Subnet Based VLANs | DrayTek Tutorial

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

before we go in depth from the configuration we just need to understand that vlans and subnets are two different things but they both deal with segmenting and partitioning parts of the network but they can also be used together as well vlans operate at the data link layer so layer two of The OSI model and the primary purpose of a VLAN is to separate hosts into logical broadcast domains on a network switch Network switches also operate at layer 2 of The OSI model and they use Mac addresses to make forwarding decisions vlans will help improve their Network performance an example being by grouping devices together that are console in communication with each other such as IP cameras they're constantly trying to communicate to the NVR so these could be placed on the VLAN a VLAN ads a layer of security as well because a host in say VLAN 20 won't be able to communicate with a hosting VLAN 10 for instance I've got a video with a full explanation on how vlans work so be good to go and check that one out Suddenly It's operator layer 3 of the osr model so the network layer and the purpose of a subnet is to create again logical partition networks where we can use IP addresses to help hosts communicate routers operate at layer 3 of The OSI model and the reason you'd add a router in is to allow routing between vlans for instance other reasons to use a router is to give a dynamic class a b or c network address to hosts and also give them access to the wide area network or in other words the net so in my system here I've got a draytek 2862 router and a Cisco Catalyst 1000 network switch and the aim here is to create IP subnet based vlans we want to create free vlans at layer 2 on the ethernet switch VLAN 1 is going to be the default VLAN the default vlans were untagged traffic is directed Cisco advises that the default VLAN is changed to something other than one for instance just for security reasons VLAN 10 is going to be CCTV VLAN and VLAN 20 is going to be for satellite box for instance because as we know Sky Q can be the root problem to network issues as this is at layer 2 the host won't have any access to the outside world it'll generate a self-assigned AP IPA address or automatic private IP address as there's no DHCP server assigned an IP address is there any hosts [Music] thank you in the Cisco Catalyst switch we go to configuration and VLAN and under layer to VLAN at the bottom of the page we have the VLAN configuration table in there is the default VLAN we'll leave that in there for now and I'm going to add foreign and give an ID of 10 and just give this a name CCTV then we have some options for DHCP snooping igmp snooping I'll leave that as is and press save and apply then I'll create another VLAN give it an ID of 20. and I'll just name that sky and then save and apply now I've got three vlans one which is the default VLAN 10 and 20. and I need to assign these to Ports now back under configuration I'll go to Ports and I'll click on Port 3 and go to the port settings I'll set the switch mode to access and access VLAN 10. in the list is Port fast I'll turn that on this allows devices to connect to the network immediately leaving it off makes the port transition from listening and learning states to a Ford in state which takes about 30 seconds to negotiate before connecting you'd use this for switch to switch configuration for instance I'll then click on Port 4. change the switch mode to access and access VLAN 10 as well and enable Port fast there's a reason why I'm accessing this to the same VLAN I'll show this shortly I'll then go to Port 5 and set the switch mode to access and give it VLAN 20. and also enable Port fast foreign sorted I'll configure the trunk later on so ports one and two are on the default VLAN which is untagged and that will be in communication with the router which is handing out DHCP ipv4 addresses and has access to the wide area network this is technically like a network you get at the box so you plug in and Away you go a flat Network ports three and four are members on the VLAN 10 broadcast domain but they're going to access the Gateway because we haven't configured the subnet or VLAN in the router to send tag traffic to the switch the tag being ID 10 Port 5 is a member of VLAN 20 and for the same reason this VLAN 10 doesn't have any access to the DHCP server or the wide area network so I've got a Windows machine here generating a ping to my Mac and my Mac is generating a ping to the Windows machine and each are responding to one another on a class c i p address because ports one two six seven eight nine and ten are configured on the default VLAN all within the same broadcast last domain if I move the MacBook to Port 5 and the Windows machine to Port 4 . both machines will generate and the automatic private IP address as that VLAN is not in communication with the DHCP server but they're on different broadcast domains so the Windows machine has a self-assigned address of 169 254-121.1 and the MacBook has an address of 169 254 170.121 That's The Telltale sign of an automatic self-assigned address is they'll start with 169254.x.x if I ping from the Windows machine 169.254.172.121 which is the MacBook I get a timeout but if I now move my Mac to Port 3 in the same broadcast domain as the Windows machine let it get a self-assigned IP and then ping the Mac from the Windows machine so 169 254 172.121 I'll get a response the laptops can see one another let's set up some subnets then which requires a layer 3 device routers limit layer three so let's do a configuration I've got my draytek 2862 router and if I connect my MacBook back into switch port 2. I then have access to the default VLAN so logged into the router and the Lan General setup we can set up to eight subnets Lan 1 is already configured which I'm going to leave and I'll go to Lan 2 and I'll click on the details page and click enable so we've got an option here for Nat usage nap being the network address translation and that's where we can translate a private ipv four addresses to a public address and this is what we use and what most networks use anyway for routine usage is where we can assign a host device a public IP address subject to the ISP providing a block of public IP addresses in the IP field I'm going to change the gateway address to 192.168 10.1 then we have the subnet mask I'll leave this as a 24-bit subnet mask I've got a video on subnetting and it goes into in-depth detail on how subnet mask works now we want our hosts on the subnet to obtain IP addresses automatically so we need a dynamic host configuration protocol server or DHCP server which operates at layer 7 in the application layer of the OSI model but most routers these days have DHCP servers built in we can disable it so all hosts on the subnet will have to statically assign addresses we can enable the server so then hosts will obtain addresses automatically with the DHCP server enabled and we'll leave the start IP addresses 192.168 10.10 and leave the pool counts as a hundred just for this demonstration this is the amount of dynamic dresses the router can assign unit you'd adjust it accordingly to your network design we set the Gateway so the router address on the subnet is 192. 168 10.1 the lease time is the time a host will have the IP address before it's renegotiated to see if that address is still in use then we have the DNS server address we can point this to a direct DNS such as 1.1.101 or 8.8.8 or we can point it to a dedicated DNS server then I press save and it wants me to reboot but I want to continue with the setup so I'll just ignore that for the minute then go back to Lan and go to details and do the same but assign the subnet Beyond 192.168 20.0 Network [Music] foreign click OK and reboot the router and that's the subnets completed we now need to assign the subnets to a VLAN so back in the draytek router and the Lan is vlans and what we're going to do is create a trunk between the router and the switch a trunk will contain the VLAN identifiers so one being untagged 10 and 20 being tagged this is called an 802.1 Q trunk a trunk contains all the VLAN identifiers within it so we're in an Ethernet frame reaches the switch the switch sees if the device the host device Mac address is populated in its Mac address table if it is then it sends the data via the identifier within the frame to the relevant Port Associated within the VLAN in my VLAN video I explain about the ethernet frame and where the tag is added and how traffic is directed to the host via the switch anyway we're going to enable VLAN and now we have the famous draytech VLAN table on the left we have the VLAN index and then we have the port we want to assign the VLAN information to I'm going to do Port 1 through to four to have the ability to access the default VLAN but Port 4 configure as a trunk to allow access to all vlans [Music] as a tip for security you could assign ports one and three to a VLAN black hole for instance so create a VLAN against the Lan subnet that doesn't exist so if someone connects to the router they won't be able to access anything you can also configure all ports to be tagged for instance but let's take some alternative setup so that's another video carrying on this is a Wi-Fi capable router so we can assign vlans to ssids again I've got a video of how you assign vlans to an SSID and then we have the Subnet in the drop down we can choose the Lan we created in the general setup page finally we have the VLAN identifiers we can enable them and put in 10 against LAN 2. and 20 against land 3. Lam 1 is the default vlans we want untagged traffic to be on that press OK and reboot the router so once I'm rebooted I'm going to generate a continuous ping on the Windows machine to 1.1.1.1 and 192 168 20.1 so 20 to 1 being the Gateway I'm not getting any response but I haven't set the trunk on my Cisco switch so we'll go to the web UI and I'll go to configuration of the Cisco switch go to Ports and select port number 10. and we're going to change the switch mode to trunk and allow it to access all the vlans and also enable Port fast as well and then click apply I'm going to go back to the Windows machine and disconnect it from the ethernet switch and reconnect the cable [Music] if I do ipconfig on the Windows machine I now get an IP address within the network range of 192 168 20.0 which is associated with VLAN 20. and then the default gateway is 192.168.20.1 if I move my MacBook over to Port 3 Associated VLAN 10 I then got an address of 192 168 10.10 and a Gateway of 10.1 [Music] if I tried to Ping the Windows machine for my MacBook I get a host unreachable message and that's just what I wanted separation segmentation and partitioning the official purpose of a router within vlans is to Route traffic between those vlans and allow communication between the hosts but that's another video that's how you set up a dratic router for subnet based vlans [Music] thank you [Music] foreign [Music]

Info

Channel: SammytheSalmon

Views: 15,129

Rating: undefined out of 5

Keywords:

Id: F5Jhzdrmiis

Channel Id: undefined

Length: 14min 1sec (841 seconds)

Published: Tue Jan 24 2023