,228 Now if all I did was type that, it would still be in VLAN 1. 248 00:10:52,228 --> 00:10:54,452 I really wouldn't have done much. 249 00:10:54,452 --> 00:10:58,647 But then I typed switchport access vlan whatever. 250 00:10:58,647 --> 00:11:00,368 Switchport access vlan 2 251 00:11:00,368 --> 00:11:02,407 if I want it to be in that broadcast domain. 252 00:11:02,407 --> 00:11:04,287 Switchport access vlan 99 253 00:11:04,287 --> 00:11:07,391 if I want it to be in that broadcast domain. 254 00:11:07,391 --> 00:11:11,558 So critical thing I want you to take away from this, 255 00:11:12,413 --> 00:11:13,580 on switchports 256 00:11:15,591 --> 00:11:20,011 the mode dictates what the interface is doing. 257 00:11:20,011 --> 00:11:21,539 The main mode we've really focused on 258 00:11:21,539 --> 00:11:23,789 so far is just access mode. 259 00:11:24,870 --> 00:11:27,222 There are other modes as well. 260 00:11:27,222 --> 00:11:29,262 When we talk about trunking in the next section, 261 00:11:29,262 --> 00:11:30,952 we're going to get into that. 262 00:11:30,952 --> 00:11:34,288 So but why I'm saying that is because, 263 00:11:34,288 --> 00:11:37,744 if you look at the running config of a switch 264 00:11:37,744 --> 00:11:39,184 and you see on a particular interface 265 00:11:39,184 --> 00:11:42,017 it says switchport access vlan 20, 266 00:11:43,243 --> 00:11:46,801 you can't automatically assume that that interface 267 00:11:46,801 --> 00:11:51,701 is just in VLAN 20 and it's providing access to some device. 268 00:11:51,701 --> 00:11:55,486 You can't assume that just from this command right here. 269 00:11:55,486 --> 00:11:57,005 This command does not tell you 270 00:11:57,005 --> 00:12:00,706 how this interface is operating right now. 271 00:12:00,706 --> 00:12:02,866 All that command says is 272 00:12:02,866 --> 00:12:06,699 if this interface ever becomes an access port, 273 00:12:07,686 --> 00:12:11,907 if it's ever in that mode, then while it's an access port, 274 00:12:11,907 --> 00:12:15,306 it's going to be in this VLAN right here. 275 00:12:15,306 --> 00:12:18,281 But we don't know from this command what the mode is. 276 00:12:18,281 --> 00:12:21,448 That's where this command is critical. 277 00:12:22,342 --> 00:12:24,989 So if this interface was in some other kind of mode, 278 00:12:24,989 --> 00:12:28,133 you might think oh okay well if I put it in some other mode 279 00:12:28,133 --> 00:12:30,509 this right here will just vanish from the configuration, 280 00:12:30,509 --> 00:12:31,701 right? 281 00:12:31,701 --> 00:12:32,989 Nope. 282 00:12:32,989 --> 00:12:34,157 This could be in another mode 283 00:12:34,157 --> 00:12:38,152 and you would still see this in your running config. 284 00:12:38,152 --> 00:12:42,224 So the point I'm trying to make to you is, step number one, 285 00:12:42,224 --> 00:12:43,490 when doing any kind of troubleshooting is 286 00:12:43,490 --> 00:12:46,657 identify what mode is my interface in. 287 00:12:47,568 --> 00:12:49,048 Because then you can look at a running config 288 00:12:49,048 --> 00:12:52,096 and you can say oh okay well these commands I can ignore 289 00:12:52,096 --> 00:12:54,776 because they don't apply to the particular mode 290 00:12:54,776 --> 00:12:57,443 that I'm operating in right now. 291 00:12:59,037 --> 00:13:00,405 And some verification commands. 292 00:13:00,405 --> 00:13:02,221 Show vlan is probably the command 293 00:13:02,221 --> 00:13:04,021 you're going to use the most often. 294 00:13:04,021 --> 00:13:05,605 It shows you the VLANs that you've got 295 00:13:05,605 --> 00:13:08,341 and what interfaces are applied to those VLANs. 296 00:13:08,341 --> 00:13:10,582 And you can also do show interface, 297 00:13:10,582 --> 00:13:13,972 like show interface Fast Ethernet 0/1, 298 00:13:13,972 --> 00:13:16,902 and then the keyword of switchport at the end. 299 00:13:16,902 --> 00:13:18,812 Let's do some demonstrations of this. 300 00:13:18,812 --> 00:13:22,833 So for this demonstration, I've created this topology here 301 00:13:22,833 --> 00:13:23,802 which I'm going to be using. 302 00:13:23,802 --> 00:13:26,185 So I've got switch 2. 303 00:13:26,185 --> 00:13:29,563 And in my particular lab which is a real light, 304 00:13:29,563 --> 00:13:31,755 I'm using INE's rack so INE's rack rentals. 305 00:13:31,755 --> 00:13:36,270 So if you ever buy some tokens and you do some 306 00:13:36,270 --> 00:13:38,940 rack rental time on our CCNA/CCNP racks, 307 00:13:38,940 --> 00:13:40,902 that's exactly what I'm going to be using here 308 00:13:40,902 --> 00:13:41,735 in this demonstration 309 00:13:41,735 --> 00:13:44,749 and most of our demonstrations coming up. 310 00:13:44,749 --> 00:13:46,532 So I've got a switch, but in our racks 311 00:13:46,532 --> 00:13:48,261 we don't actually have any real Hosts. 312 00:13:48,261 --> 00:13:51,332 There's no laptops or Pcs in the racks. 313 00:13:51,332 --> 00:13:53,836 So I'm actually using Routers. 314 00:13:53,836 --> 00:13:57,034 This is actually Router 1, Router 2, and Router 3. 315 00:13:57,034 --> 00:13:59,306 But I'm going to pretend that they're Hosts. 316 00:13:59,306 --> 00:14:02,250 I've just given them IP addresses, 317 00:14:02,250 --> 00:14:04,762 and we're just going to be using them to initiate pings. 318 00:14:04,762 --> 00:14:06,770 So they're not going to be doing any fancy routing stuff. 319 00:14:06,770 --> 00:14:08,819 Let's just pretend that they're Hosts. 320 00:14:08,819 --> 00:14:11,210 And I changed their names, their Host names, 321 00:14:11,210 --> 00:14:15,967 to Host 1, Host 2, Host 3 just for demonstration purposes. 322 00:14:15,967 --> 00:14:17,583 Okay. 323 00:14:17,583 --> 00:14:21,655 So let's go on to Switch 2 to begin with. 324 00:14:21,655 --> 00:14:24,514 And what I recommend that you might want to do is right now 325 00:14:24,514 --> 00:14:25,438 if you haven't already done this, 326 00:14:25,438 --> 00:14:28,390 take a screenshot of this image. 327 00:14:28,390 --> 00:14:30,198 That way when I log into the devices, 328 00:14:30,198 --> 00:14:32,839 you can be looking at the screenshot 329 00:14:32,839 --> 00:14:35,415 while I'm showing you the command line 330 00:14:35,415 --> 00:14:38,359 and you won't get confused as to which device I'm in 331 00:14:38,359 --> 00:14:40,990 and port numbers and all that kind of stuff. 332 00:14:40,990 --> 00:14:42,686 Okay so hopefully you had enough time 333 00:14:42,686 --> 00:14:46,987 or you've paused the video and you've taken that screenshot. 334 00:14:46,987 --> 00:14:48,820 So let's go over here. 335 00:14:50,477 --> 00:14:54,126 So first of all, I'm going to go ahead and I am in Switch 2. 336 00:14:54,126 --> 00:14:55,659 Remember user exec mode. 337 00:14:55,659 --> 00:14:56,922 You can't really do anything from here, 338 00:14:56,922 --> 00:14:59,005 so I want to type enable. 339 00:15:00,074 --> 00:15:00,938 So the first thing I want to see is 340 00:15:00,938 --> 00:15:03,186 what VLANs are in this switch. 341 00:15:03,186 --> 00:15:04,770 Honestly I don't know if this switch 342 00:15:04,770 --> 00:15:06,809 has just the default VLANs. 343 00:15:06,809 --> 00:15:08,309 There might be some other VLANs in here 344 00:15:08,309 --> 00:15:10,535 from some previous labs that I did. 345 00:15:10,535 --> 00:15:14,365 So I'm just going to type show vlan. 346 00:15:14,365 --> 00:15:16,645 Okay it just has the default VLAN. 347 00:15:16,645 --> 00:15:18,478 So we see here VLAN 1. 348 00:15:20,464 --> 00:15:22,776 There has been no name configured 349 00:15:22,776 --> 00:15:25,704 so the name is just default. 350 00:15:25,704 --> 00:15:27,201 And it's active. 351 00:15:27,201 --> 00:15:29,600 And you can see these are all the ports 352 00:15:29,600 --> 00:15:31,433 that are in that VLAN. 353 00:15:32,680 --> 00:15:36,747 Now if a port, if you know there's a port on the switch 354 00:15:36,747 --> 00:15:38,507 but it does not show up here, 355 00:15:38,507 --> 00:15:40,894 but you know that port is actually up 356 00:15:40,894 --> 00:15:42,320 and connected to something, 357 00:15:42,320 --> 00:15:44,392 if it's not anywhere in this output, 358 00:15:44,392 --> 00:15:48,650 that means that port is not an access port. 359 00:15:48,650 --> 00:15:52,283 Only ports that are in the switchport mode access 360 00:15:52,283 --> 00:15:54,946 will show up here as access ports 361 00:15:54,946 --> 00:15:57,490 in the various VLANs that you've got. 362 00:15:57,490 --> 00:15:59,756 If it's not here then that means it's in some other mode, 363 00:15:59,756 --> 00:16:02,346 probably what we call trunking mode 364 00:16:02,346 --> 00:16:04,706 that we'll talk about in another video. 365 00:16:04,706 --> 00:16:08,044 So right now we have this and so if we look at that, 366 00:16:08,044 --> 00:16:09,747 that means all three of these interfaces 367 00:16:09,747 --> 00:16:11,555 are in the same VLAN. 368 00:16:11,555 --> 00:16:14,388 Let me go ahead and bring them up. 369 00:16:18,103 --> 00:16:19,551 By the way, this command I'm doing right here, 370 00:16:19,551 --> 00:16:22,967 this is a useful command on switches, interface range. 371 00:16:22,967 --> 00:16:25,581 This way you can group a bunch of interfaces together. 372 00:16:25,581 --> 00:16:29,158 And now the configuration command I apply is going to apply 373 00:16:29,158 --> 00:16:31,262 across all of them at the same time. 374 00:16:31,262 --> 00:16:32,760 So I don't have to get into each interface 375 00:16:32,760 --> 00:16:34,782 one at a time at a time. 376 00:16:34,782 --> 00:16:37,792 So I'll just do no shutdown. 377 00:16:37,792 --> 00:16:40,702 I disabled them purposefully before this lab 378 00:16:40,702 --> 00:16:42,369 just to demonstrate. 379 00:16:43,280 --> 00:16:46,280 Okay so I'm going to go into Host 1. 380 00:16:49,431 --> 00:16:51,608 And we can see that Host 1 in his ARP table 381 00:16:51,608 --> 00:16:54,360 all he knows about is himself. 382 00:16:54,360 --> 00:16:58,707 Now because they are all three in the same subnet. 383 00:16:58,707 --> 00:17:01,087 You can see they're all three in the 1.2.3 network. 384 00:17:01,087 --> 00:17:03,337 And I'll put a circle here. 385 00:17:05,079 --> 00:17:09,246 They're all three in the same VLAN which is VLAN 1. 386 00:17:12,992 --> 00:17:16,069 They should be able to exchange broadcasts. 387 00:17:16,069 --> 00:17:18,236 So if on PC 1 I ping PC 2, 388 00:17:20,286 --> 00:17:21,333 the first thing it's going to do, 389 00:17:21,333 --> 00:17:22,980 it's going to send out an ARP request. 390 00:17:22,980 --> 00:17:25,124 So my first ping will probably fail. 391 00:17:25,124 --> 00:17:28,039 That ARP request will be a broadcast. 392 00:17:28,039 --> 00:17:32,206 So when it's broadcast, PC 2 and PC 3 will see it. 393 00:17:33,258 --> 00:17:36,603 And then PC 2 will respond back to that with an ARP reply. 394 00:17:36,603 --> 00:17:38,611 And then the ping should go through. 395 00:17:38,611 --> 00:17:40,955 So if PC 1 can actually ping PC 2, 396 00:17:40,955 --> 00:17:42,707 that will prove the broadcast works. 397 00:17:42,707 --> 00:17:44,499 And actually because this is a Router, 398 00:17:44,499 --> 00:17:46,499 I have the ability to turn on a debug 399 00:17:46,499 --> 00:17:48,659 to actually watch the ARP go out. 400 00:17:48,659 --> 00:17:50,766 And I'm going to do that. 401 00:17:50,766 --> 00:17:51,849 So debug arp. 402 00:17:55,026 --> 00:17:57,359 So here we go, ping 1.2.3.2. 403 00:18:00,948 --> 00:18:04,281 Alright undebug all turns off the debug. 404 00:18:05,841 --> 00:18:08,274 So we can see here, as soon as I did the ping, 405 00:18:08,274 --> 00:18:10,524 we see IP ARP sent request. 406 00:18:13,054 --> 00:18:14,654 So he sent an ARP request. 407 00:18:14,654 --> 00:18:16,118 He says this is me. 408 00:18:16,118 --> 00:18:17,934 This is my MAC. 409 00:18:17,934 --> 00:18:20,550 And I'm looking for 1.2.3.2. 410 00:18:20,550 --> 00:18:23,110 I don't know his MAC. 411 00:18:23,110 --> 00:18:25,846 And because they are in the same broadcast domain, 412 00:18:25,846 --> 00:18:27,750 we received an ARP response. 413 00:18:27,750 --> 00:18:29,083 Received, reply. 414 00:18:30,978 --> 00:18:33,259 And now we can see here the MAC address. 415 00:18:33,259 --> 00:18:37,005 And then the pings were successful after that. 416 00:18:37,005 --> 00:18:40,140 Now I'm also going to do the same thing. 417 00:18:40,140 --> 00:18:43,003 I'm going to ping 1.2.3.3. 418 00:18:43,003 --> 00:18:44,179 He's ARPing for him right now. 419 00:18:44,179 --> 00:18:45,843 I turned off the debug. 420 00:18:45,843 --> 00:18:47,787 And now when I do show arp, 421 00:18:47,787 --> 00:18:51,158 we can see he's learned about everything in his ARP table. 422 00:18:51,158 --> 00:18:53,870 So all three of these guys know about each other. 423 00:18:53,870 --> 00:18:56,787 Now look what happens if I do this. 424 00:18:58,227 --> 00:19:01,977 I'm going to leave these two ports in VLAN 1, 425 00:19:03,963 --> 00:19:07,436 but I'm going to take this port right here 426 00:19:07,436 --> 00:19:11,519 and I'm going to create a new VLAN called VLAN 2. 427 00:19:12,791 --> 00:19:16,866 And I'm going to put this interface in that port. 428 00:19:16,866 --> 00:19:20,283 So that's step number one, let's do that. 429 00:19:23,159 --> 00:19:24,958 So the first step is to create the VLAN. 430 00:19:24,958 --> 00:19:28,086 So I have to go into global configuration mode to do that. 431 00:19:28,086 --> 00:19:30,003 And I just type vlan 2. 432 00:19:31,231 --> 00:19:33,326 And I could give it a name if I want. 433 00:19:33,326 --> 00:19:35,993 Name let's just say Engineering. 434 00:19:37,553 --> 00:19:38,511 Okay. 435 00:19:38,511 --> 00:19:40,943 And now I haven't done, I haven't applied the VLAN 436 00:19:40,943 --> 00:19:42,343 to an interface yet. 437 00:19:42,343 --> 00:19:45,182 So now when I do the show vlan command, 438 00:19:45,182 --> 00:19:48,924 you can see there it is with the name. 439 00:19:48,924 --> 00:19:52,563 But there are no interfaces associated with it yet. 440 00:19:52,563 --> 00:19:54,027 So now what I need to do is I need to go to 441 00:19:54,027 --> 00:19:56,450 interface Fast Ethernet 0/3 442 00:19:56,450 --> 00:19:59,367 and apply VLAN 2 to that interface. 443 00:20:02,986 --> 00:20:04,290 And that is the switchport. 444 00:20:04,290 --> 00:20:08,066 We want to do switchport mode access 445 00:20:08,066 --> 00:20:10,899 and then switchport access vlan 2. 446 00:20:12,962 --> 00:20:15,866 That's the command that moves it from VLAN 1, 447 00:20:15,866 --> 00:20:19,283 which is what it was in, now into VLAN 2. 448 00:20:20,323 --> 00:20:23,706 And now if I do the show vlan command, 449 00:20:23,706 --> 00:20:26,956 now we see that interface is in VLAN 2. 450 00:20:28,022 --> 00:20:28,855 Okay. 451 00:20:30,198 --> 00:20:33,115 Now here's an interesting question. 452 00:20:34,188 --> 00:20:36,188 If we go over to Host 1, 453 00:20:38,293 --> 00:20:39,126 show arp, 454 00:20:40,741 --> 00:20:42,131 okay? 455 00:20:42,131 --> 00:20:46,298 He thinks that 1.2.3.3 is this MAC address right here. 456 00:20:48,261 --> 00:20:52,453 I can't memorize that, so I'm just going to remember 457 00:20:52,453 --> 00:20:55,036 the last four characters, 6dd8. 458 00:20:56,438 --> 00:20:57,271 6dd8. 459 00:20:59,619 --> 00:21:00,452 So this is 460 00:21:02,776 --> 00:21:03,609 6dd8. 461 00:21:04,729 --> 00:21:06,305 That's him. 462 00:21:06,305 --> 00:21:07,722 And Router 1 says 463 00:21:10,732 --> 00:21:12,149 in his ARP table, 464 00:21:13,836 --> 00:21:15,836 1.2.3.3 equals MAC 6dd8. 465 00:21:22,393 --> 00:21:26,106 Make this a little bit bigger here. 466 00:21:26,106 --> 00:21:30,023 Okay, but this MAC address, back when Router 1, 467 00:21:31,268 --> 00:21:34,268 Host 1 ARPed, the ARP was successful 468 00:21:35,107 --> 00:21:39,443 back when PC 3 was in the same VLAN, when he was in VLAN 1. 469 00:21:39,443 --> 00:21:42,943 And 6dd8 was originally learned in VLAN 1. 470 00:21:44,028 --> 00:21:46,493 Is it still in VLAN 1? 471 00:21:46,493 --> 00:21:50,550 Well let's take a look at the MAC address table. 472 00:21:50,550 --> 00:21:52,467 Show mac address-table. 473 00:21:54,420 --> 00:21:58,704 And we're looking for an address ending with 6dd8. 474 00:21:58,704 --> 00:22:01,704 Look at this, 6dd8 is now in VLAN 2. 475 00:22:05,089 --> 00:22:05,922 In VLAN 2. 476 00:22:09,363 --> 00:22:13,292 So what's going to happen if PC 1 pings, 477 00:22:13,292 --> 00:22:15,186 because he already has an ARP entry, right? 478 00:22:15,186 --> 00:22:16,826 He already thinks hey I don't have to ARP anymore. 479 00:22:16,826 --> 00:22:18,610 I know the guy's MAC address. 480 00:22:18,610 --> 00:22:21,643 Let's think about what's going to happen here. 481 00:22:21,643 --> 00:22:24,370 So it's going to come in this way. 482 00:22:24,370 --> 00:22:28,914 And I'm going to draw it over here because I have more room. 483 00:22:28,914 --> 00:22:31,664 So the IP source will be 1.2.3.1. 484 00:22:35,659 --> 00:22:38,576 The IP destination will be 1.2.3.3. 485 00:22:40,694 --> 00:22:44,027 The MAC source will be whatever PC 1 is. 486 00:22:46,439 --> 00:22:50,606 And the MAC destination is going to be xxxx.xxxx.6dd8. 487 00:22:54,681 --> 00:22:56,858 Now when that comes into this port, 488 00:22:56,858 --> 00:22:58,891 what's that switch going to do? 489 00:22:58,891 --> 00:23:01,217 You might think oh well no problem. 490 00:23:01,217 --> 00:23:03,658 I means he's going to look at his MAC at his table, right 491 00:23:03,658 --> 00:23:06,273 and he's going to find 6dd8. 492 00:23:06,273 --> 00:23:09,233 And he's going to find it's associated to port 0/3. 493 00:23:09,233 --> 00:23:10,731 I mean after all that's what we see right here, right? 494 00:23:10,731 --> 00:23:11,715 There it is. 495 00:23:11,715 --> 00:23:13,045 Here's the problem. 496 00:23:13,045 --> 00:23:14,193 Look at this. 497 00:23:14,193 --> 00:23:15,945 The MAC address table does not just 498 00:23:15,945 --> 00:23:19,168 store the MAC address and a port. 499 00:23:19,168 --> 00:23:22,418 It also stores what VLAN it belongs to. 500 00:23:23,703 --> 00:23:26,256 So this is going to be a problem for us, 501 00:23:26,256 --> 00:23:30,435 because when this frame comes in, going to 6dd8, 502 00:23:30,435 --> 00:23:32,179 the switch is going to say oh 503 00:23:32,179 --> 00:23:35,187 it came in on a port that's in VLAN 1. 504 00:23:35,187 --> 00:23:39,354 In my MAC address table I need to find 6dd8 in VLAN 1. 505 00:23:40,498 --> 00:23:42,538 And he's not going to find it 506 00:23:42,538 --> 00:23:46,348 because it's not in VLAN 1, it's in VLAN 2. 507 00:23:46,348 --> 00:23:48,767 And so guess what, our ping is going to fail. 508 00:23:48,767 --> 00:23:50,200 The switch is not going to say oh okay, 509 00:23:50,200 --> 00:23:51,942 well I'm going to just allow this frame to jump 510 00:23:51,942 --> 00:23:55,061 from one broadcast domain to another broadcast domain. 511 00:23:55,061 --> 00:23:56,436 The switch is not going to do that. 512 00:23:56,436 --> 00:23:58,769 Remember this a virtual LAN. 513 00:23:59,798 --> 00:24:03,069 In a real LAN, in a real LAN, when you put an Ethernet frame 514 00:24:03,069 --> 00:24:05,590 on the wire, the destination MAC address 515 00:24:05,590 --> 00:24:09,462 for that frame has to be somebody on your wire. 516 00:24:09,462 --> 00:24:11,335 That is the rules of Ethernet. 517 00:24:11,335 --> 00:24:12,710 When you put an Ethernet frame on the wire, 518 00:24:12,710 --> 00:24:15,662 it's destined for somebody on your wire. 519 00:24:15,662 --> 00:24:16,694 Now if you're trying to get your packet, 520 00:24:16,694 --> 00:24:18,702 if you're trying to get your data to somebody 521 00:24:18,702 --> 00:24:21,590 on another wire, the destination MAC address 522 00:24:21,590 --> 00:24:24,558 has to be a Router that's on your wire. 523 00:24:24,558 --> 00:24:27,598 So you can get that frame to the Router who's on your wire 524 00:24:27,598 --> 00:24:30,205 and then he can route it to another subnet. 525 00:24:30,205 --> 00:24:32,138 But this is not going to work here 526 00:24:32,138 --> 00:24:34,242 because this would be breaking the rules of Ethernet. 527 00:24:34,242 --> 00:24:37,170 If this ping actually worked, that would mean that 528 00:24:37,170 --> 00:24:40,170 PC 1 was putting an Ethernet frame on his wire 529 00:24:40,170 --> 00:24:42,115 with a destination MAC address of something 530 00:24:42,115 --> 00:24:44,346 that was not on his wire. 531 00:24:44,346 --> 00:24:48,720 And it somehow magically hopped from one wire to the other, 532 00:24:48,720 --> 00:24:51,095 from one LAN to the other. 533 00:24:51,095 --> 00:24:52,775 But the whole reason we create virtual LANs 534 00:24:52,775 --> 00:24:54,442 is to separate them. 535 00:24:55,495 --> 00:24:58,828 So PC 1 should not be able to ping PC 3. 536 00:25:00,149 --> 00:25:01,728 Now this is all in theory here. 537 00:25:01,728 --> 00:25:03,973 Because they're on two separate broadcast domains, 538 00:25:03,973 --> 00:25:05,829 even though he has the MAC address. 539 00:25:05,829 --> 00:25:07,746 Let's see what happens. 540 00:25:11,136 --> 00:25:12,499 Show arp. 541 00:25:12,499 --> 00:25:13,332 Okay. 542 00:25:13,332 --> 00:25:14,415 Ping 1.2.3.3. 543 00:25:17,288 --> 00:25:18,267 Ah, there we go. 544 00:25:18,267 --> 00:25:20,517 See, I'm just getting dots. 545 00:25:21,609 --> 00:25:25,776 So the ping is not working even though he has a MAC entry. 546 00:25:27,283 --> 00:25:28,155 It's not working because they're on 547 00:25:28,155 --> 00:25:30,475 different broadcast domains. 548 00:25:30,475 --> 00:25:31,308 Now watch this. 549 00:25:31,308 --> 00:25:33,611 I'm going to clear out his ARP table. 550 00:25:33,611 --> 00:25:34,444 Clear arp. 551 00:25:35,835 --> 00:25:38,002 So now when I do show arp. 552 00:25:39,710 --> 00:25:42,210 Clear arp, let's say, 1.2.3.3. 553 00:25:47,339 --> 00:25:48,172 Okay. 554 00:25:48,172 --> 00:25:49,755 So 1.2.3.3 is gone. 555 00:25:51,766 --> 00:25:53,404 Debug arp. 556 00:25:53,404 --> 00:25:55,321 Now let's ping 1.2.3.3. 557 00:25:57,611 --> 00:25:59,203 Sending a request. 558 00:25:59,203 --> 00:26:00,755 Sending a request. 559 00:26:00,755 --> 00:26:01,763 Sending a request. 560 00:26:01,763 --> 00:26:06,678 He's not getting any responses because these are broadcasts. 561 00:26:06,678 --> 00:26:07,998 So he sent all these requests 562 00:26:07,998 --> 00:26:10,214 but he didn't get any ARP reply. 563 00:26:10,214 --> 00:26:12,926 Even though this guy's in the same subnet as him, 564 00:26:12,926 --> 00:26:15,375 he was in a different virtual LAN. 565 00:26:15,375 --> 00:26:17,527 And broadcasts from this virtual LAN, 566 00:26:17,527 --> 00:26:22,065 ARP requests were not allowed to go into this virtual LAN. 567 00:26:22,065 --> 00:26:26,232 Even when PC 1 knew what the MAC address of PC 3 was, 568 00:26:27,600 --> 00:26:29,120 it still couldn't get over here 569 00:26:29,120 --> 00:26:31,168 because the rules of Ethernet say, 570 00:26:31,168 --> 00:26:33,336 when you put an Ethernet frame on the wire, 571 00:26:33,336 --> 00:26:35,001 it has to be destined for somebody 572 00:26:35,001 --> 00:26:38,456 in your broadcast domain, in your LAN. 573 00:26:38,456 --> 00:26:40,856 In this case, they're not in the same LAN. 574 00:26:40,856 --> 00:26:44,233 They're in separate virtual LANs. 575 00:26:44,233 --> 00:26:45,361 One other thing I want to show you is 576 00:26:45,361 --> 00:26:49,477 the output of that other command that we saw. 577 00:26:49,477 --> 00:26:51,158 So we already looked at show vlan, 578 00:26:51,158 --> 00:26:52,749 and you're going to use that command a lot 579 00:26:52,749 --> 00:26:55,189 in your networking career. 580 00:26:55,189 --> 00:26:59,047 You can also do show interface, Fast Ethernet 581 00:26:59,047 --> 00:27:02,332 and then whatever it is, and the keyword of switchport. 582 00:27:02,332 --> 00:27:05,366 This is a very useful command. 583 00:27:05,366 --> 00:27:08,810 Number one it shows you, what is my operational mode? 584 00:27:08,810 --> 00:27:10,747 Static access. 585 00:27:10,747 --> 00:27:14,914 So administrative mode means, what am I configured to do? 586 00:27:15,903 --> 00:27:20,001 Operational mode means, what I am actually doing? 587 00:27:20,001 --> 00:27:22,462 Sometimes what you're configured to do doesn't work 588 00:27:22,462 --> 00:27:25,486 because it relies on things that aren't turned on 589 00:27:25,486 --> 00:27:26,718 or aren't working properly. 590 00:27:26,718 --> 00:27:29,104 And so your operational mode will be different. 591 00:27:29,104 --> 00:27:30,854 But right now we're the same. 592 00:27:30,854 --> 00:27:32,055 But look down here. 593 00:27:32,055 --> 00:27:35,222 Access Mode VLAN, VLAN 2, Engineering. 594 00:27:36,307 --> 00:27:40,414 So that says, if this is operationally an access port, 595 00:27:40,414 --> 00:27:44,581 which it is, if that's true, then this will be in VLAN 2. 596 00:27:45,972 --> 00:27:49,805 And that concludes this video on virtual LANs.