Network Virtual LANs (VLANs), Explained Simply (VLANs, Part 1)

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hey everyone i wanted to do a video that's a little different than my normal fare here on this channel and i want to talk about some networking related topics in this case i wanted to cover virtual lands or vlans and there's a lot of information out there that exists about vlans but it seems to be very difficult to understand and it it's made way more complicated than it really is so i wanted to simplify explain using well a sheet of paper and some post-it notes about what's going on inside of a network switch that supports vlans and how that works and then in a future video i'm actually going to demonstrate setting up a couple of different network switches from a couple different manufacturers uh and be adding vlan capability to those so well first of all what is a virtual lan or vlan well the idea is actually pretty simple so you take an existing network switch and i'll just grab a little tiny one here this is this is a nice eight port from netgear so you don't have to have anything super big and fancy to support vlans any network switch that is considered a managed switch or a smart switch should have vlan capability and this one's from let's say it's from netgear uh this something i think was i believe around 100 but i've seen them as low as 30 or 40 dollars so you don't have to spend a lot of money in order to get this capability but what you can do is you can set it up where say for example these four ports on the switch can talk to one another and these four ports can talk to one another but they can't talk to each other at least that's kind of the most basic way that we set up a vlan well why in the world would you want to do this well let me talk a little bit about what i've got going on here in my video production trailer and maybe make a little bit more sense so in my trailer i have a network here that all the computers are plugged into that's my main local area network or wyon but i also have a bunch of other networks i have a network that's just for audio devices so whenever i need to plug in my audio mixer or a stage box or wireless microphones or whatever i can plug those into a separate vlan and those two are isolated from one another they can't talk to one another i also have a network this is just for whatever internet connection i happen to be using at the time so if i plug in to plug into an internet connection at a building when i happen to be working there i keep that traffic separate from everything else and that goes into my router and then on the opposite side of the router goes to my my vlan for my lan so they're kept isolated from one another so there's a lot of advantages to doing that first of all it adds a lot of security because you know devices that you don't want to talk to each other can't talk to one another also adds uh it gives you the ability to reduce the chit chat or just the general chatter that happens on networks and kind of keep that to a minimum the number the amount of chapter chatter that happens on a network grows exponentially with a number of devices that are on the network so if you're able to isolate your network into smaller pieces then you can uh make sure that that doesn't get out of control it also allows you to prioritize traffic say for example uh if you have telephones you want to maintain high quality audio as people were talking you can prioritize the phones the phone vlan over the other vlans but say for example here in my trailer i actually have my audio network on its own vlan and that is prioritized over the other vlans that way i can make sure that audio is always flowing it always works regardless of what might be happening on any of the other network vlans that i have set up so if someone decides to transfer a bunch of large files that's not going to impact my ability to have my audio system work at all so i prioritize the audio over the other and that's just done on a vlan by vlan basis i don't have to prioritize each individual device so there's another cool thing you can do with vlans and i'll get to that at the end that's something that's called trunking which is something you can't really do if you're using multiple different switches in order to isolate your traffic from one another the other cool thing about the vlans is that we're able to do all the management from a single device so you don't have to set up multiple switches for multiple different networks log into each one separately in order to maintain configuration and whatnot having one single device that has a has vlans on it will allow you to do all the management in one place so okay with that said i'm gonna walk through a couple of relatively simple examples uh i'm gonna add some complexity as we go but i'm gonna start very simple and i'm gonna do this all using a sheet of paper so i'll move this out of the way so this piece of paper i have here in front of me is going to represent a network switch it's got 24 ports on it uh just ethernet nothing fancy nothing too sophisticated uh but we are going to assume that it's either a smart or a managed switch either one will will work here uh for keep for sake of discussion in order to support vlans so let's talk about what happens normally on a network so networks uh all the data that goes over that sent over a network is sent in packets and i'm going to represent packets here with post-it notes and we've got let's go ahead and write down a couple things so on port number one over here we actually have a device i'm going to call this pc1 and we'll put pc2 on port 2. we'll put uh mac one on port three and then come over here to the end last port we're gonna plug in our router so that's where our internet connection is going to be so we've got these devices here that need to talk to the router in order to get out to the internet right okay all right so first thing happens pc1 comes along and it says hey i need to request some information from google so it generates a packet and in that packet it says i need to go to google.com okay and perform a search now i'm oversimplifying here someday i might maybe do a video on more on how the low level aspect of this works but for sake of this discussion we're going to keep it down to this is a conversation between this computer and google so computer takes its packet sends it out over its ethernet port that comes in on port one the switch sees that this is going to the router so it can get out to the internet so it takes it and moves it over here and then sends it out that port where it goes out to the internet then google receives this packet and then it generates a response so it goes google and then google turns around and sends the result the web page actually has the search result on it okay so that comes back comes to the router the router receives it sends it over to the switch the switch receives okay this response needs to go back to pc1 so i'm going to take it and i'm going to send it out through port 1 in order to go to pc1 okay all right very similar thing pc2 it's going to visit my website so it's going to go to djprod.biz okay it's gonna they're gonna sign up for my crew access web website that i have so pc2 is requesting a connection with dj fraud is pc2 is connected to port two that data comes in on port two switch says okay this needs to go out to the internet it needs to go to the router so it takes it and then sends it out the 24th port here to go to the router my website receives that request serves up the page and i'll just want to call this a page here and then comes back to the router and then comes back to the switch and then comes back over to pc2 and pc2 receives it and then processes it okay you get the basic idea right so a device makes a request that goes over the network the switch has their job of receiving that request figuring out where it needs to go and then sending it out whatever whatever port that that receiving device is connected to all right so fairly simple that's kind of your standard standard router all right now let's say for example we want to segment our network a little bit and we want to make things a little more sophisticated a little more secure keep the chatter down no allow us to have a bunch of other capabilities well we can do that by segmenting our network into multiple vlans okay all right the first thing we're going to do is we're going to plug in some devices so we're going to plug in my audio mixer and support which one said one two three four five six seven okay mixer into port seven okay and then we're gonna pour a plug in the stage box that goes with that and the port nine okay i'm just going to write some numbers here seven nine so easier for me to remember that way okay all right so what happens the stage box generates some audio we've got somebody that's talking about a microphone the stage box takes and converts that to network audio um so we've got our stage box here it's gonna do a just a tiny tiny tiny slice of time of audio it's usually like way up under under a millisecond of audio okay stage box is going to take it's going to send to the switch the switch can say okay this is destined to go to the audio mixer because that's how the how this network packet is actually formed and that takes and then it sends it out the packet or sends it out the port that's going to the mixer all right nice and easy right as the mixer needs to send audio back to the stage box the same thing happens in reverse so we've got our our mixer which is going to send well we'll call this the main or aux one okay this is the audio from aux one so the mixer takes send that out to the network the switch receives it says okay i know the stage box needs a copy of that so it then sends it out sends it out to the support that the stage box is plugged into okay great you know this way a standard network works and it works pretty well but if you want to isolate this traffic we need to start breaking this up into vlans so we're going to do is we're going to create a vlan for the devices that need to go out to the internet then we're going to create a vlan for the audio devices on my network and just for sake of discussion we've also got a phone here so i'm going to plug a phone here into port 12. okay and then first just for sake of simplicity here we're going to say we have another router for audio for sorry for phone on port 23. okay let me write some other important port numbers in here for easier reference so 24 1 2 3. okay all right so someone makes needs make a phone call comes in on the port goes out through this other port here at least that's what what we're intending to do if you normally plug in two routers you've got a real problem in order to isolate that traffic so that devices on one vlan don't talk to the other is to actually create create vlans okay so we're going to do that so vlans are actually numbered between 1 and 4094 one is the default vlan so when you buy a network switch out of the box it's going to be configured everything's going to be configured to use vlan number number one okay so uh we want to change that we actually want to split these devices up so what we're going to take put our audio devices on vlan 2 and then we're going to put our phones on vlan 3. i'm going to go ahead and write in what these vlan numbers are and i'm going to write this in this little area called here called pvid i'll talk about what that means here in a minute so these are pvid1 this is also pvid1 over here and then for audio we're going to make that v1 number 2 so we're going to assign this to 2. we'll put this other one here in the middle and port 2 as well because we know other devices and then we'll do this one too we know that there's going to be other audio devices expect matter of fact let's actually set these others to to one as well just for a second discussion okay and then phones we're going to put on vlan number three so that's three and come over here and assign this one to v1 number three okay all right now so conceptually what's happening here pc one likes this request to go out to google comes in on the switch the network says okay this is this port is assigned to v1 pvdi1 uh and so it'll look and see that is the receiving device that i need to send this to in this case the router to get out to the internet is that also on vlan 1 and if it is we're going to find the port where that device is is found and then send that device or send that request out out of that port okay all right similarly we've got our mixer that's generating audio on auxiliary one that's going to come in from mixer the switch is going to say okay that's p that's vlan 2. it's coming in with pv id2 and it's going to say who do i need to send this to are they also on vlan 2 okay yes they are so we're going to send that out to the stage box so in from mixer out through the stage box okay all right similarly phone needs to make a phone call it's plugged in port 12 on pvid or vlan 3 comes in device says who what are we doing we're making a phone call that needs to go out through the internet so we need to go through the router but it's going to go through the router that's on that's assigned the vlan 3 over here on port 23 so that goes out that port out to the internet phone call is made that's kind of the basics but things can actually get more sophisticated and there's a lot more capabilities and things that you can do with vlans on top of that okay so everything that i've done so far we're assuming that each port is only assigned to a single vlan so these first six are assigned to vlan one audio devices are assigned to vln two and then the phone devices are assigned to vlan 3. we're not limited to that we can actually put a single network port a single ethernet port on a switch onto multiple vlans and they're thinking well why in the world would you ever want to do that well for example here in my trailer i have all this networking equipment that's here in the trailer on multiple different vlans but that doesn't necessarily do me a lot of good if the equipment is located somewhere else and so we have with this feature that's called trunking we're able to send data for multiple vlans over a single connection so basically any of the vlans that i have here in my trailer go out through the fiber optic connection that i have that goes and then which then goes inside to a another network switch that i have another managed switch and it's able to take that trunk traffic and break it up into the individual vlans and then assign and then i can set ports on that switch to be assigned to a single vlan so i have ports on that switch that are assigned just to my internet connection i have vlan ports that are assigned just to my local area network i have ports that are assigned just to my audio devices and so even though it's a single device there are multiple vlans and i only have to use one cable between that switch and the switch that i have here in my trailer i'm able to do that because of what we call trunking capability so let's talk about how this is actually accomplished on my piece of paper here you'll see a bunch of use and t's what these means are untagged and tagged so let's back up just a little bit and talk about what's happening inside of the switch when it receives a request from a device so we've got our request from pc1 it comes in on port number one port number one is assigned pvdi1 that stands for port vlan identifier so it's basically that this packet of data is tagged with the pvid of that network port so i'm going to take and i'm going to write a 1 here and circle that to indicate that this packet has been assigned to pvid1 as it comes into the switch we've got a packet here coming from pc2 comes in on port two that one gets also it gets assigned to v1 number one pv id number one okay then we've got a little bit of audio coming in on our audio mixer port seven is assigned pv id2 so it gets tagged by the switch as belonging to vlan 2. same thing with audio from a stage box okay and then we've also got our phone comes in on port 12. that's pv id3 so it gets assigned to vlan number three and then with those packets in the switch it's able to determine where those ports need to go based on assignments for those ports but it's not just a simple one-to-one assignment okay all right so first thing you need to know is that for the most part devices that you plug into your network computers audio devices telephones whatever have no idea what to do with these tags in fact most devices will just completely ignore any ethernet data that has a vlan tag as part of that packet so what we have to do in order to make our manage switch work with normal network equipments we have to remove this tag and we call that untagging so what happens we've got this bit of data coming from pc2 going out to the internet it's tagged with port one when it comes over here to go out this port on the router port 24 with a router it actually removes or untags that packet and what so when it gets set out sent out it actually looks like normal network traffic it doesn't have that vlan identifier which will screw up devices okay same thing with the other this packet for from pc1 going out to the internet it's got that tag of one associated with it so that the switch knows that it belongs to vlan 1. when it comes up to go out this port it says okay we need to untag this so it removes the tag and then it sends it out the port okay and the way we do that in in the switch is by setting that port to be assigned untag for vlan number one so under u for untagged i'm gonna say one so basically what that tells the switch is like any time you have a a network packet that is destined for a device on this port and it's assigned to vlan 1. we're going to send it out this port but we're going to strip that tag off of that packet before it goes out okay normally that's the way we configure it so we would come through here so we'd say ports one two and three we're also going to assign untag for all of these first six ports because none of those devices that are plugged into those will actually know what to do with the vlan tagging so we have to remove it in order for that to be recognized okay similarly we're going to assign these ports here for the audio untag two on tag two on tag two on tag two and then we're gonna do our phone on tag three and then come over here to the router on tag three as well we've got vlans set up and working here but we want to be able to take advantage of that cool feature that's called trunking and we in order to do that we have to actually take advantage of the fact that we can leave those tags in place when those packets go out the network let's take a look and see how that works so what we can do so i'm going to set up a second network switch here and that's just going to be moving this one over and then just so make sure it doesn't go anywhere i'm going to throw the piece of gaffer tape on here all right there we go all right so we're going to set up a connection that goes from let's say port 2021 here okay and that's going to go over to port 24 on this switch okay so we're going to run a cable from here over and plug that into here and we want to be able to preserve those vlan tags from this switch over to this switch so that we can take advantage of tagging tagged ports vlans on the second switch so just very quickly just for the sake of making this discussion interesting so we're going to assign we're going to do some work and figure here configuration here so the first four ports are going to be on pvd1 untagged for pv for vlan 1 and then we're going to have pv id 2 for four ports untag and then we're going to do v8 vlan 3 for four ports and then untag for those where things get interesting here is what how we set up these particular ports okay all right so what we're going to do here is we want to preserve these tags the v1 tags when they go from this switch over to this switch so that something coming in on v1 here ends up on vlan 2 here something on vlan 2 here ends up on v12 here so we do that is by preserving the tags and the way that's set up in a network switch is to basically say i want packets that are tagged with these vlans to go out on a particular port so we've got our our trunk connection here that's going to go from port 21 here to 24 over here and we want to say here that we want traffic from vlans one two and three i'll do that runways one two and three to all go out port 21 and the same thing over here so we've got a packet that's coming from one of these devices that's been tagged with v1 one two or three we want those to come out here so they can make it back over to this other switch so we're gonna be tagged one two and three okay all right now with that set up anytime a device on a vlan on one switch as long as it's one two or three because we've assigned that port to the trunk port to the v lines one two and three so anytime a device on one two or three uh sends a packet on this switch it's gonna be available on the other switch and it's gonna go over this single trunk cable it's just a standard ethernet cable it doesn't have to be anything special it's just standard ethernet right so the one difference between this and other ethernet traffic is it has that tag associated with it so if you were to plug it into a computer you wouldn't be able to see any of that traffic because that tag makes it invisible to a computer but the traffic for all three of those vlans is going to be on that single cable and make it available make that traffic available on both switches okay all right now i'm sure some of you are thinking well what do you do about the pv id and do you assign untagging but you can but you don't actually have to so i mean you can really set this pv id to anything you want what happens is your switch is basically saying normally and you're basically saying these packets that are coming in already have a tag associated with them a vlan tag associated with them so it doesn't need to assign one so that that's where the pva id actually comes in so pvid is used to assign a vlan to any network network packet that's coming into the device that doesn't already have a vlan tag associated with it so in in the case of a trunk this pv id can be anything but it'll never get used because all of your all of your packets already have a vlan tag coming from the other switch that they're connected to i hope that makes sense but on the flip side let me show you so imagine we'll disconnect this and then we're going to do another another another connection between these two but we want what we want to do is we want to have one of these cables available one of these ports available for general purpose use so we want to be part of vlan 1 and you'd be able to plug a computer into it but at the same time you want to be able to optionally occasionally use that as a trunk port in order to send traffic over to another switch so the way we're going to do that we're going to we're going to do this port here so this is what in the 20 19 18 okay support 18. we're going to go ahead and sign pv id 1 to that so if we plug in a computer and it sends it sends a packet into that port it's going to be assigned to vln1 okay that's what the pvid does all right and then we're going to say we want packets for vlan 1 to be untagged going out because remember the computer can't read that a vlan tag packet so we have to remove that tag for that vlan and then we want to include traffic from the other vlans so two and three so we're going to assign tagged to vlan 2n3 okay and then we can take and run that cable over here and we'll plug that into this port here whatever that is and we'll do the same configuration over here right pvid1 tag for 2n3 and then untagged41 so that would make this port work with a computer but at the same time it would also carry traffic for port for vlans two and three at the same time and those would be invisible to a computer if you happen to plug those in okay now we can take advantage of this untagging feature in order to move traffic from one vlan to another say for example we wanted the stuff that was on vlan 1 on our first switch to become v14 on a second switch let me let's let's actually talk about how you would do that so we'll walk through this so we'll basically say any traffic okay we're going to use this port here so port number 16 so we're going to disconnect this we don't want you don't want to have a loop right so so we're going to disconnect this and then we're going to have this come over here to this board over here due to going both directions all right so we're going to assign this well we want anything coming in here this is going to be v1 one over here and then that's going to be converted to vlan 4 over here so anything coming in here needs to be pv id1 because that's the tag that we want the packet to have inside of our switch and we want to include uh say for just for sake of discussion we want to include packets from v ones two and three so we'll set tagged two and three and then we'll set untagged to one okay and then on this other side we're going to do things a little bit differently so anything that's on vlan 1 over here is going to have its tagged removed because it's untagged that's untagged here on this port so coming over the wire there's no tag associated with that so what we want to do is we want to set the pvid over here to four so that way anything that was one here untagged comes in it doesn't have a tag and so it's assigned vlan 4 and then conversely anything that's view on 4 here we want to be untagged so that can be retagged over here with vlan number one so we're going to set this one untagged to four then because we as assigned v lines two and three to be tagged we're going to want to do the same thing over here so that we can have communication in both directions so we're going to assign that one tagged ports two and three okay so port come all right packet comes in vlan one the switch says okay port number 16 here is on vlan number one but it's an untagged so we want to remove the tag so it gets sent over the wire gets sent it gets received by the second switch the switch is it doesn't have a vlon tag therefore i'm going to use the pv id as the tag so it's going to assign be assigned to vlan 4. it goes and talks about whatever devices on four would say theoretically we have some other devices here on 4 right so good to talk to one of these devices that device happens to respond sends back over as that packet leaves the port to go back over to this other network untag four so that anything on v14 has the tag removed goes over the wire comes into the first switch gets assigned vlan 1 and then it communicates with any devices that are on von1 okay all right so i hope that makes sense so anyway that's kind of at a high level what's going on there's some other things that can that can happen so you can depending on the manufacturer you might be able to have some filtering capabilities say for example you can tell it if you got a tags packet coming in on a port that's not supposed to be sending or receiving tag report tag packets you can filter those out where you could take and for example discard any tag that happens to be coming in so you can reassign it something but that varies by model that varies by manufacturer and i'm not going to necessarily get into the details of that here so but anyway that's vlans they're actually more simple than you probably imagined it just takes uh simplified examples and a little bit of explanation or in order for people to understand this so anyway if you do happen to have questions about this you can leave those in the comments section down below or you can join with me over on discord me and a whole bunch of people in the video production community very smart people they're very courteous very kind very generous they share their time their knowledge and other with other people as well so if you got a question reach out there on discord and somebody will get back to you so if you want to see me actually configure some devices with multiple vlans stay tuned make sure you subscribe to the channel because i'm going to be producing a separate video where i actually walk through configuring a few devices from at least a couple different manufacturers step by step in explaining everything as i go so be sure to subscribe and stay tuned for that so that's going to do it for now so thanks everyone for watching and have a fantastic day

Info

Channel: Doug Johnson Productions

Views: 121,161

Rating: undefined out of 5

Keywords: Doug Johnson Productions, DJP, Live Video Production, Event Video Production, Orem, Utah, Live Streaming, Internet Streaming, livestream, livestreaming, live video, blackmagic design, atem

Id: C81pyQaJgj8

Channel Id: undefined

Length: 28min 38sec (1718 seconds)

Published: Mon Feb 14 2022