What is a VLAN??? - How to setup VLANs in your Home Network and WHY YOU NEED THEM

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
quick name every device that's connected to your home network right now it's a lot of devices isn't it you got desktops laptops phones tablets tvs speakers lights toasters refrigerators dogs cats what i'm getting at is that you probably have a lot of devices connected to your network and i bet if you pulled up your client table you'd see devices in there that you probably don't even recognize which makes sense now more than ever to have vlan set up on your home network and of course you know what vlans are right right oh you don't well good thing you clicked on this video because it's basically going to be all about vlans what they are and why you need them so stay tuned and we're going to talk all about it [Music] okay vlans or virtual lands or virtual local area networks you may have heard people talk about these when talking about network configurations because they're pretty popular and have gotten more popular now that we see so many devices connect to our networks the easiest way to describe vlans is essentially segregating your network into different pieces the way i like to think about it is that consider your home network well your home or your actual house vlans would be considered the rooms in your house so 99 of the time when you set up a home network you're actually already going to have a vlan and it's just going to be called your lan which is going to essentially be vlan number one now what is that number we'll talk about in a minute back to the house analogy so let's assume you have a house but you live in one of those giant metal warehouses that is just all open space that would be your house with a single vlan no matter where you go in the house there's no room segregated your living room is your bathroom your bathroom is your kitchen you and your kitchen is your backyard you wouldn't want that right maybe you would maybe you're freaking weird i don't know introducing vlans we can segregate your house into actual rooms so now your bathroom is in your kitchen all your rooms have doors with locks on them and you can specify who can go into what room and what goes in what room makes way more sense doesn't it that's vlans on your home network but why why we need vlans obviously it makes sense to have rooms in a house but i functioned all my life with a basic home network setup and i'm perfectly fine you might be i mean you might be perfectly fine living in a warehouse home but it's probably not optimal vlans are set up on your home network for i would say three main reasons for security to have different rules and for organization the main one being security let's consider this when you have a party at your house now i know you're all a bunch of introverts and you don't actually have parties but let's imagine you had a party at your house so you have a bunch of people over do you leave your bedroom unlocked with all your valuables just sitting there probably not because while you know most of the people that are coming over your party you may not know everybody and even if you do you might not trust them so you're going to want a part of your house separated from the rest of the party in the same way you have a vlan that has all your personal devices with personal information on them in their own separate vlan so here's where we can kind of marry this analogy together so you actually have a party and you see that sketchy dude come over and he opens his phone opening a sketchy app with all types of sketchy things connected to it you don't want to connect into your main network where all your personal devices live what if this device infects your other devices there's many malware attacks out there that can basically jump from his phone to any device on the network so you don't want mr sketchbag connecting to your main vlan so you have a separate vlan just for him and other guests well what if it's not even a person what if it's all those iot devices you have connected to your home so like i mentioned before you know you got refrigerators that can connect now you got doorbells you have lights you have so many things connected to the internet and all of them might not have the best security features built in so let's say someone figures out a hack for your smart light bulbs also the light bulbs in your house are a security risk to the rest of your network so let's take all of those iot devices and put them in their own room or vlan i think you see where i'm going with this segregation for security reasons let's talk about rules say you want different rules for different users on your network so a common example for this is if you have children so you have the main network for you and all the adults and nothing's really blocked off but then you want a separate vlan or separate network for your kids that have different rules on it maybe it blocks certain sites maybe it cuts down on the bandwidth that can be used maybe it has rules on it of when you know it can even be accessed that's a good reason to have a separate vlan it makes setting rules so much easier because you can set it to an entire vlan rather than you know pick and choose certain devices and the last one is organization this goes less into a home network and more into a business sense where if you have multiple sites or you know multiple floors and you have a large network and you kind of want to separate those to make it easier to organize them and figure out where what devices are where quickly that's another reason but if you're watching this and you're a network administrator for a business i hope you know what a vlan is already so we talked about what a vlan is why you'd want a vlan next step is talk about how you even implement a vlan and it's basically going to be driven by the hardware in your network everything from netgear to linksys tp-link to pfsense to unify they all have different ways of setting up vlans i have a couple of videos going over how to set up vlans both on pfsense as well as tp-link omada i'll link them down below but what we're going to do today is jump into my actual home network setup so that i can show you how i have it configured and hopefully it'll make more sense when you can see my configuration and i can kind of walk through exactly how i have it set up i have a pretty i would consider moderate level home networking setup but all you have to know for the purpose of this video is that i have a pfsense router where i configure my vlans i have a smart switch by qnap then i have a bunch of devices connected to that switch whether that's a smart switch access point or actual computers so you'll see when we dive into here but it's really not that complicated so when you're configuring vlans two terms you're going to come across a lot is trunk ports and access ports and these are essentially synonymous with tagged and untagged ports so trump port on your hardware is essentially a port that allows you to feed multiple vlan tags through one physical port an access port is essentially a dumb port it doesn't understand tagging it's going to take the data that comes in and push it through if there's any tags on there for vlans it's not going to know what it's talking about now there's way more details to this but for the basics that's all you need to know so let's dive into it now i mentioned that i'm running pf sense so that's where we are going to start now what i want you to do here is completely ignore the wan section and the op section and pretty much ignore this top part all you need to know is that you can see our vlan tag one is here and for 99 of users out there vlan tag one is dedicated to your default lan and all untagged packets so if you have no vlan setup anywhere in your network it's essentially going to be called vlan 1. now if we look at my lan you can see the members of it are 0t and 2. now i really don't like how pfsense implements vlans i mean you get used to it after you've done it for a little while but it's not really that intuitive so what i'm asking you is just ignore this zero t you see on all of my different vlans this is essentially saying take the default vlan and apply that tag one to all traffic um it's really not intuitive but let's ignore that for now what we are going to look at is our lan our guest network vlan and our virtual vlan you can see here for lan we have member two that's basically saying what port do we want this traffic to go on and if we go over here to ports again not very intuitive you'll see our lan is actually on port two so when we set up a vlan we want our lan traffic to go on port two and if we look in here you'll see that is untagged meaning that all traffic going across this that is not tagged is essentially going to be in vlan 1. so if we go down to the two other vlans i have the guest network and virtual vlan you'll see they're slightly different starting with guest network we have a vlan tag of 50 if we go in there we will see two is tagged meaning that we're still going across two that's the physical port we're going across but now all the packets from this vlan are tagged with the tag 50 and it's exactly the same for the virtual vlan except that we are using vlan tag three now the tag number is completely arbitrary you can use any number you want up to i think uh 4 000 uh and 95 or something okay so at our router level we essentially have a single port port number two carrying vlan tag one untagged and then we also have it carrying vlan tag 50 and vlan tag three both tagged now that'll make sense when we go to the smart switch so let's do that so when we go into our smart switch which is a uh qnap qsw m40 eight m4085 c i highly recommend this switch uh the gui is fantastic the performance is great and i've had zero problems with it and as you're about to see the vlan configuration is so much more intuitive than on pfsense so here we are in our vlan table and immediately it's much nicer to look at now it's not too complicated what's going on here so let me explain all the traffic coming from my router port 2 is going directly into my switch on port 1. so you can see for port 1 we have vlan tag 1 untagged vlan 3 tagged and vlan 50 tagged that essentially means that our port 1 is listening and everything that is untagged is going to be vlan 1 and it's going to be listening for tags of 3 and 50 which we have set up now if we added another vlan say vlan 69 on our pf sense and didn't configure it in here all those tagged packets would just get dropped because our switch isn't set up to listen for them so it'll just drop them but then as you go through here you see some slightly different configurations let me explain what all the basic ones are doing here these are all the ports on my switch and as you can see most of them are just set to untagged vlan 1 meaning that all traffic that comes through it if it's not tagged it's in vlan one and that's how most devices i would say even all devices are configured straight out of the box but here you can see we have two ports that are different three and six let's start with three actually let's start with six so for six you can see we have nothing for one nothing for a three and untagged for 50. that doesn't make sense i thought you said that untagged is vlan id one in most cases that's correct and that's the default behavior but port 6 is actually running to an access point a dumb access point that does not understand vlans so what we've done here is said okay for port 6 we want all untagged data to fall into vlan 50 and then we ran that port directly to a dumb access point meaning that if i connect my phone or any wireless device to that access point all the packets are going to be untagged but they will fall into vlan 50. now you can only have a single untagged vlan on a port at a time so it would make no sense for me to have untagged 50 and untagged one because if traffic is coming in and none of it's tagged it's going to have no idea what to do with it and in this case we've set it to 50 and it actually won't even let you have multiple untagged vlans on a single port so if i went here and said okay for port six i also want three untagged see when i save that it just moves the untagged to three so let's move that back and this is the configuration you'd want if you're trying to pass a specific vlan down to a dumb access point or a dumb switch when i say dumb i just mean it's not managed or not a smart switch or smart device that can handle vlans and tagging so that's what i mean when i say dumb now let's talk about port 3. what are we doing here well port 3 runs directly from one smart switch to another and this is actually a smaller i think 8 port smart switch i have set up next to my server and the reason i wanted to have this is because i wanted the flexibility of running multiple vlans to different devices physically in that area of the house so i needed another smart switch to do that luckily you can find smaller smart switches for pretty cheap these days i think the one i bought was about 25 so definitely recommend picking up one of those if you have multiple vlans in your network so that port 3 is going to carry untagged packets for vlan 1 and tagged packets for vlan 3. now let's go over to that device and check it out so this is it it's a netgear gs305e it's actually five ports and it's a smart managed plus switch meaning that it understands vlans so we've gone into our vlan setup and you can see we're in the advanced section which isn't too advanced i'd say this is more intuitive than the pf sense for sure but it's not as good as the qnap switch but you know it's doable so here you can see we have our two vlan ids we want to listen for one and three now one is our default and three is our virtual vlan so here you can see on all five ports we are listening for vlan tag one which like i said it's not intuitive here because that's actually untagged packets but if you get this far in the configuration you'll get it then we've also added the functionality on ports three and five to listen for tagged packets in vlan 3. so if you look at this switch physically i have a cat6 cable running from port 3 on my qnap switch which is sending untagged vlan 1 and tagged vlan 3 to the smart switch into port 5 which is listening for wn1 and vlan 3. is it starting to make sense now then you can also see that port 3 also listens for vlan 3 meaning that i can take a physical plug and plug that into a device and send along vlan 3. so what i'm using this for is i actually have a multi-port nic in my server and i want multiple vlan connections directly to my server so i can run multiple cables from that switch and have one physical cable for my main vlan or vlan 1 and i can have another physical cable for vlan 3 or my virtual vlan everything's nice and separated i have physical cables that can go to physical devices i have an access point that can take untagged data and pass that through to a dedicated vlan and everything's essentially separated and good to go so that's my configuration but let's back up a second we talked about security and how vlans are separated because you don't want a device in one vlan to have access to a device on another vlan except maybe you do let's talk about it so remember my setup i have a lan and two vlans well basically my lan is where all my personal devices live now if i'm using my computer or workstation on my actual lan i want to be able to talk to devices on my other vlans so i want to be able to talk to them but i don't want them to be able to talk back it's like my dad used to always say hey i'm i'm the main land and you're just you're the kid vlan i'm gonna tell you what to do but don't talk back said that like every day so looking at my rules you'll see that for my lan i don't really have anything blocking connections to my other networks however if i go into guest you'll see we have a rule here that essentially blocks all traffic back to my mainland which is 10.0.0.1 subnet so you can see here it essentially says allow all traffic unless the destination is our private network which is our main lan and same goes for our virtual one allow all traffic except for back to our lan so this configuration essentially our virtual one could talk to our guest and that's just how i have it set up if you don't want it to be like that if you want everything separated go ahead and do it now i'm obviously running pfsense to do this what you're running it may be completely different but every single network configuration i've seen to set up vlans has rules in place or ways to set up rules to allow security between different vlans now one note i will say is that pfsense by default when you set up a new vlan has zero access to anything and you actually have to set up rules to allow traffic but i recently did a video with the tp-link omada setup and by default when you set up a new network it has access to everything and you have to set up rules to block so very different ways of implementing new networks between those two systems so that's my configuration that's how i have vlan set up i definitely plan on adding more but i personally don't have too many iot devices yet but when i accumulate more i plan on making a dedicated iot vlan just for those but i know plenty of people out there that have a whole bunch of vlans set up and that's awesome go ahead and do it i just only have the need for two but yeah i hope this was informative for you i hope this gave you a better understanding of vlans so now when you're at the block party and you're kicking back some beers talking about uh sports and stocks and uh home networking you'll have a lot to talk about in terms of vlans so but if you like this video uh be sure to drop a like below if you're running a bunch of vlans out there let me know how you have your network set up and you know what are you using i'm using pfsense i know some people are using unify some people are using omada but there's a lot out there so let me know what your configuration looks like as well as if you have any other network related questions drop them down below and i'll try my best to help but that's all i have for you today please consider subscribing if you like this type of content thank you so much for watching and i will see you in the next one [Music]
Info
Channel: Raid Owl
Views: 7,267
Rating: undefined out of 5
Keywords:
Id: XdqP14NclZ0
Channel Id: undefined
Length: 20min 4sec (1204 seconds)
Published: Wed Oct 27 2021
Related Videos
2020 Getting started with pfsense 2.4 Tutorial: Network Setup, VLANs, Features & Packages
Lawrence Systems
585K
Home Network Setup - pfSense, VLANs, VPN, HAProxy, 10G, and more
Raid Owl
16K
Home Network Upgrade - TP Link Omada Setup
Raid Owl
13K
What's Running in my Home Server??? - 2021 Edition
Raid Owl
73K
Why I got a GMRS license, and why you should, too.
Ria's Shack ham radio
101K
Budget Home Server Build - This turned out better than I thought...
Raid Owl
51K
tp-link Omada - Complete Overview
Crosstalk Solutions
86K
Best Home Network 2021 - A Guide to the Best Available Network Equipment
Crosstalk Solutions
114K
my SUPER secure Raspberry Pi Router (wifi VPN travel router)
NetworkChuck
367K
PfSense Advanced Configuration - VM Setup, Virtual IPs, Alias, NAT, Rules
Steven Koselke
24K
Is The tp-link Omada SDN platform A UniFi Alternative?
Lawrence Systems
75K
Inexpensive Budget Switch: TP Link TL-SG108E HW Rev. 3.0 With VLANS & pfsense Review
Lawrence Systems
325K
4 NVMe Drives on a Single PCI Card ($25) - My New TrueNAS Cache Solution
Raid Owl
13K
Home Networking Basics - Home Networking 101
WiFi Guy
4.1K
Home Network Tour - 2021
Kevin Wallace Training, LLC
32K
How To Setup VLANS With pfsense & UniFI. Also how to build for firewall rules for VLANS in pfsense
Lawrence Systems
336K
Let's talk about VLANs
Craft Computing
55K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.