ไม่สามารถเล่นวิดีโอนี้
ขออภัยในความไม่สะดวก
Learn vLANs, Subnets, and NAT to Improve Your Network Security
ฝัง
- เผยแพร่เมื่อ 15 ส.ค. 2024
- In the latest episode in the Homelab Series I'm discussing vLANs, Subnets, and NAT. I explain in basic terms what they are, why you might want to use them, and how to configure them within your homelab.
This video covers definitions, network diagrams, hardware setup, and technical configuration of Sophos XG firewall, and Netgear switches.
Netgear Switch: amzn.to/3PBb3Qz
Discord: / discord
00:00 Introduction and recap
00:43 Understanding basics, Static IPs
01:32 NAT
03:18 Subnets
04:10 ARP
07:55 vLANs
09:24 Sophos XG Configuration
10:14 Enable DHCP
13:10 Add Static IP
15:25 Create a Host
17:00 Create a vLAN in Sophos XG
21:00 Additional Configuration in Proxmox
25:45 How to Configure vLANs on a Netgear Switch
Thanks for the great content. I've been following along diligently, but started running into issues. ie. when I enabled DHCP I lost access to the admin panel; ie2. when I tried assigning static IPs, the proxmox machine would not accept it and was left out of the IP range; ie3. after solving the former, some devices still don't have internet access while others do. It would be great to do a troubleshooting guide, not particularly about any 1 issues, but about how to troubleshoot issues. Also, like you mentioned, when things break the whole family is w/o internet, what recommendations would would you have to isolate the 'test environment' while you are finetuning the setup. It seems like it's all in or all out. All the best and looking forward to the next video, hopefully network is back on its feet by then LOL
Glad to hear that you have some of the devices connected to the internet, that's a good thing, it means the issue is likely DHCP related. I.E., existing devices on the network aren't being assigned a new IP. Usually you can fix it by rebooting those devices.
Good suggestion for a troubleshooting video, I'll try to collate some common issues. The firewall is probably the most impactful item for your homelab in terms of it breaking connections when something is wrong. The good news is that it's effectively "set and forget", once you have a working config...
Try the above in first paragraph and let me know how it goes. The fact that some devices have internet shows you're doing it right 👍
It might be worth checking the DNS settings on the devices as well. They might have "internet" access (i.e., you could ping 1.1.1.1), but you cannot resolve DNS (i.e. google.com won't work).
@@Jims-Garage thanks Jim! I didn’t get notifications for the responses so late to the party. It turns out I was missing some theory. A friend took a look and those devices had an ip configured manually and was out of the dhcp pool. The missing concept was thinking devices would request that up from the dhcp server, and rather it seems like they just “trust” they have it and don’t communicate with the dhcp server at all. Conceptual error but easy fix. Thanks for the advice!!
@@lockharj glad you fixed it. Yes, a manual IP will ignore DHCP.
Hi Jim, I'm new to the channel (found when I had issues with my Immich install) and as a "beginner to low-intermediate" homelabber, your series is awesome! Great work! Your concepts are well explained, giving enough info to lead me to study up more on my own, whilst giving enough to understand what you're on about. Keep them coming!
Thanks, really appreciate your feedback.
Thank you, Very informative and detailed, Great as all other videos,
Thanks, the camera quality improves soon you'll be pleased to know 😂
Will be a good one. I still need to work out vLANs as years ago when I attempted on my home Vigor Router, I vLANed myself out of the router.
Thanks, hopefully it demystifies some of the concepts , gives you a basic setup, and provides some pointers for where to expand your knowledge.
Thank you @Jim this 25:40 helped me a lot!
I bought an used intel x710 and it has the same issue with the number of vlans
Thanks again and happy holidays to you and family!
Ciao Roberto
Thanks, Roberto. Same to you!
I only know about the high availability and fail over as we have that setup at work and had an issue the other day with it. Had to reboot primary sonicwall which then failed over to the secondary.
It's great to have for the Homelab, means I can segment my lab and not interfere with the family's web usage. I tend to break stuff whilst tinkering...
It's also surprisingly easy to accomplish once you've already done one virtual setup.
Stupid question here , but to implement a vlan in your homelab network is a Layer 2 or 3 a prerequsite ? Or can it be done in Opnsense or Sophos FW ?
Hi Jim great video as usual I'm trying to wrap my head around the assignment of vlans. I think i get it but are you saying that if you tag the vlan in proxmox then i dont need to do anything in the switch vlan settings (unless i want to dedicate a single port on it to a specific vlan (e.g. an access point - in which case ill need to understand tp links confusing interface) but all vms because theyre tagged from proxmox will go through the switch up to the firewall without my having to config the managed switch (seems to easy to be true!)
@@BenSmithuk essentially the port is tagged or untagged to a vLAN (you can have many vLANs on a port). If it's untagged the switch will add the tag, if it's tagged the switch expects the VM/hypervisor/firewall to have already tagged it.
@@Jims-Garage oh man I don't get why but I've watched countless videos and that sentence has made it click for me. Thanks again Jim!
Hi Jim, after all the fear of making the switch, I jumped into the void and connected up opnsense to my existing setup. I was surprised though as I made proxmox vlan aware and changed the VLAN tag on proxmox for the VM, the VM adotped the IP address set in Opnsense - I assume that I still need to tag the ports on the managed switched to ensure it all plays nicely?
Can sophos be tried for free? On a virtual machine somehow? Or do they only have hardware solutions?
Yes, Sophos UTM and Sophos XG are free for home users.