Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:00,356 --> 00:00:03,136 >> Jeremy: You ever have one of those stories that never get old? 2 00:00:03,256 --> 00:00:06,246 Like you can tell it to 50 people and the 51st person it's just 3 00:00:06,246 --> 00:00:07,496 as good of a story when you tell it. 4 00:00:07,816 --> 00:00:12,686 Like I had a cat back in the day that I didn't want to jump over the wall. 5 00:00:12,896 --> 00:00:17,276 And my roommate -- this is like 15 years ago -- my roommate at the time thought, 6 00:00:17,276 --> 00:00:19,236 well, I've got this brilliant idea. 7 00:00:19,236 --> 00:00:24,266 Let's tie a hammer around the cat, you know, with a little rope. 8 00:00:24,266 --> 00:00:30,546 You know, not tight, you know, it wasn't, like, choking the cat yet, but just tie a hammer, 9 00:00:30,546 --> 00:00:33,646 because then it would weigh too much and it wouldn't be able to jump over the wall. 10 00:00:33,646 --> 00:00:34,346 Or so we thought. 11 00:00:34,476 --> 00:00:39,446 Now I'll save you the rest of the details, but it involved holes in walls, broken glass. 12 00:00:39,446 --> 00:00:44,066 It was, at the time, horrific, but now one of the funniest stories. 13 00:00:44,066 --> 00:00:44,756 VLANs are that way. 14 00:00:45,396 --> 00:00:49,186 VLANs are one of those concepts that once you get it, it never gets old. 15 00:00:49,186 --> 00:00:52,476 For me to explain VLANs, I'm like, oooh-oooh-oooh, really? 16 00:00:52,696 --> 00:00:56,216 And I hope that by the time you get them, you're going to be like, oh, man, 17 00:00:56,216 --> 00:00:59,306 I want to tell my friends what VLANs make possible. 18 00:00:59,536 --> 00:01:03,756 Take core switching, switching fundamentals, and put them in a box, it's done. 19 00:01:04,066 --> 00:01:08,196 We're now going to talk about how we can enhance our network using VLANs. 20 00:01:08,196 --> 00:01:12,526 We'll look at how normal switching happens, and then compare it to what happens 21 00:01:12,526 --> 00:01:16,796 when we add VLANs into the mix, and then what scenarios they make possible. 22 00:01:17,246 --> 00:01:20,816 So before we talk about how VLANs enhance the network, 23 00:01:20,816 --> 00:01:23,516 let's review what the foundation is that we're working with. 24 00:01:23,726 --> 00:01:27,126 When you have a normal switch -- any switch is this way -- 25 00:01:27,636 --> 00:01:29,726 you will have multiple collision domains. 26 00:01:29,726 --> 00:01:32,806 And you remember, collision domains mean how many people can send 27 00:01:33,036 --> 00:01:34,266 and receive at the same time. 28 00:01:34,266 --> 00:01:38,866 If we're using full duplex, which we are, which is equal to the number of ports on that switch. 29 00:01:38,866 --> 00:01:42,006 So if I have a switch with -- well, what is this, one, two, 30 00:01:42,006 --> 00:01:44,086 three, four, five, six -- six ports. 31 00:01:44,176 --> 00:01:45,676 I have six collision domains. 32 00:01:45,906 --> 00:01:47,126 That's normal. 33 00:01:47,416 --> 00:01:52,976 It's one broadcast domain, which really means how far does a broadcast go before it's stopped? 34 00:01:52,976 --> 00:01:54,366 And in a switch, it's one. 35 00:01:54,366 --> 00:01:57,416 The whole switch to where when somebody sends a broadcast, 36 00:01:57,506 --> 00:02:01,266 it will go out all active ports except the one that sent it. 37 00:02:01,266 --> 00:02:03,156 It's not just going to send the broadcast back to you. 38 00:02:03,376 --> 00:02:06,616 It'll go out all active ports and everybody receives it. 39 00:02:06,616 --> 00:02:08,376 So it's considered one broadcast domain. 40 00:02:08,376 --> 00:02:12,006 No matter how big that is, if you link another switch and another switch, 41 00:02:12,006 --> 00:02:15,516 it's still one broadcast domain, because one broadcast will go here, 42 00:02:15,626 --> 00:02:17,566 here, go out all ports, here, out. 43 00:02:17,566 --> 00:02:22,156 And that's one of the big scalability issues that we have is the more we grow this thing, 44 00:02:22,356 --> 00:02:24,356 the more broadcast starts weighing us down. 45 00:02:25,046 --> 00:02:28,266 Also, a switch equals a network, or a subnet. 46 00:02:28,266 --> 00:02:31,556 Essentially, when we have one switch before we hit a router, 47 00:02:31,556 --> 00:02:35,336 let's say over here is our router, this defines the network. 48 00:02:35,336 --> 00:02:44,676 This is all one network, one subnet, you know, everybody on here -- if this is 192.168.1.0/24, 49 00:02:44,676 --> 00:02:51,636 so everybody's IP address begins with 192.168.1, this one might be 50, this one might be 60, 61, 50 00:02:51,756 --> 00:02:53,726 or 51, whatever my pen writes, you know. 51 00:02:53,726 --> 00:02:58,386 They're all one network, but also now, they're all one failure domain. 52 00:02:58,846 --> 00:03:06,676 So if something really bad happens where this guy starts, you know, sending a broadcast storm, 53 00:03:06,676 --> 00:03:10,406 you know, to where -- and that happens -- where this guy just starts going berserk. 54 00:03:10,406 --> 00:03:12,946 His network card is going crazy, you know. 55 00:03:12,946 --> 00:03:16,856 This whole network can be impacted, because it is all one network. 56 00:03:16,856 --> 00:03:19,456 And we have completely limited security. 57 00:03:19,516 --> 00:03:25,896 Because usually, Layer 2, which is what switches work at, is not a secure zone. 58 00:03:26,056 --> 00:03:30,456 Like if I'm plugged into a port, I'm assuming the port next to me is trusted, 59 00:03:30,996 --> 00:03:36,036 and there's limited, very limited security that I can put between those ports. 60 00:03:36,196 --> 00:03:39,906 So if this guy is a malicious user that happened to plug into my network, 61 00:03:40,156 --> 00:03:42,796 he pretty much has full access to that device. 62 00:03:42,796 --> 00:03:47,726 And we rely on maybe firewalls on that device to try and protect them, 63 00:03:47,726 --> 00:03:51,776 but usually in corporations, firewalls on the PCs are limited, 64 00:03:51,776 --> 00:03:54,676 because they assume the corporate network is trusted. 65 00:03:55,916 --> 00:03:57,806 So now let's talk about VLANs. 66 00:03:57,806 --> 00:04:01,526 How do VLANs enhance our normal switch operations? 67 00:04:02,076 --> 00:04:03,346 Well, let's start off up here. 68 00:04:03,346 --> 00:04:08,396 I like using colors to represent VLANs, because it's just more visual, easier to see. 69 00:04:08,396 --> 00:04:11,746 So let's say that we create two different VLANs. 70 00:04:11,746 --> 00:04:17,516 We'll call it the blue VLAN, which colors is what I use as kind of a descriptor, but really, 71 00:04:17,516 --> 00:04:19,106 VLANs are represented by numbers. 72 00:04:19,106 --> 00:04:21,936 So let's just say the blue VLAN is VLAN 10, right? 73 00:04:21,936 --> 00:04:27,456 And then we also come up with a red VLAN, and the red VLAN is VLAN 20. 74 00:04:27,456 --> 00:04:32,946 VLAN numbers can range from 1 to 4,096, so you can have just a ton 75 00:04:32,946 --> 00:04:34,826 of different VLANs that are available to you. 76 00:04:34,976 --> 00:04:38,886 So when I split my network up into VLANs. 77 00:04:38,886 --> 00:04:40,536 Like let's just look at this switch right here. 78 00:04:40,906 --> 00:04:42,666 I say these ports are blue. 79 00:04:42,666 --> 00:04:43,366 This port is blue. 80 00:04:43,586 --> 00:04:45,696 If you could kind of get the mental image. 81 00:04:45,696 --> 00:04:49,426 If we're comparing it to the red ports, right there, get the mental image in your head 82 00:04:49,426 --> 00:04:54,686 that says it's as if you could take that switch over your knee and you do kind of one 83 00:04:54,686 --> 00:04:58,646 of those ahhh chop, Judo chop that thing into two different pieces. 84 00:04:58,646 --> 00:05:02,706 And we took all of these blue ports and they kind of snapped off and became their own switch, 85 00:05:02,836 --> 00:05:05,896 and all of these red ports, and they snapped off and became their own switch. 86 00:05:06,246 --> 00:05:08,916 Logically, that's what VLANs do. 87 00:05:09,666 --> 00:05:16,986 It separates our groups of users, or our devices that are attached to the network 88 00:05:16,986 --> 00:05:19,606 into completely separate networks. 89 00:05:19,606 --> 00:05:21,406 It segments the broadcast domains. 90 00:05:21,406 --> 00:05:25,756 So if the blue computer sends a broadcast, it only comes out the blue ports. 91 00:05:25,926 --> 00:05:27,806 Now, let me go beyond this. 92 00:05:27,806 --> 00:05:31,596 It can even transcend switches to where these blue ports get the broadcast 93 00:05:31,596 --> 00:05:33,046 and these blue -- oh, he's down there. 94 00:05:33,266 --> 00:05:34,866 These blue ports get the broadcast. 95 00:05:34,866 --> 00:05:36,186 So it comes out all those ports. 96 00:05:36,186 --> 00:05:40,636 And if the red guy sends a broadcast, only the red ports get the broadcast. 97 00:05:40,636 --> 00:05:42,266 So it kind of segments that. 98 00:05:42,266 --> 00:05:49,716 We get a subnet correlation to where when we split into VLANs, we split our IP subnets. 99 00:05:49,716 --> 00:05:51,556 Now this is a big concept to catch. 100 00:05:52,186 --> 00:05:54,736 The blue VLAN is now a new network. 101 00:05:55,146 --> 00:06:00,936 So it is identified now at Layer 3 at our IP addressing layer 102 00:06:01,196 --> 00:06:02,666 as a completely different network. 103 00:06:02,666 --> 00:06:10,456 So maybe before we did VLAN, like I showed on the last slide, everybody was 192.168.1.0, 104 00:06:10,456 --> 00:06:15,846 but now I say, OK, well the blue VLAN, well maybe the blue VLAN stays 192.168.1.0/24. 105 00:06:15,846 --> 00:06:19,986 Now remember, with slash-24, that means this, this and this represent the network. 106 00:06:20,096 --> 00:06:24,296 It's the same thing as saying 255, 255, 255, 0. 107 00:06:24,296 --> 00:06:26,486 And IP addressing is coming up, don't worry. 108 00:06:26,556 --> 00:06:28,446 So we say slash-24. 109 00:06:28,696 --> 00:06:35,906 But then the red VLAN is going to be 192.168.2.0/24. 110 00:06:36,166 --> 00:06:36,906 It has to be. 111 00:06:36,906 --> 00:06:39,036 It's a completely different subnet. 112 00:06:39,036 --> 00:06:40,086 Different network. 113 00:06:40,326 --> 00:06:43,836 So these guys are now in a completely different zone than these guys. 114 00:06:44,106 --> 00:06:46,146 They are completely segmented. 115 00:06:46,476 --> 00:06:54,166 That gives us a full level of access control, to where I can say, OK, blue cannot access red, 116 00:06:54,836 --> 00:06:58,866 but, you know, and when we get into moving data between VLANs, I can say, well, 117 00:06:59,076 --> 00:07:02,036 the red can access blue, but maybe only these devices. 118 00:07:02,326 --> 00:07:07,206 Whereas when we're at Layer 2, meaning we don't have VLANs, everything's connected 119 00:07:07,206 --> 00:07:11,306 to a normal switch, as I mentioned, it's very difficult to try and pull a stunt like that. 120 00:07:11,636 --> 00:07:20,606 VLANs also help with quality of service, because it's way easy to say the red VLAN has priority. 121 00:07:21,216 --> 00:07:24,446 Totally easy configuration and quality of service. 122 00:07:24,446 --> 00:07:29,276 Whereas if everybody is a member of the same VLAN, it's a normal switch like we saw 123 00:07:29,276 --> 00:07:33,526 on the last slide, it's very difficult, it can be very difficult to say, well, 124 00:07:33,526 --> 00:07:37,016 you get quality of service, but you guys don't. 125 00:07:37,016 --> 00:07:42,686 So you, now quality of service, I should stop assuming everybody's like, well, what's that? 126 00:07:42,846 --> 00:07:45,676 Quality of service says you're more important than somebody else. 127 00:07:46,796 --> 00:07:48,116 That's not very nice. 128 00:07:48,226 --> 00:07:50,956 Well, it kind of is, depending on what you're talking about. 129 00:07:51,056 --> 00:07:53,946 Maybe the blue guys are people that surf the web all day. 130 00:07:54,576 --> 00:07:56,956 Yeah, you hire those kind of people, right? 131 00:07:56,956 --> 00:07:59,336 Or the blue guys are normal day-to-day users, 132 00:07:59,336 --> 00:08:02,456 whereas the red guys, those are your executive team. 133 00:08:02,656 --> 00:08:05,736 Or even better yet, those are your IP phones. 134 00:08:06,426 --> 00:08:11,406 And we always want our IP phones, our voice-over IP traffic to have priority over the blue. 135 00:08:11,646 --> 00:08:17,126 Very difficult if the IP phones are in the same network as the blue guys. 136 00:08:17,336 --> 00:08:20,176 To really say, OK, well -- because they're the same network. 137 00:08:20,176 --> 00:08:21,526 It's hard to identify them. 138 00:08:21,696 --> 00:08:24,696 Whereas if I have a completely different network, I can say, well, 139 00:08:24,946 --> 00:08:26,866 simple enough, prioritize the red guys. 140 00:08:27,386 --> 00:08:32,306 And the switch is really easy to identify that and the routers can really easy identify that, 141 00:08:32,446 --> 00:08:33,936 because they're on completely separate networks. 142 00:08:33,936 --> 00:08:35,246 So this is good. 143 00:08:35,386 --> 00:08:37,866 Now let me ask you a question. 144 00:08:38,606 --> 00:08:39,446 Let me do this. 145 00:08:39,946 --> 00:08:44,146 No. I'm just going to drag this off. 146 00:08:45,576 --> 00:08:51,996 Gone. OK, so if the blue guys send a broadcast, and as I mentioned it comes 147 00:08:51,996 --> 00:08:56,446 out all the blue ports, and even down here, and the red guys send a broadcast and it comes 148 00:08:56,446 --> 00:09:01,096 out all the red ports, even down here, then here's my -- I'm going purple on you. 149 00:09:02,256 --> 00:09:03,506 What VLAN does that belong to? 150 00:09:04,096 --> 00:09:06,926 What VLAN does that, and that, and that. 151 00:09:06,926 --> 00:09:09,666 I notice they're kind of a white port. 152 00:09:09,896 --> 00:09:10,836 What VLAN are they in? 153 00:09:11,986 --> 00:09:17,096 The right answer is all of them, because Cisco calls those trunks. 154 00:09:17,436 --> 00:09:18,516 A trunk port. 155 00:09:18,756 --> 00:09:22,796 A trunk port, and by the way, trunk is a Cisco term. 156 00:09:23,136 --> 00:09:26,666 Trunk carries all VLANs all the time. 157 00:09:27,146 --> 00:09:32,686 So -- well, put a little asterisk by "all the time." 158 00:09:32,686 --> 00:09:34,016 Because we can restrict that. 159 00:09:34,016 --> 00:09:37,716 But a trunk, you know, when I set up a trunk, it will automatically, 160 00:09:37,716 --> 00:09:40,196 from the minute I configure it, carry the red VLAN, 161 00:09:40,196 --> 00:09:42,926 I think we said that was VLAN 20, and the blue VLAN. 162 00:09:43,256 --> 00:09:44,396 Red VLAN and the blue VLAN. 163 00:09:44,546 --> 00:09:49,616 So usually, I mean, if these are all 100 megabits per second ports, usually you'd want 164 00:09:49,616 --> 00:09:51,706 that guy to be maybe 1000 megabits per second. 165 00:09:52,056 --> 00:09:54,886 Those are your bottlenecks, because they're carrying a lot of traffic. 166 00:09:54,886 --> 00:09:56,966 They have a lot of work to do. 167 00:09:57,246 --> 00:10:01,846 Now I just said that trunk is a Cisco word. 168 00:10:02,266 --> 00:10:04,866 Only Cisco uses that word. 169 00:10:05,116 --> 00:10:08,796 Other vendors use the term tagged port. 170 00:10:09,326 --> 00:10:15,866 I hear that all the time, and a 3Com switch, or 3Com got bought by HP, 171 00:10:15,866 --> 00:10:18,236 so HP switches, Juniper switches. 172 00:10:18,236 --> 00:10:21,066 Everybody else uses the term tagged. 173 00:10:21,826 --> 00:10:25,636 And I have to admit, I kind of like that word a little better. 174 00:10:25,856 --> 00:10:28,216 A trunk is -- you're kind of like, OK? 175 00:10:28,556 --> 00:10:29,036 What's that? 176 00:10:29,036 --> 00:10:30,446 We have to assign a definition to it. 177 00:10:30,676 --> 00:10:34,836 But a tagged port really identifies what it is. 178 00:10:34,836 --> 00:10:39,596 Because when a frame comes into the switch -- now, let me tell you this. 179 00:10:39,596 --> 00:10:43,066 A computer has no idea what a VLAN even is. 180 00:10:43,846 --> 00:10:45,606 It doesn't know that it's part of a VLAN. 181 00:10:45,726 --> 00:10:50,836 All it knows is it's got an IP address and when it sends stuff, it communicates. 182 00:10:50,836 --> 00:10:51,996 You know, things ping back. 183 00:10:51,996 --> 00:10:53,346 It can communicate. 184 00:10:53,396 --> 00:10:55,766 So a computer has no idea what VLAN it's on. 185 00:10:55,766 --> 00:11:00,796 So when it sends a frame into the switch, and the switch says, OK, you're on the blue VLAN, 186 00:11:00,946 --> 00:11:04,396 what it will do before it ever sends it to another switch is take 187 00:11:04,396 --> 00:11:07,306 that data -- so let me give a scenario. 188 00:11:07,306 --> 00:11:13,536 Let's say that this guy up here, 192.168.1.50 pings this guy 189 00:11:13,536 --> 00:11:16,846 down here, who's 192.168.1.51, right? 190 00:11:16,956 --> 00:11:18,696 So I have a ping message that's sent. 191 00:11:18,696 --> 00:11:22,826 So it sends that ping into the switch, the switch realizes because it looks 192 00:11:22,826 --> 00:11:28,296 at the Mac address in the header, and it goes, oh, well, that Mac address is out this port, 193 00:11:28,296 --> 00:11:30,616 and down this port, and I'm going to get it to that guy. 194 00:11:30,686 --> 00:11:32,546 So it looks at the Mac address to figure that out. 195 00:11:32,726 --> 00:11:37,266 Well, it needs to let this switch know what VLAN it's on. 196 00:11:37,576 --> 00:11:40,456 And this switch needs to let this switch know what VLAN it's on. 197 00:11:40,456 --> 00:11:46,226 So when the switch sends this frame out a tagged port, it does just that. 198 00:11:46,656 --> 00:11:52,106 It puts a little tag in the header that says this belongs to VLAN 10. 199 00:11:52,376 --> 00:11:57,036 I don't know why I always think of this when I describe 200 00:11:57,036 --> 00:12:00,696 that tagging process, but have you ever gotten shims? 201 00:12:01,856 --> 00:12:02,326 What's that? 202 00:12:02,476 --> 00:12:07,086 You go to Home Depot and, you know, you've got the refrigerator that's not quit level 203 00:12:07,086 --> 00:12:09,206 and it kind of rocks back and forth? 204 00:12:09,206 --> 00:12:10,706 You just go to Home Depot, grab a shim. 205 00:12:10,936 --> 00:12:16,626 They're like these little triangle pieces of wood that you buy a whole pack of them, 206 00:12:16,626 --> 00:12:18,186 because everything in my house is not level. 207 00:12:18,186 --> 00:12:21,346 Like my chair wiggles back and forth, my desk wiggles. 208 00:12:21,346 --> 00:12:25,736 So you go in my house, and like shims -- I've got them in my back pocket all the time. 209 00:12:25,736 --> 00:12:27,996 Everything's got a shim under it to make it level. 210 00:12:27,996 --> 00:12:30,386 I think of that when I think of this little tag. 211 00:12:30,706 --> 00:12:36,426 It's like putting a little shim, chunk, in the header of that packet, so that when it comes 212 00:12:36,426 --> 00:12:39,456 down here -- like, for instance, maybe it's not a ping, maybe it's a broadcast. 213 00:12:40,706 --> 00:12:44,516 And when that broadcast comes down to that switch, it has to know, OK, 214 00:12:44,516 --> 00:12:46,406 only these ports get that broadcast. 215 00:12:46,406 --> 00:12:47,486 Well, how's it going to know that? 216 00:12:47,626 --> 00:12:49,046 Well, it's looking at the shim. 217 00:12:49,226 --> 00:12:54,306 It's looking at the tag that was put in the packet header and it goes, oh, you're VLAN 10. 218 00:12:54,376 --> 00:12:56,826 OK, all these ports are in VLAN 10, so they're going to get it. 219 00:12:56,886 --> 00:12:59,096 And when it comes down here, he's looking at the shim. 220 00:12:59,096 --> 00:13:02,636 He's looking at the little tag saying, oh, VLAN 10, only these ports get it. 221 00:13:02,636 --> 00:13:04,656 So the switches are able to make intelligent decisions. 222 00:13:04,656 --> 00:13:12,226 Now I told you that a computer has no idea what a VLAN is, so you better believe before 223 00:13:12,226 --> 00:13:17,616 that switch sends that ping or that broadcast to that computer, it actually yanks the shim out. 224 00:13:17,856 --> 00:13:22,366 It's like, OK, well, if I send you a packet, or frame, that has a shim in the header, 225 00:13:22,526 --> 00:13:23,886 you're going to go, what is this? 226 00:13:24,046 --> 00:13:24,516 All right? 227 00:13:24,516 --> 00:13:26,456 This must be a messed up packet. 228 00:13:26,456 --> 00:13:27,226 I'm going to drop it. 229 00:13:27,226 --> 00:13:29,926 So this is a switch-to-switch thing. 230 00:13:29,926 --> 00:13:31,226 This little tagged port. 231 00:13:31,226 --> 00:13:35,876 So what Cisco calls trunk, everybody else calls tag because it's really what's happening, 232 00:13:35,876 --> 00:13:39,426 is it's putting these little labels on the header. 233 00:13:39,426 --> 00:13:41,026 OK, last thing I want to discuss 234 00:13:41,026 --> 00:13:45,146 in this conceptual VLAN nugget is what do you do with them? 235 00:13:45,146 --> 00:13:48,706 I mean, getting the concept, like the last slide is good, where you're like, OK, 236 00:13:48,706 --> 00:13:50,766 I can separate the blue and the red. 237 00:13:50,766 --> 00:13:51,376 I get that. 238 00:13:51,376 --> 00:13:53,146 So it's more secure and all that. 239 00:13:53,356 --> 00:13:55,216 But give me something practical, Jeremy. 240 00:13:55,216 --> 00:13:56,096 What do people do? 241 00:13:56,096 --> 00:13:59,306 Well, I would say this, by far, is not a cumulative list, 242 00:13:59,306 --> 00:14:02,576 but I would say probably the most common things people do with VLANs are right here. 243 00:14:02,996 --> 00:14:04,246 Lower right, let's start there. 244 00:14:04,246 --> 00:14:05,886 Like type segmentation. 245 00:14:05,996 --> 00:14:08,056 Almost everybody does this. 246 00:14:08,056 --> 00:14:11,206 Grouping things together that are of the same kind. 247 00:14:11,666 --> 00:14:13,266 I mean, it helps with security. 248 00:14:13,266 --> 00:14:15,626 Like, for instance, let's say OK, all the servers are over there. 249 00:14:15,806 --> 00:14:18,536 All of the accounting users are over there. 250 00:14:18,536 --> 00:14:21,146 You know, you kind of group -- it's good for security, 251 00:14:21,146 --> 00:14:24,896 but also it just makes sense as your network grows. 252 00:14:25,306 --> 00:14:29,986 As your network grows, it does get more and more inefficient if it's one big network, 253 00:14:29,986 --> 00:14:33,266 because remember, broadcasts start accumulating up. 254 00:14:33,266 --> 00:14:36,326 You get more and more of them, things have to process those broadcasts 255 00:14:36,326 --> 00:14:38,526 and things just get slower and slower and slower and less efficient. 256 00:14:38,526 --> 00:14:43,816 So what most people will do is start grouping together, this is where it starts. 257 00:14:43,816 --> 00:14:47,106 Grouping together common departments or common things. 258 00:14:47,106 --> 00:14:48,226 I'll give you an example. 259 00:14:48,606 --> 00:14:54,156 One of the most bizarre networks I walked into, I'm trying to think of how to explain this 260 00:14:54,156 --> 00:14:56,386 without revealing exactly what it was. 261 00:14:56,386 --> 00:15:00,426 In Arizona, we have -- I can't. 262 00:15:00,616 --> 00:15:03,256 We have separate governments. 263 00:15:03,326 --> 00:15:06,996 So we have the United States of America and then there are groups 264 00:15:06,996 --> 00:15:10,296 where they have their own government within Arizona. 265 00:15:10,296 --> 00:15:15,256 So I was actually brought out to consult on one of these little sub-area networks 266 00:15:15,256 --> 00:15:22,346 and literally I walked in and the government building, you know, it's a small little area, 267 00:15:22,586 --> 00:15:27,956 the government building, the police department, the school, the school library and -- 268 00:15:28,326 --> 00:15:33,676 there was one other thing -- oh, a water treatment plant 269 00:15:33,676 --> 00:15:37,556 for waste treatment, all of it was one network. 270 00:15:37,556 --> 00:15:40,826 So let me give you the paradigm that I walked into. 271 00:15:41,176 --> 00:15:46,236 I could go to a library computer and ping and actually try 272 00:15:46,236 --> 00:15:49,616 to access a computer in the police department. 273 00:15:50,226 --> 00:15:53,346 I'm pausing just to let that soak in. 274 00:15:53,596 --> 00:15:55,346 That's the kind of network I walked in on. 275 00:15:55,346 --> 00:15:57,166 And I saw that and I was like, wow. 276 00:15:57,166 --> 00:16:02,446 You know, I'm trying to think of, like, how do I convey just how scary that is? 277 00:16:02,566 --> 00:16:04,096 And I'm like, that's scary. 278 00:16:04,096 --> 00:16:06,726 There's nothing else that could come out of my mouth. 279 00:16:06,726 --> 00:16:10,576 And that was the first thing that we did is go into the like type segmentation, I mean, 280 00:16:10,576 --> 00:16:14,396 this was kind of the network type where we have the government building, and then over here, 281 00:16:14,396 --> 00:16:17,926 maybe Building B is the police department, over here is the library, 282 00:16:17,926 --> 00:16:18,686 you know, all this kind of stuff. 283 00:16:18,686 --> 00:16:22,106 They were all connected with fiber optic cable in between them, 284 00:16:22,276 --> 00:16:23,726 and that was the first thing that we did. 285 00:16:23,726 --> 00:16:26,846 We said -- OK, now ignore all this stuff for now. 286 00:16:27,096 --> 00:16:30,086 But we said, OK, Building A, that's VLAN 10. 287 00:16:30,526 --> 00:16:32,996 Building B, that's VLAN 20. 288 00:16:32,996 --> 00:16:37,116 So immediately I'm putting up security boundaries and making it more efficient 289 00:16:37,366 --> 00:16:42,346 because now broadcasts in the police department don't come over to the library, 290 00:16:42,346 --> 00:16:44,796 don't go over to the government building, and all that kind of stuff. 291 00:16:44,796 --> 00:16:46,186 It's like type segmentation. 292 00:16:46,186 --> 00:16:49,406 And it just kind of feels good. 293 00:16:49,406 --> 00:16:52,876 I don't know how else to say it. 294 00:16:52,876 --> 00:16:56,896 You know, my wife homeschools all of our -- we have 4 kids right now -- 295 00:16:57,196 --> 00:17:00,396 and one of the first things that she starts doing is putting 296 00:17:00,396 --> 00:17:04,816 like we get all these little colored balls, right, and red ones and blue ones, 297 00:17:04,816 --> 00:17:07,346 and she kind of mixes them up and the kids are like, eww. 298 00:17:07,346 --> 00:17:08,926 It doesn't feel good. 299 00:17:08,926 --> 00:17:11,526 There's blue balls with the red balls and the green balls. 300 00:17:11,526 --> 00:17:14,366 And the first task they have to do is like put them all in order. 301 00:17:14,426 --> 00:17:17,536 It's kind of like put all the green balls with the green balls, the red -- 302 00:17:17,536 --> 00:17:20,796 and you get done and you just look at the kid and they just glow. 303 00:17:20,906 --> 00:17:22,446 They're like, look what I've done. 304 00:17:22,636 --> 00:17:24,536 It feels good to look at. 305 00:17:24,536 --> 00:17:28,056 And I know it sounds funny to make that comparison here. 306 00:17:28,416 --> 00:17:29,596 That's what you'll feel like. 307 00:17:29,736 --> 00:17:31,156 You're like, look what I've done. 308 00:17:31,356 --> 00:17:34,796 The police department is all in their own little spot. 309 00:17:35,296 --> 00:17:36,326 They don't go anywhere. 310 00:17:36,326 --> 00:17:40,836 It makes sense to you and it just feels logical. 311 00:17:40,836 --> 00:17:42,406 OK, server virtualization. 312 00:17:42,536 --> 00:17:44,646 Let me jump over there. 313 00:17:44,676 --> 00:17:49,306 You know, when I'm talking about VLANs, like I said, there are a huge amount of things 314 00:17:49,546 --> 00:17:53,066 that I could give you, but a lot of it crossed the technology lines. 315 00:17:53,366 --> 00:17:57,916 And that's why putting practical examples is sometimes difficult 316 00:17:57,916 --> 00:18:00,666 because I know sometimes I may explain something and be like, 317 00:18:00,666 --> 00:18:02,906 I have no idea what server virtualization is. 318 00:18:02,906 --> 00:18:04,456 So let me give you the fly-by view. 319 00:18:04,786 --> 00:18:08,026 Servers have become bigger, bigger, bigger, better, faster all the time. 320 00:18:08,286 --> 00:18:09,356 That's just the way of things. 321 00:18:09,596 --> 00:18:13,646 And what somebody realized a long time ago is, you know what? 322 00:18:13,906 --> 00:18:17,916 Most of the time a server, you know, physically, is just sitting there. 323 00:18:18,126 --> 00:18:21,846 I mean you look at its -- you know, if you're looking at it like a utilization graph, 324 00:18:21,846 --> 00:18:24,776 it's processor is like [computer sounds]. 325 00:18:24,776 --> 00:18:29,926 Because it just sits there and gives people files. 326 00:18:29,926 --> 00:18:30,516 I mean, that's what it does. 327 00:18:30,516 --> 00:18:33,276 But the processor has way more capacity than that. 328 00:18:33,276 --> 00:18:34,686 In memory utilization, you know, 329 00:18:34,686 --> 00:18:35,826 it's like here's the total and it's like [computer sounds]. 330 00:18:35,826 --> 00:18:40,306 I mean, it's like memory utilization's low. 331 00:18:40,306 --> 00:18:44,536 So what somebody came along and decided to do, and this is, by the way, VMware, 332 00:18:44,826 --> 00:18:53,286 Microsoft with their knockoff hyper -- I didn't say knockoff, I meant innovation, Hyper-V. 333 00:18:53,896 --> 00:18:56,266 You know, there's all kinds of different virtualization. 334 00:18:56,266 --> 00:19:00,806 As a matter of fact, you can go download one for free called, what is it called, Virtual. 335 00:19:01,606 --> 00:19:02,436 VirtualBox. 336 00:19:03,346 --> 00:19:06,606 Right? And you can actually run virtualization on your own workstation for free. 337 00:19:06,606 --> 00:19:09,316 I think Sun, Sun Micro? 338 00:19:09,316 --> 00:19:11,456 Somebody started doing this for free. 339 00:19:11,456 --> 00:19:13,406 So this is all virtualization. 340 00:19:13,406 --> 00:19:17,676 What it allows you to do is take that one physical box and start splitting it 341 00:19:17,816 --> 00:19:23,096 to multiple servers, to where I actually run -- it's like I have one operating system on here 342 00:19:23,296 --> 00:19:27,906 that is, we'll say Windows Server 2012, you know. 343 00:19:27,906 --> 00:19:28,696 It's running. 344 00:19:28,696 --> 00:19:30,576 This is our core server. 345 00:19:30,676 --> 00:19:32,606 And then over here I've got a little, maybe, 346 00:19:32,606 --> 00:19:36,006 accounting server that our accounting department runs. 347 00:19:36,006 --> 00:19:37,936 It's Windows 2003. 348 00:19:37,936 --> 00:19:39,626 Just an old server they use for file storage. 349 00:19:39,756 --> 00:19:45,446 And then over here I've got maybe a voice-over IP server than runs our phone system. 350 00:19:45,446 --> 00:19:49,616 So I can use one physical box because of the resource capacity 351 00:19:49,616 --> 00:19:50,976 to run all of those different servers. 352 00:19:51,046 --> 00:19:52,586 But here's the dilemma. 353 00:19:52,986 --> 00:19:59,136 I've got phones that are on their own VLAN and they can only, I mean, 354 00:19:59,136 --> 00:20:02,356 they need to talk to the server and it needs to be on their network, 355 00:20:02,356 --> 00:20:06,336 and then over here is the accounting department, and maybe they want -- 356 00:20:06,336 --> 00:20:08,336 and I'm just coming up with this as I go, right? 357 00:20:08,336 --> 00:20:11,366 And so the accounting department, they want a server in their network 358 00:20:11,366 --> 00:20:13,556 to store their files on and communicate with, there. 359 00:20:13,776 --> 00:20:17,976 Well, what we can do with server virtualization is set up this link -- 360 00:20:18,086 --> 00:20:22,156 now this is heavy, hang with me -- as a trunk. 361 00:20:23,186 --> 00:20:25,976 So remember, what does a trunk do? 362 00:20:26,216 --> 00:20:27,436 Carry all VLAN. 363 00:20:27,436 --> 00:20:32,436 So let's say accounting is VLAN 10, voice is VLAN 20, and these servers, 364 00:20:32,436 --> 00:20:34,276 whatever they are, is VLAN 50, right? 365 00:20:34,276 --> 00:20:39,986 So this switch can actually send all the VLAN traffic, so the accounting department, 366 00:20:39,986 --> 00:20:43,826 the voice phones, and everything like that, even though they're separated. 367 00:20:43,826 --> 00:20:47,326 Like accounting can't actually get to the phones and the servers can't actually get there -- 368 00:20:47,326 --> 00:20:52,916 I can actually send all of those packets tagged to the server and just 369 00:20:52,916 --> 00:20:56,686 about every virtualization solution, VMware, Hyper-V, all that kind of stuff, 370 00:20:56,686 --> 00:21:02,626 they can all say, I'm going to look at that VLAN header and then I can assign, you know, 371 00:21:02,626 --> 00:21:08,076 like I can assign this server within this box to VLAN -- what did I say -- 20. 372 00:21:08,556 --> 00:21:13,646 So now, as packets come in tagged with VLAN 20, it'll say, oh, you're able to reach that server. 373 00:21:14,196 --> 00:21:16,136 Did I say accounting? 374 00:21:16,136 --> 00:21:16,676 I meant voice. 375 00:21:16,676 --> 00:21:19,426 As voice packets come in tagged with VLAN 20, they can reach the voice server. 376 00:21:19,636 --> 00:21:23,156 As accounting packets come in, and they're tagged VLAN 10, 377 00:21:23,936 --> 00:21:25,096 they can reach the accounting server. 378 00:21:25,096 --> 00:21:29,166 Because within this server, I assign that server -- that sounds funny -- 379 00:21:29,356 --> 00:21:33,856 within this physical server, I assign this logical server to VLAN 10. 380 00:21:33,856 --> 00:21:36,516 And so I can separate, even within one box, 381 00:21:36,586 --> 00:21:39,216 all the different servers, making it totally efficient. 382 00:21:39,266 --> 00:21:41,816 That's great to be able to do that. 383 00:21:42,176 --> 00:21:42,896 Last example. 384 00:21:43,776 --> 00:21:46,686 Up here I've got Unified Network and Wi-Fi. 385 00:21:46,966 --> 00:21:51,026 So what I can do is, let's say, you know, I've got common departments. 386 00:21:51,026 --> 00:21:55,746 Like I've got this accounting group, but just because of how our company grew, you know, 387 00:21:55,746 --> 00:22:00,006 we kind of filled up this little 2000 square foot building to start off with 388 00:22:00,006 --> 00:22:02,326 and we immediately bought the building next to it, 389 00:22:02,326 --> 00:22:05,826 which was 6000 square feet, you know, to allow for growth. 390 00:22:05,826 --> 00:22:09,346 And then we outgrew that one really quick and had to buy another, you know, 391 00:22:09,346 --> 00:22:12,256 the next little 3000 square foot building next to it. 392 00:22:12,256 --> 00:22:16,876 And so just kind of how our building grew, we've got accounting people sitting right here 393 00:22:16,876 --> 00:22:18,986 and we ran out of chairs so some had to sit over here. 394 00:22:19,186 --> 00:22:24,776 Well, using VLANs, we can have a unified network to where even though I've got accounting people 395 00:22:24,776 --> 00:22:30,006 in this building, I can have these guys, accounting people, that are on the same network 396 00:22:30,056 --> 00:22:32,086 and have the same permissions applied to them. 397 00:22:32,086 --> 00:22:36,886 Because I can send that VLAN across all of these links, which would be my trunk links. 398 00:22:36,886 --> 00:22:38,966 Wi-Fi. So handy. 399 00:22:38,966 --> 00:22:42,826 Wi-Fi is becoming like an everywhere kind of thing. 400 00:22:42,826 --> 00:22:44,376 Everybody is on the wireless network. 401 00:22:44,606 --> 00:22:46,216 You might have an iPad. 402 00:22:46,586 --> 00:22:52,836 Let's say you've got an iPad that you're walking around with, watching a YouTube video, 403 00:22:53,076 --> 00:22:56,786 and in here you actually have a wireless access point, 404 00:22:56,786 --> 00:22:59,476 and over in this building you have a wireless access point and all that. 405 00:22:59,606 --> 00:23:03,766 Well, we want people, you know, as this iPad, as I'm walking, watching this video 406 00:23:03,766 --> 00:23:08,176 as I'm walking -- or even more relevant, they have wireless IP phones. 407 00:23:08,336 --> 00:23:12,076 You know, to where maybe I'm talking on a phone call connected to Wi-Fi, 408 00:23:12,296 --> 00:23:14,156 roaming between these different buildings. 409 00:23:14,326 --> 00:23:17,446 Well, if I don't use VLANs, then every building that I come 410 00:23:17,446 --> 00:23:19,706 to might end up being a different network. 411 00:23:20,046 --> 00:23:24,776 And if that happens, my call is severed if I'm talking on the phone. 412 00:23:24,926 --> 00:23:30,236 My YouTube video, or whatever I'm watching, stops on the iPad, because it loses connection 413 00:23:30,436 --> 00:23:32,266 as it moves from one building to another. 414 00:23:32,546 --> 00:23:39,266 But with VLANs, I can send that same VLAN across all the buildings and allow it be segmented 415 00:23:39,396 --> 00:23:45,616 so it's efficient, and yet at the same time, stay unified to where Wi-Fi stays the same 416 00:23:45,616 --> 00:23:51,566 as I move and I don't lose connections as I move from one building to the next. 417 00:23:52,196 --> 00:23:56,216 Think of those VLAN uses as the tip of the iceberg. 418 00:23:56,546 --> 00:24:00,026 I can't tell you how many times I'm in a conversation with somebody, 419 00:24:00,026 --> 00:24:05,956 whether it's at a data center or, you know, at a corporate network or wherever and they're like, 420 00:24:05,956 --> 00:24:08,646 man, we've just got to figure out how to do this. 421 00:24:08,646 --> 00:24:12,756 And I can't tell you the number of times where I've looked at them like, oh, totally possible. 422 00:24:13,096 --> 00:24:14,036 We've got to use the VLANs. 423 00:24:14,036 --> 00:24:15,386 Just use our VLANs in the right way. 424 00:24:15,576 --> 00:24:17,496 We can separate that business from that one. 425 00:24:17,496 --> 00:24:20,116 We can make sure that their traffic doesn't mix with theirs. 426 00:24:20,116 --> 00:24:25,516 I mean, just the uses of VLANs are literally, I mean, endless. 427 00:24:26,106 --> 00:24:31,326 There are situations that even I -- after dealing with VLANs for a decade and beyond -- 428 00:24:31,526 --> 00:24:35,926 haven't run into yet that I know, I'm like, a VLAN would solve that. 429 00:24:36,046 --> 00:24:39,956 So VLANs give you such flexibility and capability wherever you are. 430 00:24:39,956 --> 00:24:40,876 So let's review. 431 00:24:41,376 --> 00:24:44,476 We have seen in here the view of a normal switch. 432 00:24:44,476 --> 00:24:45,916 You know, what it looks like without VLANs. 433 00:24:45,916 --> 00:24:47,176 Everything's kind of flat. 434 00:24:47,176 --> 00:24:48,396 Everybody can talk to everything. 435 00:24:48,396 --> 00:24:49,136 No security. 436 00:24:49,516 --> 00:24:51,756 Then we added in the VLANs and the trunks. 437 00:24:51,936 --> 00:24:53,876 VLANs being your way of separating it. 438 00:24:53,876 --> 00:24:56,796 Did I ever tell you what a VLAN stands for? 439 00:24:56,876 --> 00:24:57,626 How did I get here? 440 00:24:58,066 --> 00:24:59,206 Virtual LAN. 441 00:24:59,206 --> 00:25:02,836 It's Virtual Local Area Network, because it's virtually 442 00:25:02,836 --> 00:25:05,576 as if I'm creating a new network altogether. 443 00:25:05,576 --> 00:25:10,596 So VLANs separating our networks into different groups and then a trunk, 444 00:25:10,596 --> 00:25:17,046 which allows you to carry all of those tags, all of those identifiers between your switches, 445 00:25:17,046 --> 00:25:19,266 so we can have a unified network 446 00:25:19,266 --> 00:25:23,936 to where everything supports the same VLANs within our campus, all right? 447 00:25:23,936 --> 00:25:25,936 Within our infrastructure. 448 00:25:26,356 --> 00:25:29,386 And then we saw some examples of what VLANs make possible. 449 00:25:29,386 --> 00:25:32,166 So from here, we're going to start picking up on the config. 450 00:25:32,166 --> 00:25:35,766 For now, I hope this has been informative for you, and I'd like to thank you for viewing. 42896