After watching several YT’s on VLANS, I give kudos to Chris for doing a better job than all the others combined. Historically, I sparingly used vlans due to weak knowledge. Now, I’ll use them more. His examples and analogies are superb. It’s so good, I watched it twice.
Greatest video I ever saw on TH-cam. You are the most articulate person I have ever encountered on a complex subject like this. I found you by accident and I will continue with your other videos. I wasn't even looking for a Vlan video but I really did understand 80% of what you talked about. You made a place on my google Drive :) Thanks much
Very good video. Now a video about firewall rules for the vlans. For example how to stream from your secure vlan to the iot lan. How will the Sonos app act on a phone vlan when it needs to stream to the iot vlan and the homeassistant app the same way. 😊💪🏼
Exactly. Currently i have all my security cameras on my default LAN. My Agent DVR is running on a computer on my default LAN as well. I manage it through a web browser on my desktop pc on my default LAN. If i segmented the camera's onto a VLAN (which i cannot do at the moment anyways, Google Wifi nojoy) how would i get that streaming traffic to go from it's own VLAN to my computer running the DVR software? If i segemented the DVR computer onto the same VLAN as the camera's, how would I manage it from my desktop PC? Questions... so many questions. I have never understood traffic routing rules for subnets and firewalls. That's the video you need to make for laymen like me.
@@kurti4432not really anymore. Companies fire expensive cisco network experts nowadays, and move towards dumb SDN. Where they dont need to employ highly paid experts. Its the worst time in history to be a ccie, as no company is willing to pay for networking experts, and after the recent 2-3 years of layoff spree, there are many suxh people on the job market, desperate to find a new job, pushing down the average salary.
I find one the biggest points of confusion people have about a layer 2 VLAN is that they think it is synonymous to a layer 3 Network. One can have multiple VLANs on the same piece of wire. One can have multiple layer 3 Networks on the same piece of wire. One can have a VLAN with multiple layer 3 Networks and vice versa they are independent of each other.
20 minutes in and finally, after YEARS of searching (which I grant you may say more about me than it does the subject matter!) I now understand what is meant by Tagged and Untagged VLANs. Thank you!
This met me right where i needed. There are plenty of videos on either side of the subject. Either they're too high level, just explaining the concept of VLANs, or too fine grained, for those who already were very familiar with all the terminology and just needed to know a specific ecosystem. This one video bridged the gaps in my skillset perfectly! Thank you!
Honestly the best explanation of VLANs I have seen, especially the difference between tagged and untagged VLANs. Saved me days of going back and fourth on a help forum
I’ve been doing small to medium business sysadmin & networking for over 20 years and always got by with larger subnet blocks. I just now am needing to learn VLAN stuff. This helped significantly. Thank you for taking the time to do this!
@@CrosstalkSolutions This video should be shown in colleges and high schools for the younger generation to get exposed to networking concepts and terminology.
I knew a little about VLANs, but often got confused and had to double check on things, this explanation made it much easier to understand and I'm not going to have any issues remembering this. Fantastic content as always!
I must say i struggle for a long time understanding the concept of VLANS after reading online aticles, watching several YT videos, i couldn't still get it. This video was a hack to me. You are a good teacher, breaking down complex concepts into simple to understand. Thanks. A video on Firewall rules for the devices on VLANS to talk to each other should be your next.
You never AFAICR explicitly mentioned it to drive the point home, but: without VLANs, to achieve the same logical separation of networks, the networks need to be physically separated (dedicated cable runs and switches for each network so that the packets of two networks "never meet"), and that the whole point of VLANs is that there is only one physical network needed, where the separation of the logical networks is achieved "in software" by having the VLAN-aware routers and switches enforce on port-level the logical separation, based on the VLAN tags of the network packets that pass through.
This is by far THE BEST VLAN tutorial I've come across, I was so confused by Untagged/tagged VLAN, you are the only one who explain it clear as day (not mud 😅). Thank you so much for this! You are THE BEST!
Excellent topic Chris! As a Network Field Technician, I find this is a commonly unknown topic among the support folks I work with. When a network device stops working (and we know it's not a layer 1 issue), one of the first things I check is "is this device in the correct VLAN?" As you well know, this is common problem in VoIP. Thanks for sharing! 😀
Absolutely incredible video! Well done. I believe you may have misspoke between 30:38 and 30:47. I may be wrong, but I believe you referred to tagged ports as untagged. Easy to do, especially given the number of times you had to say tagged and untagged.
Great video. For security reasons, one should not put all VLANS on the Trunk. Only those that are required by the devices connected down stream. For example, don't include management VLAN or security VLAN when it is not required.
By far the best VLAN video I came across. The only missed info for me was about access port, but everything else explained on this video it’s very well clarified !
Very well explained. The biggest thing to get across to people is the difference between TAGGED and UNTAGGED. By switching UNTAGGED with DEFAULT, and TAGGED with OPTIONAL or/ ADDITIONAL, things start to become very clear very quickly.
This is one of the most well done VLAN instructional videos I have ever seen. Is there any chance you can make a tutorial for Chromecast Multicast DNS over VLAN with Ubiquiti? Something that should be easy but never works as expected.
This was such a helpful video for someone about to set up a new unify based network. Helps make your other unify VLAN setup videos much easier to understand. Thank you.
Great introduction to VLANs. Getting IPs sorted to different LANs is my main goal (while having access to the internet on all ports) without using a switch.
What a great video. Can't tell you how many hours I've spent reading & watching videos on this topic and your presentation caused it all to gel. I suddenly love the new way UniFi does this and I figured out my ancient Dell PowerConnect switch while I was at it with these concepts. So pumped! Fantastic job, Chris. This could be a template for an industry standard.
Another great video Chris. Your videos on Ubiquiti products are the sole reason that I settle on Unifi equipment a few years ago. Thanks for all your hard work.
Sorry to say, I feel exactly opposite on the horrible Ubiquiti controller. This week I struggled to resurrect a corrupted USG-3P and get LAN2 to function. It was nightmare flipping back to legacy view UniFi for the necessary menu items because V8 is incomplete. While USG demands a new VLAN for lan2, there’s no way to define tag, untag, or trunk. Very disappointing software and documentation.
I wanted to take a moment to express my appreciation. I thought I understood VLAN theory clearly, but after watching this video, I realized I still have more to learn. Thank you, @Chris. Recently, I switched from my 8+ year-old 24-port Netgear switch to the UniFi USW-24, and I feel like I'm flying! The browsing experience is amazing. Does the USW-24 use smart queuing, or is my old switch really that outdated? Greetings from Germany!
Hey Chris, great video. As someone who’s been networking for years and been the IT guy for the small companies I’ve worked for, I have set up and use VLANs, but this video did a great job clarifying and simplifying the topic, I feel more confident in my approach now. I’ll refer others to this when I see vlan questions on Reddit. Good job!
When you were talking about VoIP phones, you could have mentioned the phones can also pass through the default LAN, so that a computer can be plugged into the back, so the computer and phone can share a single switch port.
Possible update to the beginning - show 4 switches as the "old school" way we would segregate networks physically for each dedicated usage (maybe use different colours of cables for each). Then show a single "VLAN-enabled" switch with all of those cables plugged into it.
Excellent video! Glad you showed UniFi and then also a hodge podge of equipment as well. I am all UniFi here and have noticed my Flex-Mini is VLAN aware and configurable, but like that router you showed, if you configure a port as Native to a VLAN (not 1/default), you can't have tagged traffic.
Superb! 👏 I have finally properly understood setting tagged vs. untagged VLANs on ports. It's the best explanation I have ever come across so far with multiple real world examples. Very informative video. Kudos and thank you! 🌟 Keep up the good work.
Great presentation. I'm thinking of getting into Unifi in my new house so I've saved this to watch it all again later when trying to set it up as a nooob. 👍
Thank you for great explanation. I have a question - at 19:00, there is trunk port with all VLAN on it. If we plug device in this port, how does switch determine what VLAN needs to be assosiated to this device - by default, LAN is untagged, but if deice is 'guest' device, how it will be assosiated to VLAN 10? Thanks again.
One of the things that I absolutely LOVE about Macs is that they have built in functionality to understand VLAN's when given a trunk port by a switch. Even my 20 year old PowerMac G5 has this capability! In System Preferences you add the VLAN ID's and give the ethernet "profile" a name. Add as many VLAN interfaces on you Mac as you have VLANS's. So some of my Mac's have 10+ IP addresses all with using a single ethernet cable. No inter VLAN routing required as the computer is on all the networks at the same time and the traffic stays on the Layer 2 switch.
@@ChasEng-o6y Make sure your Mac is plugged into a trunk port on your switch. By default, your Mac will get an IP address in the untagged VLAN 1 "default" or management LAN. Open System Preferences (System Settings) > Network > and click the dropdown menu (depending on OS X or later version) > Manage Virtual Interfaces > Click "plus" button > New VLAN > Name your VLAN > Enter the VLAN ID created by your router or Layer 3 switch > select the NIC interface > click create. Do this process for as many tagged VLAN's you want your computer to be on. For me, after I do that, I disable ETH0 to get the computer off the untagged / management network.
With L2 switch and vlans when you copy files from pc A in vlan 10 to a pc B in vlan 20 it will be slow as hell because all traffic must go through the router to get data from pc a to pc b. With L3 switch the copy files action will go quick because the switch will do the routing using inter VLAN routing.
Thanks for the video! Just on a learning curve using omada. One issue I have with putting HomeAssistant on a vlan is that some integrations like local tuya stop working. Having figured it out yet so it's back on the default lan until I see what's going on.
I might have missed it, but it seems that there was no mention of PVID values, which are the standard way of indicating the "native VLAN" for a given port. If you aren't using Unifi, PVID is probably the way that the interface refers to the native VLAN ID.
Love your videos - thanks for the effort In this video at 26:40 you say .... Devices can only see internet and not other devices on the same VLan network? But clicking on the little blue "i"next to isolations it says Isolates this network from all other Virtual Networks using firewall rules on the Unifi Gateway. Devices on this network ARE ABLE to communicate with each other.
Great explanation of vlan concepts. What is still not clear is how a client device gets to know which vlan id it should ask for. In case of wireless connectivity, when the client device joins an SSID, which is assigned to a particular network, which, in turn, is configured to use a particular vlan id, then the client device will be tagged with that vlan id. Is this understanding correct? Because we don't configure vlan ids on our devices, we usually join an SSID. In the case of wired connectivity, say we plug in a device to a port, which has the default vlan and some tagged ones. Then our device will join the default vlan first. But what if we wanted that device to join a specific vlan when we plugged in? Do we have to configure the vlan id on the client device so that DHCP can assign an ip from that vlan? Or someone has to configure static ip for that client device from the desired vlan?
Fantastic. Future Ubiquiti user in Zambia (gotta get equipment cleared through our version of the FCC) This helped me understand tagged vs. untagged so much better.
Thank you so much for doing this video!!! If you could please do a follow up video on firewall configurations in the Unifi Environment to allow or disallow traffic through different vLan setups. For example. Needing guests to be able to print to a printer that is on the untagged lan or Allowing Lan users to be able to talk to an IOT device. Preciate You Sir! Keep up the great work!
Great video. I thought of some questions while watching, hopefully you (or someone!) can answer: Can you disallow untagged VLAN devices on a port? I.e, require that a VLAN is configured on a device (so someone can't plug in a random device) How do static IPs play into all this? What if you configured a device with a VLAN (or let it default) but set a static IP in the wrong subnet? (I.e, the hacker in the lobby tries to circumvent the allowed VLAN tags by setting a static IP) Can multiple VLANs have the same subnet? What effects would that have?
Thank you for that strait forward explanation and practical examples. I somethimes still get stuck because naming and location is sometimes different in different brands. I'm fine configuring with an external firewall/router like pfsense, but struggled recently very hard with a Mikrotik Cloud router were i need to configure both functions in to one. Biggest Issue I had was getting normal internet speed. The speed dropped drasticly from 900Mbps to +200Mbps due to this whten router modus was on.
Thanks! This was extremely informative. 2 questions keep haunting me: 1) Why do we trust devices to tell us which VLAN they want to be part of? A hacker could simply tag his data with any VLAN in order to exploit that VLAN. Shouldn't the router assign each device to a VLAN based on some sort of pre-determined rules that we set? 2) Why would you have different VLANs available on different switch ports? Wouldn't it be best to make all VLANs available on all ports, with the default/untagged set to the guest VLAN? That would give us ultimate flexibility and convenience, such that any device can be patched into any switch port. Once again, the router would make sure that each device is assigned to the correct VLAN, no matter which port it is connected to.
This is so comprehensive and I learned so much! I may need to watch this a few times to fully comprehend it but that is okay by me. In a mixed environment scenario where you may not know what is plugged into what, how would you go about identifying hardware? Would I use something like Nmap?
Again one of the great explaining videos 🎉. Q: Is it also possible to push a device to a VLAN by it’s MAC address? Let’s take the doctors waiting room. Here all devices normally connect to the guests network. But sometimes the doctor itself is in the waiting room and his computer should always connect to the main network. Is that possible (Unifi) ? Other questions: which devices do know / can I train to connect to a special VLAN?
Very good video. This helps me a lot when planning my VLAN supported network. Now I have a fundamental question: Should I better create a separate VLAN yy (192.168.yy.0) for the network components (routers, switches and access points) or is it better if they remain in the default (VLAN 1: 192.168.1.0)? Are there any disadvantages other than administrative effort?
Great vid, very helpful in understanding vlans. Could you do a video about all the equipment one would need to create vlans that was budget friendly. I have struggled with knowing what I need, nothing I have seem to work. Google mesh router doesn't seem to allow for vlan. I bought switches but they were not layer 3 and the layer 3 I saw were super expensive. I think a step by step and recommended equipment at various price points would be a great and helpful video. I have lost so many hours trying to figure this stuff out. Thank you
After watching several YT’s on VLANS, I give kudos to Chris for doing a better job than all the others combined. Historically, I sparingly used vlans due to weak knowledge. Now, I’ll use them more. His examples and analogies are superb. It’s so good, I watched it twice.
Greatest video I ever saw on TH-cam. You are the most articulate person I have ever encountered on a complex subject like this. I found you by accident and I will continue with your other videos. I wasn't even looking for a Vlan video but I really did understand 80% of what you talked about. You made a place on my google Drive :) Thanks much
Hi Chris’s dad, nice to see you supporting your son!
Would love a follow up video on firewall rules and making sure cloud and local only devices work properly across the vlans. Thanks Chris!
Very good video. Now a video about firewall rules for the vlans.
For example how to stream from your secure vlan to the iot lan.
How will the Sonos app act on a phone vlan when it needs to stream to the iot vlan and the homeassistant app the same way. 😊💪🏼
Exactly. Currently i have all my security cameras on my default LAN. My Agent DVR is running on a computer on my default LAN as well. I manage it through a web browser on my desktop pc on my default LAN. If i segmented the camera's onto a VLAN (which i cannot do at the moment anyways, Google Wifi nojoy) how would i get that streaming traffic to go from it's own VLAN to my computer running the DVR software? If i segemented the DVR computer onto the same VLAN as the camera's, how would I manage it from my desktop PC? Questions... so many questions. I have never understood traffic routing rules for subnets and firewalls. That's the video you need to make for laymen like me.
@@comradeshadovshkithis is why Network engineers get paid the big bucks
@@kurti4432not really anymore. Companies fire expensive cisco network experts nowadays, and move towards dumb SDN. Where they dont need to employ highly paid experts. Its the worst time in history to be a ccie, as no company is willing to pay for networking experts, and after the recent 2-3 years of layoff spree, there are many suxh people on the job market, desperate to find a new job, pushing down the average salary.
Thanks!
I find one the biggest points of confusion people have about a layer 2 VLAN is that they think it is synonymous to a layer 3 Network. One can have multiple VLANs on the same piece of wire. One can have multiple layer 3 Networks on the same piece of wire. One can have a VLAN with multiple layer 3 Networks and vice versa they are independent of each other.
Thank you! VLANs are virtual broadcast domains.
@@mikelambert4490Bingo
Help
YES THIS EXACTLY
20 minutes in and finally, after YEARS of searching (which I grant you may say more about me than it does the subject matter!) I now understand what is meant by Tagged and Untagged VLANs.
Thank you!
This met me right where i needed. There are plenty of videos on either side of the subject. Either they're too high level, just explaining the concept of VLANs, or too fine grained, for those who already were very familiar with all the terminology and just needed to know a specific ecosystem. This one video bridged the gaps in my skillset perfectly! Thank you!
This is hands down the best VLAN explanation video I have ever seen 🤩. Thanks to this video I finally have a full understanding of VLANs. 🥳
Honestly the best explanation of VLANs I have seen, especially the difference between tagged and untagged VLANs. Saved me days of going back and fourth on a help forum
I’ve been doing small to medium business sysadmin & networking for over 20 years and always got by with larger subnet blocks. I just now am needing to learn VLAN stuff. This helped significantly. Thank you for taking the time to do this!
The amount of videos I’ve watched on tagged, untagged and trunk ports FINALLY I now understand it thanks to this ❤
Excellent presentation. Lots of work went into making this video.
It did actually...not an easy topic to tackle!
@@CrosstalkSolutions This video should be shown in colleges and high schools for the younger generation to get exposed to networking concepts and terminology.
Thank you so much. You are a great teacher. I've learned so much from you these past 3 years. Your customers must love you.
I knew a little about VLANs, but often got confused and had to double check on things, this explanation made it much easier to understand and I'm not going to have any issues remembering this. Fantastic content as always!
I must say i struggle for a long time understanding the concept of VLANS after reading online aticles, watching several YT videos, i couldn't still get it. This video was a hack to me. You are a good teacher, breaking down complex concepts into simple to understand.
Thanks. A video on Firewall rules for the devices on VLANS to talk to each other should be your next.
You never AFAICR explicitly mentioned it to drive the point home, but: without VLANs, to achieve the same logical separation of networks, the networks need to be physically separated (dedicated cable runs and switches for each network so that the packets of two networks "never meet"), and that the whole point of VLANs is that there is only one physical network needed, where the separation of the logical networks is achieved "in software" by having the VLAN-aware routers and switches enforce on port-level the logical separation, based on the VLAN tags of the network packets that pass through.
Give this mam am award
This is by far the best Vlan video I have come across. It answered my long time question about tag vs. untag vlans
Just... WOW! Such clear, precise explanations delivered with a beautifully pleasant voice. Thank you, sir!
OUTSTANDING Video!!! So appreciate the lengths you took with animations and real world situations. Thanks!
I spend a lot of time on TH-cam and I have to say this is one of the best explanations on a topic I have ever seen. Thankyou
Selten haben so gute und anschauliche Erklärungen gehört. Wirklich ganz hervorragend! Vielen, vielen Dank!
As someone who knew almost nothing about VLAN's, this video was super informative. Thank you!
This is by far THE BEST VLAN tutorial I've come across, I was so confused by Untagged/tagged VLAN, you are the only one who explain it clear as day (not mud 😅). Thank you so much for this! You are THE BEST!
I wish you had made this video 5 years ago. Great job, sir! Thank you.
I new nothing about routers and switches. Now I feel confident about using them. This is a well laid out video. Thank you very much.
Cheers - glad it was helpful!
Excellent topic Chris! As a Network Field Technician, I find this is a commonly unknown topic among the support folks I work with. When a network device stops working (and we know it's not a layer 1 issue), one of the first things I check is "is this device in the correct VLAN?" As you well know, this is common problem in VoIP. Thanks for sharing! 😀
finally a video that clearly explains the tagged/untagged issue.
Absolutely incredible video! Well done. I believe you may have misspoke between 30:38 and 30:47. I may be wrong, but I believe you referred to tagged ports as untagged. Easy to do, especially given the number of times you had to say tagged and untagged.
omg I scrolled a lot to find this comment! Thank you. I was struggling to know if it was just misspoken or if I was not understanding something!
Great video. For security reasons, one should not put all VLANS on the Trunk. Only those that are required by the devices connected down stream. For example, don't include management VLAN or security VLAN when it is not required.
By far the best VLAN video I came across. The only missed info for me was about access port, but everything else explained on this video it’s very well clarified !
Mulțumim!
Very well explained. The biggest thing to get across to people is the difference between TAGGED and UNTAGGED. By switching UNTAGGED with DEFAULT, and TAGGED with OPTIONAL or/ ADDITIONAL, things start to become very clear very quickly.
This tutorial is the most excellent one on VLAN...
Well explained video, would love to see an extensive video with firewall rules using vlan
This video is going to help soooo many people, including myself! :) I know how vlans work, but this just simplifies it and will help me help others.
I was confused about untagged and tagged ports. Not anymore! Thank you so much!
This is one of the most well done VLAN instructional videos I have ever seen.
Is there any chance you can make a tutorial for Chromecast Multicast DNS over VLAN with Ubiquiti? Something that should be easy but never works as expected.
Great explanation of VLANs Chris! very clear information and easy to understand. I currently use VLANs but this is the best information I have seen.
Great video. Do you have any videos on VLAN and firewall settings on a UDM for PCI compliance?
Very well explained. VLANs for dummies. Impossible does not understand. Thanks for this video
This was such a helpful video for someone about to set up a new unify based network. Helps make your other unify VLAN setup videos much easier to understand.
Thank you.
Great introduction to VLANs.
Getting IPs sorted to different LANs is my main goal (while having access to the internet on all ports) without using a switch.
What a great video. Can't tell you how many hours I've spent reading & watching videos on this topic and your presentation caused it all to gel. I suddenly love the new way UniFi does this and I figured out my ancient Dell PowerConnect switch while I was at it with these concepts. So pumped! Fantastic job, Chris. This could be a template for an industry standard.
Another great video Chris. Your videos on Ubiquiti products are the sole reason that I settle on Unifi equipment a few years ago. Thanks for all your hard work.
Ditto for me too!
Sorry to say, I feel exactly opposite on the horrible Ubiquiti controller. This week I struggled to resurrect a corrupted USG-3P and get LAN2 to function.
It was nightmare flipping back to legacy view UniFi for the necessary menu items because V8 is incomplete. While USG demands a new VLAN for lan2, there’s no way to define tag, untag, or trunk. Very disappointing software and documentation.
I wanted to take a moment to express my appreciation. I thought I understood VLAN theory clearly, but after watching this video, I realized I still have more to learn. Thank you, @Chris.
Recently, I switched from my 8+ year-old 24-port Netgear switch to the UniFi USW-24, and I feel like I'm flying! The browsing experience is amazing. Does the USW-24 use smart queuing, or is my old switch really that outdated?
Greetings from Germany!
This was fantastic. I always got confused with the tagging and untagged part of vlans but you explained this very well.
I would love a video explaining layer 3 vs layer 2.
Hey Chris, great video. As someone who’s been networking for years and been the IT guy for the small companies I’ve worked for, I have set up and use VLANs, but this video did a great job clarifying and simplifying the topic, I feel more confident in my approach now. I’ll refer others to this when I see vlan questions on Reddit. Good job!
Best VLAN principles explanation I have seen on YT. Thank you.
Bless you for this video!! Been waiting for this one for awhile. Thank you!
When you were talking about VoIP phones, you could have mentioned the phones can also pass through the default LAN, so that a computer can be plugged into the back, so the computer and phone can share a single switch port.
Possible update to the beginning - show 4 switches as the "old school" way we would segregate networks physically for each dedicated usage (maybe use different colours of cables for each). Then show a single "VLAN-enabled" switch with all of those cables plugged into it.
This right here. Visually showing what VLANs are logically doing is a great teaching tool.
Greatest VLAN video on TH-cam 💪💪🙏
Thanks! Finally an easy to understand explanation of VLANs. Didn't get it before, get it now.
Excellent video! Glad you showed UniFi and then also a hodge podge of equipment as well. I am all UniFi here and have noticed my Flex-Mini is VLAN aware and configurable, but like that router you showed, if you configure a port as Native to a VLAN (not 1/default), you can't have tagged traffic.
Superb! 👏 I have finally properly understood setting tagged vs. untagged VLANs on ports. It's the best explanation I have ever come across so far with multiple real world examples. Very informative video. Kudos and thank you! 🌟 Keep up the good work.
Great presentation. I'm thinking of getting into Unifi in my new house so I've saved this to watch it all again later when trying to set it up as a nooob. 👍
Needed a VLAN review, this was very clear and thorough!
Thank you for great explanation. I have a question - at 19:00, there is trunk port with all VLAN on it. If we plug device in this port, how does switch determine what VLAN needs to be assosiated to this device - by default, LAN is untagged, but if deice is 'guest' device, how it will be assosiated to VLAN 10? Thanks again.
Awesome video Chris, best one I've ever seen on the subject to date.
Amazing video! All clear, I can finally say that I understand VLANs - Thank you!
One of the things that I absolutely LOVE about Macs is that they have built in functionality to understand VLAN's when given a trunk port by a switch. Even my 20 year old PowerMac G5 has this capability! In System Preferences you add the VLAN ID's and give the ethernet "profile" a name. Add as many VLAN interfaces on you Mac as you have VLANS's. So some of my Mac's have 10+ IP addresses all with using a single ethernet cable. No inter VLAN routing required as the computer is on all the networks at the same time and the traffic stays on the Layer 2 switch.
coul you expand on that just a bit, thx
@@ChasEng-o6y Make sure your Mac is plugged into a trunk port on your switch. By default, your Mac will get an IP address in the untagged VLAN 1 "default" or management LAN. Open System Preferences (System Settings) > Network > and click the dropdown menu (depending on OS X or later version) > Manage Virtual Interfaces > Click "plus" button > New VLAN > Name your VLAN > Enter the VLAN ID created by your router or Layer 3 switch > select the NIC interface > click create. Do this process for as many tagged VLAN's you want your computer to be on. For me, after I do that, I disable ETH0 to get the computer off the untagged / management network.
With L2 switch and vlans when you copy files from pc A in vlan 10 to a pc B in vlan 20 it will be slow as hell because all traffic must go through the router to get data from pc a to pc b. With L3 switch the copy files action will go quick because the switch will do the routing using inter VLAN routing.
Great video. Thank you for the information. It was clear as mud until the very end when you demonstrated. Then it all came together
Dude this video is a gift from God
You're a great teacher man
Thanks so much for your videos 🙏🏾🙏🏾🙏🏾
Great VLAN vid! Thanks a lot. I was able to get my Cloud gateway ultra and Netgear GS110tp talking to each other at least civilly
And subscribed… by far the easiest video to understand this subject I’ve found.
Very well presented. Easy to understand and actually USE! Thank you.
Thanks for the video! Just on a learning curve using omada. One issue I have with putting HomeAssistant on a vlan is that some integrations like local tuya stop working. Having figured it out yet so it's back on the default lan until I see what's going on.
outstanding video! one of the best VLAN videos on youtube. if not, the best video!!!
Tomorrow’s my exam you saved me buddy thank you
Thank you!!! This was so helpful. For the first time, I finally understand VLANS.
How does the IP phone know that needs to ask for VLAN 30 only? Great video as always!!!
It's probably manually setup with a static IP address in the "30" VLAN range
@@brightmanfanno he said it gets an ip address
it will option to define a VLAN in its settings, otherwise it will (if defined) use the untagged vlan.
Okayyyy Now that is an excellent tutorial video. Leaving here ready to go setup my home VLANs; just need to get up to speed with firewalls.
Best VLAN explanation ever! Thank you Chris for this vid!
I might have missed it, but it seems that there was no mention of PVID values, which are the standard way of indicating the "native VLAN" for a given port. If you aren't using Unifi, PVID is probably the way that the interface refers to the native VLAN ID.
Nicely done Chris, thoroughly enjoyed!
Love your videos - thanks for the effort
In this video at 26:40 you say ....
Devices can only see internet and not other devices on the same VLan network? But clicking on the little blue "i"next to isolations it says
Isolates this network from all other Virtual Networks using firewall rules on the Unifi Gateway. Devices on this network ARE ABLE to communicate with each other.
Really nice video, you are so good in explaining network stuff the way anyone can understand... Chapeau!
Great explanation of vlan concepts. What is still not clear is how a client device gets to know which vlan id it should ask for.
In case of wireless connectivity, when the client device joins an SSID, which is assigned to a particular network, which, in turn, is configured to use a particular vlan id, then the client device will be tagged with that vlan id. Is this understanding correct? Because we don't configure vlan ids on our devices, we usually join an SSID.
In the case of wired connectivity, say we plug in a device to a port, which has the default vlan and some tagged ones. Then our device will join the default vlan first. But what if we wanted that device to join a specific vlan when we plugged in? Do we have to configure the vlan id on the client device so that DHCP can assign an ip from that vlan? Or someone has to configure static ip for that client device from the desired vlan?
Very nice. Perhaps you can elaborate how you can talk across Vlans or manage an iot vlan device from your safe vlan
Mdns
Awesome video! Very well laid out to help me better understand VLANs and how to set them up on my Unifi network.
Respect and many thanks for this video. It's quite some information, but I think it covers it all. Great job!
thanks for that, helped me understand vlans and tagging in the unifi, especially the new interface, a little better
Fantastic. Future Ubiquiti user in Zambia (gotta get equipment cleared through our version of the FCC) This helped me understand tagged vs. untagged so much better.
Sir this was the perfect explanation about VLAN, grettings from Romania :)
Thank you so much for doing this video!!! If you could please do a follow up video on firewall configurations in the Unifi Environment to allow or disallow traffic through different vLan setups. For example. Needing guests to be able to print to a printer that is on the untagged lan or Allowing Lan users to be able to talk to an IOT device. Preciate You Sir! Keep up the great work!
Great video. I thought of some questions while watching, hopefully you (or someone!) can answer:
Can you disallow untagged VLAN devices on a port? I.e, require that a VLAN is configured on a device (so someone can't plug in a random device)
How do static IPs play into all this? What if you configured a device with a VLAN (or let it default) but set a static IP in the wrong subnet? (I.e, the hacker in the lobby tries to circumvent the allowed VLAN tags by setting a static IP)
Can multiple VLANs have the same subnet? What effects would that have?
yes, if you make a port tagged for VLAN x , but not untagged .. the device will have to use VLAN x otherwise it will not get an IP.
Content looks focused on enterprise. Would love to see have VLAN configured for home network to isolate networks.
Fantastic video this was the best explanation I’ve seen on VLANs
One of your best video ! thanks a lot.
Thank you for that strait forward explanation and practical examples.
I somethimes still get stuck because naming and location is sometimes different in different brands.
I'm fine configuring with an external firewall/router like pfsense, but struggled recently very hard with a Mikrotik Cloud router were i need to configure both functions in to one.
Biggest Issue I had was getting normal internet speed. The speed dropped drasticly from 900Mbps to +200Mbps due to this whten router modus was on.
Thanks! This was extremely informative. 2 questions keep haunting me:
1) Why do we trust devices to tell us which VLAN they want to be part of? A hacker could simply tag his data with any VLAN in order to exploit that VLAN. Shouldn't the router assign each device to a VLAN based on some sort of pre-determined rules that we set?
2) Why would you have different VLANs available on different switch ports? Wouldn't it be best to make all VLANs available on all ports, with the default/untagged set to the guest VLAN? That would give us ultimate flexibility and convenience, such that any device can be patched into any switch port. Once again, the router would make sure that each device is assigned to the correct VLAN, no matter which port it is connected to.
This is so comprehensive and I learned so much! I may need to watch this a few times to fully comprehend it but that is okay by me. In a mixed environment scenario where you may not know what is plugged into what, how would you go about identifying hardware? Would I use something like Nmap?
Again one of the great explaining videos 🎉. Q: Is it also possible to push a device to a VLAN by it’s MAC address? Let’s take the doctors waiting room. Here all devices normally connect to the guests network. But sometimes the doctor itself is in the waiting room and his computer should always connect to the main network. Is that possible (Unifi) ? Other questions: which devices do know / can I train to connect to a special VLAN?
Very good video. This helps me a lot when planning my VLAN supported network.
Now I have a fundamental question: Should I better create a separate VLAN yy (192.168.yy.0) for the network components (routers, switches and access points) or is it better if they remain in the default (VLAN 1: 192.168.1.0)? Are there any disadvantages other than administrative effort?
Highly informative! Easy to follow, thanks!
Great vid, very helpful in understanding vlans. Could you do a video about all the equipment one would need to create vlans that was budget friendly. I have struggled with knowing what I need, nothing I have seem to work. Google mesh router doesn't seem to allow for vlan. I bought switches but they were not layer 3 and the layer 3 I saw were super expensive.
I think a step by step and recommended equipment at various price points would be a great and helpful video. I have lost so many hours trying to figure this stuff out. Thank you
This video deserve a channel subscription.