Thanks so much for the compliment! That is exactly the audience I am targeting as I am assuming some basic level of network understanding. I do try to help new users too but my focus is on intermediate level users who want to learn more as I personally found resources in certain areas lacking when I started my journey about 6 years ago. I try to use real world home network/homelab examples (many of which are based on my own home network architecture).
I hope you can make a vid for later version of IOS. I bought a 2960X series switch with LAN Base IOS. Totally no idea to set a LAG management since there's no LAG Management option as in this vid. Great content BTW. I successfully set my soft router accordingly.
Thanks! I would need to purchase a similar used router to be able to experiment with creating LAGGs on there. Perhaps I can do that one day but I have a long list of things I want to do videos on. haha
@@homenetworkguy But I think it is still a good content since many of individual users now buying this series (2960X or equivalent) from a used or old stock market since Cisco EOSL or security support end on 2027. But IOS LAN Base totally diff vs the old one.
Thanks! In my haste to try to get the finally finally done, I forgot to mention Jason's Lab in the video (doh!) but I added a card at 34 seconds into the video to give you a shout out!
Yeah it’s a bit more awkward to configure if you’re used to the TP-Link switches. I use TP-Link as my main switches so I couldn’t use any of them for an example without taking down part of my main home network. Since I have that Cisco switch as an extra switch that was donated to me by @JasonsLabVideos, I used it as my example. I have some written guides which use TP-Link switches. I may be able to do a video with a TP-Link switch in the future once I get a faster switch for the backbone of my main home network.
I wish I had a switch from every major vendor to show the differences between them. Maybe one day if I generate enough revenue. Haha. I will be doing this with a Grandstream and a TP-Link switch at some point (I did some TP-Link VLAN configuration on my beginner’s guide video but it doesn’t show LAGG configuration, etc).
In part two of your series, you create vlans in sections of 10, 20, 30, etc. I am wondering if it is possible to do the same thing but split the ip pool with 510 usable ip addresses as per the following example, the first 310 addresses are dynamically allocated, 311-360 for DMZ, 361-410 for IPCAM etc. these addresses will be statically assigned. Is this even possible? This might be a really stupid idea.
you can divide up IPs using CIDR notation however you see fit bit especially for a home network, I like to keep it simple. Who cares if I only use 10 IPs out of 254 usable IPs when using a /24 network, for example? It doesn’t really matter if they are sequential or you try make the network match the exact number of IPs that you need. Hence why I like making VLAN 10 use 192.168.10.0-192.168.10.255 since I can at a glance see that a .10 address means the device is on VLAN 10. Doesn’t have to be done that way of course. I prefer to manage complexity by avoiding over complicating the configuration (sometimes it can’t be avoided but there are many ways to reduce complexity by using reasonable configuration values).
That's the default behavior. "Quick" rules means that the action of the rule takes place immediately on the traffic that matches the rule (it doesn't process any rules after that matched rule for that particular network traffic). If you turn "quick" off, it will essentially match on "last rule wins" instead of "first rule wins". I'm not sure when it would be best to use non-quick rules but you have to think about the rule processing order differently if you deviate from that default behavior.
I usually do include some affiliate links for the hardware used in the video but there really isn’t any Cisco SG200 switches on Amazon since that is a very old obsolete switch. It was the only switch at the time I had available to do a demonstration but since this video I have demonstrated other switches such as UniFi. I will also do one on Grandstream and TP-Link switches at some point.
I bought this switch NIB for $50 years ago and never could figure out how to configure it... So its basically a dumb switch... Glad to see FINALLY someone putting a video out on it!! Hope I can get it working correctly
So close! I don’t know how much different the models are. I thought about doing alternate versions of this video whenever I have the chance to configure switches from different brands since they all do things differently.
@@homenetworkguy Its close but what confuses me is all the functions in the menus and what they do and if I need to change them... Reason i been hesitant to configure this switch... I never could find a guide that explains things and your video so far has been the closest but I am still lost... LOL
@@neccros007 haha yeah it can be overwhelming. I don’t personally like those web interfaces on the older Cisco switches (not sure if it’s any better on new models). I think other manufacturers have easier to understand web interfaces but they still have their own quirks sometimes.
@@homenetworkguy regardless of UI/Brand, all the functions and what they do confuse me... I barely understand LAG and still cant configure it... I have one TrueNAS Scale server I want to LAG to this switch and possibly my firewall when I build it
Are you sure device ports need to be access ports? My XBOX and lots of other devices don’t give a tag. However, in your guide, the LAG is set up to only accept tagged packages. Even if a device is on a VLAN because it is on an access port, because it doesn’t get a tag, it gets dropped at the LAG. The VLAN tagging, port settings, LAGs, you did a tremendous job explaining everything, but my knowledge is too little to fix this properly, even with googling. I have the same switch as you, I just want my end devices to be able to reach the router.
Yes, all devices which do not provide a tag can be set to "ACCESS". The switch is responsible for tagging traffic that enters into that interface from your devices which only send untagged traffic. The official Cisco documentation for the switch states: "Access-The interface is an untagged member of a single VLAN. A port configured in this mode is known as an access port." Your device is an "untagged member" which you want to belong to a VLAN. The switch will add tags to all the traffic coming from your devices and it's ok if the LAGG only handles tagged traffic. The reason I removed the untagged traffic on the LAGG is to help further enforce only VLAN traffic on the LAGG. Since I'm dedicating a separate interface on my OPNsense box for management purposes, all of the untagged traffic will traverse that interface on OPNsense while only tagged VLAN traffic will traverse the LAGG configured on OPNsense and the switch. You can allow untagged traffic on your LAGG if you want to allow both untagged and tagged traffic, but I've seen it recommended to separate the tagged and untagged traffic on the interfaces in OPNsense since it is potentially possible for the parent interface to see the traffic of the VLANs associated to that interface if there are poorly written (less restrictive) firewall rules. I hope this helps explain some things further!
@@homenetworkguy thanks for the quick reply! It helps, but now I am even more lost as to why stuff isn’t working. I followed your guide from start to finish, have an OPNSense box and a Cisco SG300 28 port switch. The only difference is that I have an wireless access point that unfortunately I can’t configure with VLAN’s, but that has nothing to do with the issue that I now have. The problem is either my LAGG, the XBOX, or the access port. Or it could be the set up in OPNsense, but I am totally lost. :(
If you're new to all of this, it can be overwhelming. I've learned much of this after months/years of researching, implementing, testing, failing, and trying again. haha. I started with implementing one new concept at a time until I understood various concepts (full disclosure: I have had some networking background in the past so I didn't start from ground zero). It took me a bit of time to wrap my mind around how to implement VLANs, but once I understood the concepts, implementing VLANs on different switches from various manufacturers becomes a lot easier. If I had to guess, it's likely your switch configuration that's the issue since it can be more involved than the configuration in OPNsense. Without seeing details of your configuration it's hard to say where the issue may be.
@@homenetworkguy totally understandable! And I wouldn’t expect you to, just, if you could let me know that OPNSense with a LAGG and the same switch and a device on an access port works if you follow your videos and written guide to the letter, without hidden settings that need to be changed, I can try to keep wrestling with it myself, either by finding a solution that works for my situation, or by replicating your set up 1 on 1. For example, in the video, you didn’t set up the LAGG interface at the interfaces part in OPNSense (it doesn’t show in your list, next to LAN, WAN, DMZ etc.) and I wasn’t sure if it needed to be. You know, where you set the gateway and the subnet etc and check the box to enable the interface. Was this on purpose or did you fix that later when you tested the set up?
That was intentional. I am not using the physical parent interface of the LAGG because that would be for untagged network traffic but I only want tagged VLAN traffic on the LAGG interface (since I am separating tagged and untagged traffic-- untagged traffic gets its own interface on OPNsense and tagged traffic will use the LAGG). When I demonstrated the PCs connected to the switch at 19 minutes into the Part 3 video, I was using the exact configuration I recorded for the Part 2 video along with the exact config that I used for the network switch in Part 3, and I was able to get the proper IP addresses assigned and access the Internet without issue.
![[Full Episode] The Restaurant War Thailand ศึกพ่อค้าซ่าแม่ค้าแซ่บ Episode 2 | 29 ก.ย. 67](http://i.ytimg.com/vi/r3lfLNH6Ke4/mqdefault.jpg)
The whole series, including the written format, is the best resource available online for an intermediate level user. Thank you a lot for your work!
Thanks so much for the compliment! That is exactly the audience I am targeting as I am assuming some basic level of network understanding. I do try to help new users too but my focus is on intermediate level users who want to learn more as I personally found resources in certain areas lacking when I started my journey about 6 years ago. I try to use real world home network/homelab examples (many of which are based on my own home network architecture).
I hope you can make a vid for later version of IOS. I bought a 2960X series switch with LAN Base IOS. Totally no idea to set a LAG management since there's no LAG Management option as in this vid. Great content BTW. I successfully set my soft router accordingly.
Thanks! I would need to purchase a similar used router to be able to experiment with creating LAGGs on there. Perhaps I can do that one day but I have a long list of things I want to do videos on. haha
@@homenetworkguy But I think it is still a good content since many of individual users now buying this series (2960X or equivalent) from a used or old stock market since Cisco EOSL or security support end on 2027. But IOS LAN Base totally diff vs the old one.
OHHH loo at you !! Nice switch !!
Thanks! In my haste to try to get the finally finally done, I forgot to mention Jason's Lab in the video (doh!) but I added a card at 34 seconds into the video to give you a shout out!
Man I wished you used omada able switch. That Cisco settings are hard to try and implement in Omada switches
Yeah it’s a bit more awkward to configure if you’re used to the TP-Link switches. I use TP-Link as my main switches so I couldn’t use any of them for an example without taking down part of my main home network. Since I have that Cisco switch as an extra switch that was donated to me by @JasonsLabVideos, I used it as my example.
I have some written guides which use TP-Link switches. I may be able to do a video with a TP-Link switch in the future once I get a faster switch for the backbone of my main home network.
If you have a Zyxel switch, I would really love to see this on done on a Zyxel switch :D
I wish I had a switch from every major vendor to show the differences between them. Maybe one day if I generate enough revenue. Haha. I will be doing this with a Grandstream and a TP-Link switch at some point (I did some TP-Link VLAN configuration on my beginner’s guide video but it doesn’t show LAGG configuration, etc).
Please do a video on how to create vlans that retrieve ip addresses from the same ip range, e.g. 192.x.x.0/23 with DHCP relay!
(If possible)
//Carl
Out of curiosity, what is your use case for using a DHCP relay? I haven’t set one up before especially in the context of a home network
In part two of your series, you create vlans in sections of 10, 20, 30, etc. I am wondering if it is possible to do the same thing but split the ip pool with 510 usable ip addresses as per the following example, the first 310 addresses are dynamically allocated, 311-360 for DMZ, 361-410 for IPCAM etc. these addresses will be statically assigned. Is this even possible? This might be a really stupid idea.
you can divide up IPs using CIDR notation however you see fit bit especially for a home network, I like to keep it simple. Who cares if I only use 10 IPs out of 254 usable IPs when using a /24 network, for example? It doesn’t really matter if they are sequential or you try make the network match the exact number of IPs that you need. Hence why I like making VLAN 10 use 192.168.10.0-192.168.10.255 since I can at a glance see that a .10 address means the device is on VLAN 10. Doesn’t have to be done that way of course. I prefer to manage complexity by avoiding over complicating the configuration (sometimes it can’t be avoided but there are many ways to reduce complexity by using reasonable configuration values).
Why are you using "quick" rules?
That's the default behavior. "Quick" rules means that the action of the rule takes place immediately on the traffic that matches the rule (it doesn't process any rules after that matched rule for that particular network traffic). If you turn "quick" off, it will essentially match on "last rule wins" instead of "first rule wins". I'm not sure when it would be best to use non-quick rules but you have to think about the rule processing order differently if you deviate from that default behavior.
So do you have links to your hardware?
I usually do include some affiliate links for the hardware used in the video but there really isn’t any Cisco SG200 switches on Amazon since that is a very old obsolete switch. It was the only switch at the time I had available to do a demonstration but since this video I have demonstrated other switches such as UniFi. I will also do one on Grandstream and TP-Link switches at some point.
I bought this switch NIB for $50 years ago and never could figure out how to configure it... So its basically a dumb switch... Glad to see FINALLY someone putting a video out on it!! Hope I can get it working correctly
Actually I have the SGE2000 not the SG200... the UI is different...
So close! I don’t know how much different the models are. I thought about doing alternate versions of this video whenever I have the chance to configure switches from different brands since they all do things differently.
@@homenetworkguy Its close but what confuses me is all the functions in the menus and what they do and if I need to change them... Reason i been hesitant to configure this switch... I never could find a guide that explains things and your video so far has been the closest but I am still lost... LOL
@@neccros007 haha yeah it can be overwhelming. I don’t personally like those web interfaces on the older Cisco switches (not sure if it’s any better on new models). I think other manufacturers have easier to understand web interfaces but they still have their own quirks sometimes.
@@homenetworkguy regardless of UI/Brand, all the functions and what they do confuse me... I barely understand LAG and still cant configure it... I have one TrueNAS Scale server I want to LAG to this switch and possibly my firewall when I build it
Are you sure device ports need to be access ports? My XBOX and lots of other devices don’t give a tag. However, in your guide, the LAG is set up to only accept tagged packages. Even if a device is on a VLAN because it is on an access port, because it doesn’t get a tag, it gets dropped at the LAG. The VLAN tagging, port settings, LAGs, you did a tremendous job explaining everything, but my knowledge is too little to fix this properly, even with googling. I have the same switch as you, I just want my end devices to be able to reach the router.
Yes, all devices which do not provide a tag can be set to "ACCESS". The switch is responsible for tagging traffic that enters into that interface from your devices which only send untagged traffic. The official Cisco documentation for the switch states: "Access-The interface is an untagged member of a single VLAN. A port
configured in this mode is known as an access port." Your device is an "untagged member" which you want to belong to a VLAN. The switch will add tags to all the traffic coming from your devices and it's ok if the LAGG only handles tagged traffic. The reason I removed the untagged traffic on the LAGG is to help further enforce only VLAN traffic on the LAGG. Since I'm dedicating a separate interface on my OPNsense box for management purposes, all of the untagged traffic will traverse that interface on OPNsense while only tagged VLAN traffic will traverse the LAGG configured on OPNsense and the switch. You can allow untagged traffic on your LAGG if you want to allow both untagged and tagged traffic, but I've seen it recommended to separate the tagged and untagged traffic on the interfaces in OPNsense since it is potentially possible for the parent interface to see the traffic of the VLANs associated to that interface if there are poorly written (less restrictive) firewall rules. I hope this helps explain some things further!
@@homenetworkguy thanks for the quick reply! It helps, but now I am even more lost as to why stuff isn’t working. I followed your guide from start to finish, have an OPNSense box and a Cisco SG300 28 port switch. The only difference is that I have an wireless access point that unfortunately I can’t configure with VLAN’s, but that has nothing to do with the issue that I now have. The problem is either my LAGG, the XBOX, or the access port. Or it could be the set up in OPNsense, but I am totally lost. :(
If you're new to all of this, it can be overwhelming. I've learned much of this after months/years of researching, implementing, testing, failing, and trying again. haha. I started with implementing one new concept at a time until I understood various concepts (full disclosure: I have had some networking background in the past so I didn't start from ground zero). It took me a bit of time to wrap my mind around how to implement VLANs, but once I understood the concepts, implementing VLANs on different switches from various manufacturers becomes a lot easier. If I had to guess, it's likely your switch configuration that's the issue since it can be more involved than the configuration in OPNsense. Without seeing details of your configuration it's hard to say where the issue may be.
@@homenetworkguy totally understandable! And I wouldn’t expect you to, just, if you could let me know that OPNSense with a LAGG and the same switch and a device on an access port works if you follow your videos and written guide to the letter, without hidden settings that need to be changed, I can try to keep wrestling with it myself, either by finding a solution that works for my situation, or by replicating your set up 1 on 1.
For example, in the video, you didn’t set up the LAGG interface at the interfaces part in OPNSense (it doesn’t show in your list, next to LAN, WAN, DMZ etc.) and I wasn’t sure if it needed to be. You know, where you set the gateway and the subnet etc and check the box to enable the interface. Was this on purpose or did you fix that later when you tested the set up?
That was intentional. I am not using the physical parent interface of the LAGG because that would be for untagged network traffic but I only want tagged VLAN traffic on the LAGG interface (since I am separating tagged and untagged traffic-- untagged traffic gets its own interface on OPNsense and tagged traffic will use the LAGG). When I demonstrated the PCs connected to the switch at 19 minutes into the Part 3 video, I was using the exact configuration I recorded for the Part 2 video along with the exact config that I used for the network switch in Part 3, and I was able to get the proper IP addresses assigned and access the Internet without issue.