Great tutorial! couple questions; I know this is about switches but could the switch be replaced with a router? there is still the single point of failure but if you could swap them, would there be any performance benefit? in the context of sharing one internet connection from fa00, and you actually did not want the VLANs to see / communicate withe eachother but access the same internet? ex if a router had 3 WAN ports could They be used as essentially 3 VLANs? Or WITH the ROS can it be configured so the 3 VLANs cant see each other but still share the same internet?
If your goal is to block inter-VLAN traffic, here are a few effective methods to consider: 1 - Access Control Lists (ACLs) - A straightforward way to define what can and can't communicate. 2 - Private VLANs - Ideal for creating isolated segments within a VLAN. 3 - Virtual Routing and Forwarding (VRFs) - Useful for separating network traffic paths. 4 - Zone-Based Firewalls - Adds a layer of security by controlling traffic based on zones. On the other hand, if you need to restrict intra-VLAN traffic, so devices within the same VLAN can’t communicate directly, micro-segmentation is your go-to. This is where Software-Defined Access (SDA) Fabric shines, with Catalyst Center acting as the Controller to streamline automation and provide assurance. I hope this helps clarify things!
Thanks for a clear explanation! I recommend sticking strictly to the network diagram next time, though. You were using GigabitEthernet ports in the commands all along, not FastEthernet ones. A beginner might find that confusing. Other than that, great content! :)
I totally get it. My apologies for any confusion. I was in the zone when recording this video and didn't want to go back and make any changes. However you do bring up a good point and I'll refrain from doing this in the future. Appreciate your feedback
What do you think of inverse router on a stick configurations? There are where a truck is created from the device level to conduit a common VLAN tagged ethernet cable to the switch.
You don't create a trunk on the router. On the router you simply create a sub interface for each VLAN and specify encapsulation dot1q, in addition to assigning an appropriate IP address per subnet. That's it. Hope this helps!
Terminate the ISP circuit into the router and configure appropriate routing such as static or dynamic. Also if it's an Internet circuit make sure you have a FW connect to the WAN router. Hope this helps!
Great tutorial! couple questions; I know this is about switches but could the switch be replaced with a router? there is still the single point of failure but if you could swap them, would there be any performance benefit?
in the context of sharing one internet connection from fa00, and you actually did not want the VLANs to see / communicate withe eachother but access the same internet? ex if a router had 3 WAN ports could They be used as essentially 3 VLANs?
Or WITH the ROS can it be configured so the 3 VLANs cant see each other but still share the same internet?
If your goal is to block inter-VLAN traffic, here are a few effective methods to consider:
1 - Access Control Lists (ACLs) - A straightforward way to define what can and can't communicate.
2 - Private VLANs - Ideal for creating isolated segments within a VLAN.
3 - Virtual Routing and Forwarding (VRFs) - Useful for separating network traffic paths.
4 - Zone-Based Firewalls - Adds a layer of security by controlling traffic based on zones.
On the other hand, if you need to restrict intra-VLAN traffic, so devices within the same VLAN can’t communicate directly, micro-segmentation is your go-to. This is where Software-Defined Access (SDA) Fabric shines, with Catalyst Center acting as the Controller to streamline automation and provide assurance.
I hope this helps clarify things!
Thanks for a clear explanation! I recommend sticking strictly to the network diagram next time, though. You were using GigabitEthernet ports in the commands all along, not FastEthernet ones. A beginner might find that confusing. Other than that, great content! :)
I totally get it. My apologies for any confusion. I was in the zone when recording this video and didn't want to go back and make any changes. However you do bring up a good point and I'll refrain from doing this in the future. Appreciate your feedback
Excellent nugget on router on a stick. Love it🔥🔥🔥
Appreciate it ✊
What do you think of inverse router on a stick configurations? There are where a truck is created from the device level to conduit a common VLAN tagged ethernet cable to the switch.
do you not have to, on router end assign the switchport g0/0/0 as a trunk ?
You don't create a trunk on the router. On the router you simply create a sub interface for each VLAN and specify encapsulation dot1q, in addition to assigning an appropriate IP address per subnet. That's it. Hope this helps!
@@NajQazi thanks.
Makes sense.
hello sir how do i connect the isp in router on stcik
Terminate the ISP circuit into the router and configure appropriate routing such as static or dynamic. Also if it's an Internet circuit make sure you have a FW connect to the WAN router. Hope this helps!