WEBVTT 0:00:01.920000 --> 0:00:06.540000 So the name of this video is why we need routing in VLANs. 0:00:06.540000 --> 0:00:10.620000 And there's two primary topics I'd like to cover within the scope of this 0:00:10.620000 --> 0:00:15.420000 video. I want to talk about just quickly a brief overview of VLANs. 0:00:15.420000 --> 0:00:19.340000 Now, I'm assuming that if you're watching this, you're pursuing your CCNA, 0:00:19.340000 --> 0:00:21.420000 or maybe you're about to pursue your CCNA. 0:00:21.420000 --> 0:00:24.160000 So I'm not going to go into a great depth on VLAN. 0:00:24.160000 --> 0:00:26.100000 So this is going to be a quick review. 0:00:26.100000 --> 0:00:29.540000 And also, IP addresses and ARP in VLANs. 0:00:29.540000 --> 0:00:34.020000 In other words, I'm trying my goal or objective is to help you understand 0:00:34.020000 --> 0:00:38.980000 why, once you start thinking in terms of VLANs and dividing your network 0:00:38.980000 --> 0:00:42.220000 into VLANs, you're really also going to need to start thinking about inter 0:00:42.220000 --> 0:00:43.780000 -VLAN routing as well. 0:00:43.780000 --> 0:00:46.520000 The two pretty much go hand in hand. 0:00:46.520000 --> 0:00:51.980000 So let's do a quick overview here of what a VLAN is. 0:00:51.980000 --> 0:00:55.300000 So a VLAN equals a broadcast domain. 0:00:55.300000 --> 0:00:57.620000 What's a broadcast domain in case you don't know that? 0:00:57.620000 --> 0:01:01.580000 Well, hopefully you know that a broadcast is a type of frame or packet 0:01:01.580000 --> 0:01:04.680000 that goes out that is meant for everybody to see. 0:01:04.680000 --> 0:01:09.660000 Not just one individual, everybody needs to pick up and process a broadcast. 0:01:09.660000 --> 0:01:13.940000 So when a device transmits a broadcast, the broadcast domain is simply 0:01:13.940000 --> 0:01:18.920000 that set of interfaces, that set of NIC cards that will receive the broadcast, 0:01:18.920000 --> 0:01:21.960000 that will see it, that will have to process that broadcast. 0:01:21.960000 --> 0:01:24.320000 That is a broadcast domain. 0:01:24.320000 --> 0:01:27.860000 Now, in terms of VLANs, when you're talking about VLANs, you're talking 0:01:27.860000 --> 0:01:31.240000 about a switch that has many physical interfaces where you could plug 0:01:31.240000 --> 0:01:36.260000 in cables, and you've decided to group those interfaces into separate 0:01:36.260000 --> 0:01:38.100000 or unique broadcast domains. 0:01:38.100000 --> 0:01:43.500000 So maybe interfaces one through five are connecting to a bunch of devices 0:01:43.500000 --> 0:01:45.760000 with some common characteristics. 0:01:45.760000 --> 0:01:49.340000 Maybe those devices all belong to the same department, or maybe they're 0:01:49.340000 --> 0:01:52.060000 all the same kind of device, like they're all IP phones. 0:01:52.060000 --> 0:01:56.240000 But for whatever reason, you decide that this grouping of devices, when 0:01:56.240000 --> 0:02:00.620000 they send VLAN, when they send broadcasts, they should all see each other's 0:02:00.620000 --> 0:02:05.260000 broadcast. So you want them to be in a separate and unique broadcast domain. 0:02:05.260000 --> 0:02:09.140000 So all the ports on the switch going to those devices, they're connected 0:02:09.140000 --> 0:02:13.360000 to those devices, those ports need to be aware that they are in a group, 0:02:13.360000 --> 0:02:18.440000 a broadcast domain, that is separate from other ports on that exact same 0:02:18.440000 --> 0:02:24.120000 switch. So maybe I have five ports leading to a bunch of devices in payroll. 0:02:24.120000 --> 0:02:27.900000 I have the next five ports on that exact same switch leading to a bunch 0:02:27.900000 --> 0:02:29.600000 of devices in human resources. 0:02:29.600000 --> 0:02:34.240000 Because those two sets of devices are in different groups, they should 0:02:34.240000 --> 0:02:37.900000 not share broadcast, they should not see each other, they need to be in 0:02:37.900000 --> 0:02:39.600000 different broadcast domains. 0:02:39.600000 --> 0:02:42.300000 This is where we come up with the concept of VLANs. 0:02:42.300000 --> 0:02:44.940000 So we create a VLAN at the global level. 0:02:44.940000 --> 0:02:48.400000 So in case it's been a while since you've done that, at the global level 0:02:48.400000 --> 0:02:53.220000 on your switch, which is where I am right here, you just simply type VLAN 0:02:53.220000 --> 0:02:56.520000 and then you give it a number like VLAN12. 0:02:56.520000 --> 0:03:01.000000 Maybe VLAN12 is going to be your VLAN for human resources. 0:03:01.000000 --> 0:03:07.100000 Maybe VLAN14 is going to be your VLAN4 payroll. 0:03:07.100000 --> 0:03:08.880000 And VLANs are a two-step process. 0:03:08.880000 --> 0:03:12.940000 At this point, at the global level, I've told the switch, there is a broadcast 0:03:12.940000 --> 0:03:17.540000 domain known as VLAN12, VLAN14. 0:03:17.540000 --> 0:03:20.380000 But the second step in the process is I have to go to my physical interfaces 0:03:20.380000 --> 0:03:24.740000 and say, okay, all of you interfaces, you are part of the group known 0:03:24.740000 --> 0:03:28.540000 as VLAN12. All of you interfaces over here, you're part of the group known 0:03:28.540000 --> 0:03:32.580000 as VLAN14. So that's the second step in the process. 0:03:32.580000 --> 0:03:36.780000 Now, for talking about just a pure layer two switch, where all it does 0:03:36.780000 --> 0:03:41.240000 is take an Ethernet frames, looks at basically the destination MAC address, 0:03:41.240000 --> 0:03:44.720000 and figures out what its switching decision is going to be, purely based 0:03:44.720000 --> 0:03:49.200000 on that MAC address, then that switch is not IP aware. 0:03:49.200000 --> 0:03:52.600000 It has no idea how you're doing addressing or subnetting or anything like 0:03:52.600000 --> 0:03:59.460000 that. But from a practical perspective, from a practical perspective, 0:03:59.460000 --> 0:04:05.740000 each VLAN should be assigned a unique subnet as well. 0:04:05.740000 --> 0:04:08.300000 Each VLAN should be assigned to a unique subnet. 0:04:08.300000 --> 0:04:12.560000 So let's do a quick look at that and see how this all relates to IP dressing 0:04:12.560000 --> 0:04:18.940000 and ARP. So here, I've got two separate groups of users. 0:04:18.940000 --> 0:04:21.920000 I've got human resources and I've got payroll. 0:04:21.920000 --> 0:04:26.860000 And I decide that for now, I don't want these devices talking to each 0:04:26.860000 --> 0:04:30.880000 other at all. I want payroll to be able to talk to payroll, but to be 0:04:30.880000 --> 0:04:33.900000 completely independent from human resources. 0:04:33.900000 --> 0:04:35.720000 The two should not meet. 0:04:35.720000 --> 0:04:39.420000 At layer two or layer three, they should not see each other's frames. 0:04:39.420000 --> 0:04:43.680000 So back in the days before VLANs, you would get two physically separate 0:04:43.680000 --> 0:04:47.300000 switches. And those two physically separate switches would create for 0:04:47.300000 --> 0:04:50.740000 you two local area networks. 0:04:50.740000 --> 0:04:56.220000 Now, the beauty of VLANs is that with VLANs, I could get just one switch 0:04:56.220000 --> 0:05:01.240000 and I could plug those devices into that one switch. 0:05:01.240000 --> 0:05:08.140000 But by creating separate VLANs, for example, like VLAN 12, which is going 0:05:08.140000 --> 0:05:12.680000 to be for human resources and putting these ports into VLAN 12 with a 0:05:12.680000 --> 0:05:18.280000 configuration command and then configuring a different VLAN, like VLAN 0:05:18.280000 --> 0:05:25.340000 14, and putting these ports into VLAN 14, it is as if I had two completely 0:05:25.340000 --> 0:05:26.740000 different switches. 0:05:26.740000 --> 0:05:29.720000 Those two groups will not talk to each other. 0:05:29.720000 --> 0:05:35.720000 So at this point now, if a broadcast like a DHCP discover or an ARP request 0:05:35.720000 --> 0:05:40.680000 or something came into a port on VLAN 12, that switch knows it can only 0:05:40.680000 --> 0:05:45.340000 flood it out other ports in VLAN 12. 0:05:45.340000 --> 0:05:51.800000 So that frame will never be seen by VLAN 14. 0:05:51.800000 --> 0:05:53.480000 So let's think here for a second. 0:05:53.480000 --> 0:05:59.040000 Now, as long as these devices did not need to talk to each other, I didn't 0:05:59.040000 --> 0:06:00.400000 need to think about routing. 0:06:00.400000 --> 0:06:02.060000 Didn't need to think about routing. 0:06:02.060000 --> 0:06:05.740000 So the way this was work is I would have my single switch right here. 0:06:05.740000 --> 0:06:13.960000 Let's just think about this VLAN here for a second, VLAN 12. 0:06:13.960000 --> 0:06:19.140000 Now, another reason why each VLAN needs to be in a unique separate IP 0:06:19.140000 --> 0:06:22.720000 subnet, even though the switch is not aware of subnets, you as the network 0:06:22.720000 --> 0:06:27.360000 administrator are aware of subnets, is for this reason right here. 0:06:27.360000 --> 0:06:28.640000 Let's say I broke that rule. 0:06:28.640000 --> 0:06:33.420000 Let's say, oh, I'm just going to put everything in the exact same subnet. 0:06:33.420000 --> 0:06:46.360000 All right. 24. And I'm going to put this server as 1.1.1. 0:06:46.360000 --> 0:06:49.680000 Let's say 3 slash 24. 0:06:49.680000 --> 0:06:53.780000 Sorry, my dots here have been my dotted decimals not coming up very well. 0:06:53.780000 --> 0:06:56.600000 Oh, well, those are dotted decimal numbers. 0:06:56.600000 --> 0:07:11.800000 And then let's say this server over here is 1.1.1.7 slash 24. 0:07:11.800000 --> 0:07:16.740000 Okay. Well, as long as these two groups never need to talk to each other, 0:07:16.740000 --> 0:07:20.720000 theoretically, I could do this because I'm saying that nobody in human 0:07:20.720000 --> 0:07:25.700000 resources will ever create a packet going to a destination of payroll. 0:07:25.700000 --> 0:07:26.900000 But what if they do? 0:07:26.900000 --> 0:07:28.800000 What if they do need to communicate? 0:07:28.800000 --> 0:07:33.980000 Because most likely, if you're creating VLANs in your company, the devices 0:07:33.980000 --> 0:07:38.700000 in those VLANs will need to communicate with each other at some point. 0:07:38.700000 --> 0:07:41.980000 Maybe PCs in one VLAN won't need to be able to communicate with PCs in 0:07:41.980000 --> 0:07:46.620000 a second VLAN, but mostly likely PCs will need to communicate with servers 0:07:46.620000 --> 0:07:48.300000 in different VLANs. 0:07:48.300000 --> 0:07:50.880000 Servers are not necessarily in their own local VLAN. 0:07:50.880000 --> 0:07:53.140000 Well, how's that work from an art perspective? 0:07:53.140000 --> 0:07:55.100000 Let's take a look at this. 0:07:55.100000 --> 0:08:00.780000 So we know that if I'm on PC number one right here, and if I send, and 0:08:00.780000 --> 0:08:04.840000 if I create a packet, let's say an art request or let's say a ping or 0:08:04.840000 --> 0:08:09.380000 a telnet or something, and the destination of the packet, for now, let's 0:08:09.380000 --> 0:08:15.260000 just say is 1.1.1.3. 0:08:15.260000 --> 0:08:19.180000 So 1111 is trying to talk to 1113. 0:08:19.180000 --> 0:08:23.320000 We know that every time your laptop or PC creates a packet, very first 0:08:23.320000 --> 0:08:27.720000 thing it does is it looks at its source address, it looks at the destination 0:08:27.720000 --> 0:08:31.920000 address, and it tries to determine, is the destination in the same network 0:08:31.920000 --> 0:08:35.260000 as me? Now, why is it trying to determine that? 0:08:35.260000 --> 0:08:41.500000 Why is it care? Because your laptop has a table where it stores all the 0:08:41.500000 --> 0:08:45.440000 ethernet addresses of devices in its own network. 0:08:45.440000 --> 0:08:48.600000 You see, your laptop knows, it says, hey, if I'm trying to send a packet 0:08:48.600000 --> 0:08:52.840000 to somebody who's in the same subnet, the same network as me, that means 0:08:52.840000 --> 0:08:55.560000 they're on the same cable as me. 0:08:55.560000 --> 0:08:58.660000 And remember, your laptop has no idea it's connected to a switch. 0:08:58.660000 --> 0:09:02.240000 From the laptop's perspective of the network, the laptop just thinks it's 0:09:02.240000 --> 0:09:06.800000 connected to one cable, and there's multiple devices also tapped into 0:09:06.800000 --> 0:09:09.520000 that exact same cable just like it is. 0:09:09.520000 --> 0:09:12.500000 The switch is invisible, the switch is transparent. 0:09:12.500000 --> 0:09:17.260000 So when I tell the laptop, hey, your network is 111. 0:09:17.260000 --> 0:09:20.880000 Remember with basic IP addressing with a slash 24, that says, okay, of 0:09:20.880000 --> 0:09:27.140000 your 32-bit IP address, the first 24 bits, which are 111, that's your 0:09:27.140000 --> 0:09:28.780000 group, your network. 0:09:28.780000 --> 0:09:33.020000 Everybody on your cable, on your wire, lives in that group. 0:09:33.020000 --> 0:09:37.560000 So if I create a packet on that laptop, and the destination address starts 0:09:37.560000 --> 0:09:40.980000 with the exact same pattern, 1.1.1. 0:09:40.980000 --> 0:09:47.160000 The laptop will say, oh, my 24-bit binary pattern of 0.001, 0.001, 0.001 0:09:47.160000 --> 0:09:52.960000 is exactly the same as the first 24 bits of the destination of this packet, 0:09:52.960000 --> 0:09:55.860000 which means this destination is on my cable. 0:09:55.860000 --> 0:09:59.680000 That tells me I can send my ethernet frame directly to him. 0:09:59.680000 --> 0:10:04.380000 All I need is his MAC address, and I can take my data, put inside an ethernet 0:10:04.380000 --> 0:10:08.480000 header, with his destination MAC address, and send it to him directly. 0:10:08.480000 --> 0:10:11.400000 Which raises the question, how does he get that MAC address? 0:10:11.400000 --> 0:10:13.500000 Well, this is where ARP comes into play. 0:10:13.500000 --> 0:10:17.180000 In this particular case, 1.1 .1.1 would say, yep, 1.1.1.3. 0:10:17.180000 --> 0:10:22.400000 That's in the same network as me, both of our 24 bits match 1.1.1. 0:10:22.400000 --> 0:10:27.480000 So he would create an ARP request. 0:10:27.480000 --> 0:10:30.720000 And he would say, hey, my address is 1.1.1.1.1. 0:10:30.720000 --> 0:10:32.280000 I'm looking for 1.1.1.3. 0:10:32.280000 --> 0:10:38.420000 Do you exist? Now that ARP request goes out as a broadcast. 0:10:38.420000 --> 0:10:40.560000 Apple layer 2 and layer 3. 0:10:40.560000 --> 0:10:44.860000 The layer 2 destination MAC address is just all ones, or in hexadecimal, 0:10:44.860000 --> 0:10:48.760000 we're talking FF, FF, FF, all the way down, FFs. 0:10:48.760000 --> 0:10:52.880000 And at layer 3, well, ARP doesn't really have an IP header. 0:10:52.880000 --> 0:10:57.020000 ARP is in the body of the ethernet frame, but this is a layer 2 broadcast, 0:10:57.020000 --> 0:11:01.640000 which means that when the switch gets it, he's going to flood it out all 0:11:01.640000 --> 0:11:07.200000 other ports in VLAN 12, because after all that broadcast came in on a 0:11:07.200000 --> 0:11:08.720000 port in VLAN 12. 0:11:08.720000 --> 0:11:14.940000 Well, lucky for us, 1.1.1.3 is in the same VLAN, so 1.1.1.3 actually can 0:11:14.940000 --> 0:11:20.560000 respond back with an ARP reply. 0:11:20.560000 --> 0:11:26.160000 And this is how PC1 learns the MAC address of devices on his cable. 0:11:26.160000 --> 0:11:28.800000 Remember, this is his perspective on his cable. 0:11:28.800000 --> 0:11:34.020000 We know we're talking about devices in his own VLAN, which is all well 0:11:34.020000 --> 0:11:37.280000 and good as long as all the people in the blue circle are just talking 0:11:37.280000 --> 0:11:41.660000 to each other. Where this breaks down or has a problem is what if people 0:11:41.660000 --> 0:11:45.960000 in the blue circle, what if people in human resources need to talk to 0:11:45.960000 --> 0:11:48.580000 something in payroll? 0:11:48.580000 --> 0:11:54.700000 Here's where we have an issue, because if this guy is 1.1.1.1 slash 24, 0:11:54.700000 --> 0:11:59.440000 and if I broke the rule, remember, the rule says that each VLAN needs 0:11:59.440000 --> 0:12:02.700000 to be a unique and separate subnet, IP subnet. 0:12:02.700000 --> 0:12:13.700000 Well, if I broke that rule and said, well, hey, I'll give you 1.1.1.7 0:12:13.700000 --> 0:12:16.940000 if I created a packet saying, hey, I need you to go to 1.1.1.7. 0:12:16.940000 --> 0:12:20.320000 He would compare his source address, the destination address and say, 0:12:20.320000 --> 0:12:23.480000 oh, we are both in the 1.1.1 network. 0:12:23.480000 --> 0:12:27.280000 Therefore, 1.1.1.7 is on the exact same wire as me. 0:12:27.280000 --> 0:12:29.500000 I can ARP for him. 0:12:29.500000 --> 0:12:30.980000 So what would that look like? 0:12:30.980000 --> 0:12:37.300000 Well, here he would send that ARP request, which we know is a broadcast. 0:12:37.300000 --> 0:12:41.580000 But once it got up here to the switch, the switch would say, well, that 0:12:41.580000 --> 0:12:44.020000 came in on VLAN 12. 0:12:44.020000 --> 0:12:47.260000 So therefore, the switch would say, I can only flood it out on ports in 0:12:47.260000 --> 0:12:53.580000 VLAN 12. He would have no reason to flood it out the ports in VLAN 14. 0:12:53.580000 --> 0:12:57.480000 So this port right here is connected to the server. 0:12:57.480000 --> 0:13:03.020000 And remember, he is 1.1.1.7 would never see that ARP request, because 0:13:03.020000 --> 0:13:06.360000 that ARP request is a broadcast is not allowed to hop from one broadcast 0:13:06.360000 --> 0:13:08.700000 domain to the other. 0:13:08.700000 --> 0:13:14.340000 This is why devices need to be in separate subnets, each VLAN being its 0:13:14.340000 --> 0:13:15.540000 own unique subnet. 0:13:15.540000 --> 0:13:20.220000 Why is this? Because this PC right here, he needs to know that if he's 0:13:20.220000 --> 0:13:24.920000 going to talk to this device here, that that device is not in his group. 0:13:24.920000 --> 0:13:27.160000 It's not in his subnet. 0:13:27.160000 --> 0:13:30.340000 So if I decide that, well, all these devices are going to be the 1.1.1 0:13:30.340000 --> 0:13:33.040000 .x slash 24 network. 0:13:33.040000 --> 0:13:38.980000 And I decide that as far as payroll is concerned, let's put them in something 0:13:38.980000 --> 0:13:40.460000 completely different. 0:13:40.460000 --> 0:13:48.240000 Let's say the 7.7.x slash 24 network. 0:13:48.240000 --> 0:13:57.440000 Okay, so now if PC who's 1.1.1.1 creates a packet, let's say this is 7 0:13:57.440000 --> 0:14:00.880000 .7.7.4. That's our server over there. 0:14:00.880000 --> 0:14:03.140000 He creates a packet going to that. 0:14:03.140000 --> 0:14:08.020000 Very quickly, he will realize, oh, my group is 1.1.1.1. 0:14:08.020000 --> 0:14:11.980000 The destination address I'm trying to reach is not 1.1.1.1. 0:14:11.980000 --> 0:14:13.160000 It's something else. 0:14:13.160000 --> 0:14:15.260000 It's not on my wire. 0:14:15.260000 --> 0:14:17.480000 And this is where routing comes into play. 0:14:17.480000 --> 0:14:22.200000 When a device in a subnet realizes that the destination is trying to reach 0:14:22.200000 --> 0:14:28.380000 is not in its own local network, that device says, okay, well, I don't 0:14:28.380000 --> 0:14:30.520000 know where that remote network is. 0:14:30.520000 --> 0:14:34.600000 I have no idea if it's in the next room, the next county, or in the next 0:14:34.600000 --> 0:14:37.160000 country, I have no idea. 0:14:37.160000 --> 0:14:42.200000 And that device says, well, the only MAC addresses I am responsible for 0:14:42.200000 --> 0:14:44.620000 learning are MAC addresses on my wire. 0:14:44.620000 --> 0:14:48.600000 That device I'm trying to reach, I don't even know if he's connected to 0:14:48.600000 --> 0:14:49.840000 an ethernet segment. 0:14:49.840000 --> 0:14:53.160000 That 7.7.7.4 could be connected to something that's not even ethernet 0:14:53.160000 --> 0:14:56.900000 at all. All I know is his IP address. 0:14:56.900000 --> 0:15:01.400000 So device that's connected to a VLAN says, look, if I'm trying to get 0:15:01.400000 --> 0:15:06.300000 to something that's not in my subnet, I still need to forward this packet 0:15:06.300000 --> 0:15:12.820000 to somebody who is in my subnet, who can get it out of my subnet. 0:15:12.820000 --> 0:15:15.480000 And this is where router comes into play. 0:15:15.480000 --> 0:15:17.960000 We would need to have some sort of a router. 0:15:17.960000 --> 0:15:23.520000 Let's say we had a router right here, who had a NIC card connected to 0:15:23.520000 --> 0:15:27.700000 the HR VLAN and a NIC card connected to the payroll VLAN. 0:15:27.700000 --> 0:15:32.640000 This NIC card would have an IP address that's in the same range as everybody 0:15:32.640000 --> 0:15:36.740000 else. Let's say he's 1118. 0:15:36.740000 --> 0:15:40.980000 And let's say over here he's 7778. 0:15:40.980000 --> 0:15:44.800000 We have to include our subnet mask so that NIC card knows what the networking 0:15:44.800000 --> 0:15:51.680000 bits are. That ethernet NIC card on that router has a Mac address because 0:15:51.680000 --> 0:15:54.600000 every NIC card connected to anything has a Mac address. 0:15:54.600000 --> 0:15:58.740000 Let's just say it's AABB on that side. 0:15:58.740000 --> 0:16:03.180000 And let's say it's CCDD on that side. 0:16:03.180000 --> 0:16:06.240000 So that is our Mac address. 0:16:06.240000 --> 0:16:12.180000 So now part of being in a VLAN means you have an IP address. 0:16:12.180000 --> 0:16:13.660000 Well, how do you get an IP address? 0:16:13.660000 --> 0:16:17.980000 Most devices get their IP addresses dynamically via DHCP. 0:16:17.980000 --> 0:16:21.660000 And so when you connect to your VLAN, when you connect your ethernet cable, 0:16:21.660000 --> 0:16:25.720000 you send out a DHCP broadcast saying, hey, is there a DHCP server out 0:16:25.720000 --> 0:16:26.340000 there somewhere? 0:16:26.340000 --> 0:16:28.180000 Give me some IP information. 0:16:28.180000 --> 0:16:30.680000 All I know about is my Mac address and that's it. 0:16:30.680000 --> 0:16:35.280000 And then when the DHCP server responds, that's where you learn what your 0:16:35.280000 --> 0:16:40.560000 IP address is, your subnet mask, and that's where you learn about your 0:16:40.560000 --> 0:16:42.100000 default gateway. 0:16:42.100000 --> 0:16:46.680000 Or if you've got a static IP address like on these two servers right here, 0:16:46.680000 --> 0:16:50.020000 these servers because they don't move around most likely have static IP 0:16:50.020000 --> 0:16:53.420000 addresses. And part of configuring the NIC card would have been typing 0:16:53.420000 --> 0:16:58.080000 in their IP address, their subnet mask, and their default gateway. 0:16:58.080000 --> 0:17:08.300000 So once the device knows who is in the phone, he says, okay, I don't know 0:17:08.300000 --> 0:17:13.120000 what the Mac address is of 7774 and I'm not responsible for learning it 0:17:13.120000 --> 0:17:14.740000 either. He's not in my group. 0:17:14.740000 --> 0:17:16.080000 He's not in my VLAN. 0:17:16.080000 --> 0:17:22.240000 So what I do know is to get a packet to him, I need to put my packet inside 0:17:22.240000 --> 0:17:27.500000 of an ethernet frame and that ethernet frame needs to go to my router, 0:17:27.500000 --> 0:17:28.940000 my default gateway. 0:17:28.940000 --> 0:17:32.460000 And then I will assume that once he gets it, he will know something that 0:17:32.460000 --> 0:17:38.020000 I don't know and he'll be able to figure out how to get it to 7774. 0:17:38.020000 --> 0:17:43.620000 So this PC right here, let's just call him PCA, we'll have to learn via 0:17:43.620000 --> 0:17:46.660000 ARP about the Mac address of his router. 0:17:46.660000 --> 0:17:50.840000 So once he does DHCP probably within like less than a minute, he will 0:17:50.840000 --> 0:17:58.320000 send out an ARP request for his router 1118. 0:17:58.320000 --> 0:18:01.240000 He'll say, hey router, I've heard that you are my default gateway, that 0:18:01.240000 --> 0:18:05.380000 you can take my packets going to other subnets and get them on their way. 0:18:05.380000 --> 0:18:07.840000 Can you please send me your Mac address so I can actually send frames 0:18:07.840000 --> 0:18:13.560000 to you. When the router gets that, the router will send his ARP reply. 0:18:13.560000 --> 0:18:16.700000 And that's how all these devices here in eight and human resources will 0:18:16.700000 --> 0:18:22.500000 learn the Mac address of a ABB of their router. 0:18:22.500000 --> 0:18:26.600000 Now whenever they need to send a packet to a remote subnet and quite frankly, 0:18:26.600000 --> 0:18:35.020000 98% if not more of everything that your laptop creates is not meant for 0:18:35.020000 --> 0:18:38.260000 your VLAN. Most of the stuff that your laptop and PC is creating is meant 0:18:38.260000 --> 0:18:43.760000 for remote subnets, not your own subnet, which means that vast majority 0:18:43.760000 --> 0:18:47.540000 of all the data your laptop creates that's destined for network has to 0:18:47.540000 --> 0:18:50.840000 first go through your default gateway, has to go through your router. 0:18:50.840000 --> 0:18:54.120000 So that's why your laptop per PC is going to ARP for that router pretty 0:18:54.120000 --> 0:18:57.200000 darn fast because it's going to need to learn that Mac address so it can 0:18:57.200000 --> 0:19:00.620000 send all that data off the network. 0:19:00.620000 --> 0:19:05.600000 So what's the takeaway from this particular video. 0:19:05.600000 --> 0:19:12.780000 The takeaway is if I had separate device groupings payroll, human resources, 0:19:12.780000 --> 0:19:16.520000 maybe a set of IP phones and I said I want all these devices be in their 0:19:16.520000 --> 0:19:21.900000 own separate groups, I don't want them ever to talk to each other at all. 0:19:21.900000 --> 0:19:25.020000 Well then I could create I could connect them all to one switch. 0:19:25.020000 --> 0:19:28.800000 On that switch I could create different VLANs for each group, put the 0:19:28.800000 --> 0:19:32.500000 ports into each VLAN and then I'm done. 0:19:32.500000 --> 0:19:33.880000 No need for routing. 0:19:33.880000 --> 0:19:36.640000 Those devices will never talk to each other all they'll be able to communicate 0:19:36.640000 --> 0:19:40.020000 with our devices in their own group in their own VLAN. 0:19:40.020000 --> 0:19:44.020000 But realistically how many people actually design a network that way. 0:19:44.020000 --> 0:19:47.700000 Realistically although you might want to create separate VLANs maybe the 0:19:47.700000 --> 0:19:52.400000 devices in payroll you say hey I want their broadcast to stay in payroll. 0:19:52.400000 --> 0:19:56.840000 People in human resources have no business seeing the broadcast created 0:19:56.840000 --> 0:19:59.320000 by devices in payroll. 0:19:59.320000 --> 0:20:03.420000 That's a security breach but I do want the payroll devices to be able 0:20:03.420000 --> 0:20:07.120000 to send unicast packets to human resources. 0:20:07.120000 --> 0:20:10.000000 And engineering and to marketing. 0:20:10.000000 --> 0:20:13.560000 So we actually do need a router then in order to be able to send frames 0:20:13.560000 --> 0:20:18.440000 between VLANs we need a router because when you're in a VLAN the only 0:20:18.440000 --> 0:20:22.720000 MAC addresses you know the only MAC addresses you will ever try to discover 0:20:22.720000 --> 0:20:25.480000 are MAC addresses in your own VLAN. 0:20:25.480000 --> 0:20:29.140000 So if you're sending data outside of your VLAN you have to have a MAC 0:20:29.140000 --> 0:20:34.360000 address you can get to in your group and that MAC address should be able 0:20:34.360000 --> 0:20:38.820000 to further propagate your data route your data and that's why we need 0:20:38.820000 --> 0:20:40.680000 routing within VLANs.