From the course: CompTIA Network+ (N10-009) Cert Prep

Introduction to VLANs

From the course: CompTIA Network+ (N10-009) Cert Prep

Start my 1-month free trial Buy for my team

Introduction to VLANs

- Now, you may or may not believe this, but while I was on my way to becoming a super computer nerd, I used to work in the restaurant industry. In fact, I'm pretty sure I troubleshooted some of their POS systems to kind of help 'em out with things. So let's create a scenario here. Let's say there's a restaurant that has a network and they're using one switch. And what they have is they want to have their POS systems and their computers all connected to the switch, but they also want their guests to be able to access wifi. So they have a wireless access point plugged into the same switch. So now at this point, all devices connected to the switch are on the same broadcast domain. The problem is you have Elliot, the evil cat with a major antenna sitting in the parking lot trying to sniff the network, intercept packets, and try and do bad stuff to the network. And invariably what could happen is that while he's accessing the wireless access point, he could also be getting to the POS systems and possibly ordering a whole bunch of food, and then maybe comping the bill. So he gets it all for free. So how do we get around this particular problem? Well, one of the things that we can do is we can make our network a little more secure, but if you want to added security, we're going to do something called a virtual LAN or a VLAN. Now, what is a VLAN? A VLAN basically takes a broadcast domain and chops it up into smaller broadcast domains. In other words, in a more fun way to explain it, imagine taking a physical switch and then electronically chopping it up into little miniature switches. And you could have 2, 3, 4 possible VLANs just in one switch. So let's take a look at how this is done. So what I have here is my single switch and I have arbitrarily plugged in two devices. I have my computer over here, which is connected to the white cable, okay, my big desktop here. And then I have another laptop here and that's connected via the blue cable. And I've already configured the IP address on the laptop and I have an IP address as well for my computer. So now let's go into the Ubiquiti interface and see how to create a VLAN. Okay, so right now I haven't made any configuration changes. So I have the default username and password, which is not a good thing. Make sure you always change that. All right, I'm going to go over to VLAN. Now I want to point something out. By default, all switches that you purchase, whether you're getting a managed Netgear switch from the store, or you're buying a $30,000 Cisco switch from somewhere else, by default, they all are member, all ports are member of VLAN 1, which is known as the native VLAN, and Ubiquiti calls it the default VLAN. So what I'm going to do is I'm going to basically create a new VLAN. That's the first thing you have to do. You have to create the VLAN first before you start assigning ports. So let's just call it, we'll do VLAN 4, and we'll add it. So what you notice here is that all of the ports for VLAN 1 have the letter U. Just for the sake of being, keeping things simple, in Ubiquiti's world, this basically means that all of these ports are members of VLAN 1 represented by a U. So there are currently no ports configured to VLAN 4, and that is why they're indicated with the letter E, which means exclude, we're going to change that. So what we're going to do is I want to use ports, let's say 3, 4, 5, and 6, just to give you an idea. So we're going to make these excluded, and then we're going to change the same ports on VLAN 4 to a U. Now you're going to notice another letter here, and that's T, and that's for tagging and we're going to get to that in a whole other episode. So let's hit Submit to apply the changes. Okay, great. So now as you can see over here on VLAN 4, I have ports 3, 4, 5, and 6. And those same ports on VLAN 1 have been excluded. So let's get back now to our switch. So as you can see here in my computer, the white cable, is plugged into port seven. And the laptop, the blue cable, is plugged into 13. So based on what we've done, these should both be in VLAN 1, because we assigned ports 3, 4, 5, and 6 to VLAN 4. So I'm going to go ahead from my computer and ping the laptop, 10. So this laptop, as it was configured before is 10.0.10.101. And as you can see, I can successfully communicate with this laptop. So now let's go and try something different. Let's now put my computer into VLAN 4 and keep the laptop in VLAN 1. Okay, so let's get this out of here, put it in port three. And once again, we're going to ping the laptop. Aha, see that? Destination host unreachable. This is because once again, my computer is part of VLAN 4 and the laptop is part of VLAN 1. They are in separate broadcast domains. Okay, so now I also want to mention some other things about VLANs that the exam expects you to know. Network plus deems the terms data VLANs separate from voice VLAN. Data VLAN is a traditional VLAN like we just did, but then we have voice VLAN. What just happens is with the, they prioritize the voice traffic over data to make sure there's smooth communication. This is used a lot with IP phones. Voice VLANs can use MAC addresses to determine which devices on the network are phones or use VLAN based tags in the received frames. The switch can prioritize the voice traffic and deprioritize the data traffic. So in this episode, folks, what we saw is how to configure VLANs on a Ubiquiti switch. Now there are other manufacturers out there that make switches that have a totally different interface and. - Maybe like a Netgear switch? - Like a Netgear switch. - Joe, I just thought it might be fun. Can we just do this one more time? I want to make VLANs just like you did on the Ubiquiti, but I just want to do it on the Netgear. - Sure, why not? Why not? - Move. (both laughing) ♪ Nick Burns to come. ♪ Do you mind flipping the switches up? Just this, the cords on, just plug 'em in. - Sure. - All right, so guys. This is set up just the way the Ubiquiti was. This is pretty much fresh out of the factory. The only thing I've done is the network ID for our little network is 10.0.10. - Yes. - So I did go into the Netgear and instead of using the default factory IP address, I did change it to 10.0.10. Hey, hear did he say to him concerning about. Joe will remember. - This one is 10.0.10.12 for the Netgear. Dot 12, thank you. - Dot 12. - Because I, like I tell the IRS every year, I forgot. (Joe laughs) - All right. So I'm just going to go into the browser real quick here. And you see I'm 10.0.10.12, we hit Enter. And let me log in. And the password is? - Password. - How secure. - Be sure to change that. - Yeah. Okay, so here we are in the Netgear. Now you can see we've got a VLAN option right here. So you remember the two things you just taught these guys, right? You taught number one, make your VLAN, and then number two, you assign physical ports to the VLAN you made. Netgear is designed to work in like SOHO environments and stuff where they assume you're kind of dumb. And. (both laughing) So. - I'd say. - So they skip a couple of things, but because Netgear, so I just thought it'd be cool to show. So anyway, let's jump in this. So what we want to do is we go to Advanced, all right? Now this has this disable and enable. So basically they're saying just turn this all off. It's all going to stay as VLAN 1, but we're going to turn it on, because we're crazy college students, okay. So what you'll see on this one is it's got, it actually shows the ports. So right now we have VLAN 1, we have our default VLAN, our native VLAN, and they're all set to 1. Now if I want to make another VLAN, like you typed in VLAN 4, right? - Yes I did. - Okay. So I don't have that option here on the Netgear. It just goes through 1 through 8. - Not enough. - Well. In order to make a VLAN, all I do is select the number four, just a little bit different from what we saw before. Okay, so now I've got VLAN 4, and you'll notice that all of these are unchecked, right? So if I want to make any of these ports be a part of VLAN 4, we just hit some check boxes. So I'm going to do 3 and 4, is that okay? - Sounds great to me. - And. I do something to make it go. How about Apply? - That works. - All right. So now if you look down here, you can see VLAN 4 shows that 3 and 4 is in there. But look at this. VLAN 1, 3, and 4 is still in there. - [Joe] Still, numbers are the same. Different VLAN. - This is one. So I'm going to uncheck those hardware. There we go. And let me hit Apply. Viola. So the reason I asked Joe if we could add one more switch in here is, because the first time you're going to be exposed to VLANs, you're going to have some challenges as you go into different switches. So the two things you need to remember for any time you're setting up VLANs is number one, make the VLAN. Oh, by the way, so you'll notice that the VLANs always have the number VLAN 1, VLAN 2, VLAN 3, you can't call a VLAN Timmy the Wonder poodle, you know? - Unfortunately not. - Yeah, just the nomenclature of VLANs, it's always numeric. So number one, you make the VLAN and then number two, you assign ports to that VLAN, even if it's a weird Netgear switch. - And the best part about this whole scenario is, no longer can Elliot, the evil cat, get into the restaurants network - 'Cause they're literally Layer 2 separated. - Exactly. - The wireless access points are separated from the point of sale systems. - Absolutely, mm. - We're good.

Contents