Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated:
1
00:00:00,356 --> 00:00:03,136
>> Jeremy: You ever have one of
those stories that never get old?
2
00:00:03,256 --> 00:00:06,246
Like you can tell it to 50 people
and the 51st person it's just
3
00:00:06,246 --> 00:00:07,496
as good of a story when you tell it.
4
00:00:07,816 --> 00:00:12,686
Like I had a cat back in the day that
I didn't want to jump over the wall.
5
00:00:12,896 --> 00:00:17,276
And my roommate -- this is like 15 years
ago -- my roommate at the time thought,
6
00:00:17,276 --> 00:00:19,236
well, I've got this brilliant idea.
7
00:00:19,236 --> 00:00:24,266
Let's tie a hammer around the
cat, you know, with a little rope.
8
00:00:24,266 --> 00:00:30,546
You know, not tight, you know, it wasn't, like,
choking the cat yet, but just tie a hammer,
9
00:00:30,546 --> 00:00:33,646
because then it would weigh too much and
it wouldn't be able to jump over the wall.
10
00:00:33,646 --> 00:00:34,346
Or so we thought.
11
00:00:34,476 --> 00:00:39,446
Now I'll save you the rest of the details,
but it involved holes in walls, broken glass.
12
00:00:39,446 --> 00:00:44,066
It was, at the time, horrific, but
now one of the funniest stories.
13
00:00:44,066 --> 00:00:44,756
VLANs are that way.
14
00:00:45,396 --> 00:00:49,186
VLANs are one of those concepts that
once you get it, it never gets old.
15
00:00:49,186 --> 00:00:52,476
For me to explain VLANs, I'm
like, oooh-oooh-oooh, really?
16
00:00:52,696 --> 00:00:56,216
And I hope that by the time you get
them, you're going to be like, oh, man,
17
00:00:56,216 --> 00:00:59,306
I want to tell my friends
what VLANs make possible.
18
00:00:59,536 --> 00:01:03,756
Take core switching, switching fundamentals,
and put them in a box, it's done.
19
00:01:04,066 --> 00:01:08,196
We're now going to talk about how we
can enhance our network using VLANs.
20
00:01:08,196 --> 00:01:12,526
We'll look at how normal switching
happens, and then compare it to what happens
21
00:01:12,526 --> 00:01:16,796
when we add VLANs into the mix, and
then what scenarios they make possible.
22
00:01:17,246 --> 00:01:20,816
So before we talk about how
VLANs enhance the network,
23
00:01:20,816 --> 00:01:23,516
let's review what the foundation
is that we're working with.
24
00:01:23,726 --> 00:01:27,126
When you have a normal switch
-- any switch is this way --
25
00:01:27,636 --> 00:01:29,726
you will have multiple collision domains.
26
00:01:29,726 --> 00:01:32,806
And you remember, collision domains
mean how many people can send
27
00:01:33,036 --> 00:01:34,266
and receive at the same time.
28
00:01:34,266 --> 00:01:38,866
If we're using full duplex, which we are, which
is equal to the number of ports on that switch.
29
00:01:38,866 --> 00:01:42,006
So if I have a switch with --
well, what is this, one, two,
30
00:01:42,006 --> 00:01:44,086
three, four, five, six -- six ports.
31
00:01:44,176 --> 00:01:45,676
I have six collision domains.
32
00:01:45,906 --> 00:01:47,126
That's normal.
33
00:01:47,416 --> 00:01:52,976
It's one broadcast domain, which really means
how far does a broadcast go before it's stopped?
34
00:01:52,976 --> 00:01:54,366
And in a switch, it's one.
35
00:01:54,366 --> 00:01:57,416
The whole switch to where when
somebody sends a broadcast,
36
00:01:57,506 --> 00:02:01,266
it will go out all active ports
except the one that sent it.
37
00:02:01,266 --> 00:02:03,156
It's not just going to send
the broadcast back to you.
38
00:02:03,376 --> 00:02:06,616
It'll go out all active ports
and everybody receives it.
39
00:02:06,616 --> 00:02:08,376
So it's considered one broadcast domain.
40
00:02:08,376 --> 00:02:12,006
No matter how big that is, if you link
another switch and another switch,
41
00:02:12,006 --> 00:02:15,516
it's still one broadcast domain,
because one broadcast will go here,
42
00:02:15,626 --> 00:02:17,566
here, go out all ports, here, out.
43
00:02:17,566 --> 00:02:22,156
And that's one of the big scalability issues
that we have is the more we grow this thing,
44
00:02:22,356 --> 00:02:24,356
the more broadcast starts weighing us down.
45
00:02:25,046 --> 00:02:28,266
Also, a switch equals a network, or a subnet.
46
00:02:28,266 --> 00:02:31,556
Essentially, when we have one
switch before we hit a router,
47
00:02:31,556 --> 00:02:35,336
let's say over here is our
router, this defines the network.
48
00:02:35,336 --> 00:02:44,676
This is all one network, one subnet, you know,
everybody on here -- if this is 192.168.1.0/24,
49
00:02:44,676 --> 00:02:51,636
so everybody's IP address begins with 192.168.1,
this one might be 50, this one might be 60, 61,
50
00:02:51,756 --> 00:02:53,726
or 51, whatever my pen writes, you know.
51
00:02:53,726 --> 00:02:58,386
They're all one network, but also
now, they're all one failure domain.
52
00:02:58,846 --> 00:03:06,676
So if something really bad happens where this
guy starts, you know, sending a broadcast storm,
53
00:03:06,676 --> 00:03:10,406
you know, to where -- and that happens --
where this guy just starts going berserk.
54
00:03:10,406 --> 00:03:12,946
His network card is going crazy, you know.
55
00:03:12,946 --> 00:03:16,856
This whole network can be impacted,
because it is all one network.
56
00:03:16,856 --> 00:03:19,456
And we have completely limited security.
57
00:03:19,516 --> 00:03:25,896
Because usually, Layer 2, which is what
switches work at, is not a secure zone.
58
00:03:26,056 --> 00:03:30,456
Like if I'm plugged into a port, I'm
assuming the port next to me is trusted,
59
00:03:30,996 --> 00:03:36,036
and there's limited, very limited security
that I can put between those ports.
60
00:03:36,196 --> 00:03:39,906
So if this guy is a malicious user
that happened to plug into my network,
61
00:03:40,156 --> 00:03:42,796
he pretty much has full access to that device.
62
00:03:42,796 --> 00:03:47,726
And we rely on maybe firewalls on
that device to try and protect them,
63
00:03:47,726 --> 00:03:51,776
but usually in corporations,
firewalls on the PCs are limited,
64
00:03:51,776 --> 00:03:54,676
because they assume the corporate
network is trusted.
65
00:03:55,916 --> 00:03:57,806
So now let's talk about VLANs.
66
00:03:57,806 --> 00:04:01,526
How do VLANs enhance our
normal switch operations?
67
00:04:02,076 --> 00:04:03,346
Well, let's start off up here.
68
00:04:03,346 --> 00:04:08,396
I like using colors to represent VLANs,
because it's just more visual, easier to see.
69
00:04:08,396 --> 00:04:11,746
So let's say that we create two different VLANs.
70
00:04:11,746 --> 00:04:17,516
We'll call it the blue VLAN, which colors is
what I use as kind of a descriptor, but really,
71
00:04:17,516 --> 00:04:19,106
VLANs are represented by numbers.
72
00:04:19,106 --> 00:04:21,936
So let's just say the blue
VLAN is VLAN 10, right?
73
00:04:21,936 --> 00:04:27,456
And then we also come up with a red
VLAN, and the red VLAN is VLAN 20.
74
00:04:27,456 --> 00:04:32,946
VLAN numbers can range from 1 to
4,096, so you can have just a ton
75
00:04:32,946 --> 00:04:34,826
of different VLANs that are available to you.
76
00:04:34,976 --> 00:04:38,886
So when I split my network up into VLANs.
77
00:04:38,886 --> 00:04:40,536
Like let's just look at this switch right here.
78
00:04:40,906 --> 00:04:42,666
I say these ports are blue.
79
00:04:42,666 --> 00:04:43,366
This port is blue.
80
00:04:43,586 --> 00:04:45,696
If you could kind of get the mental image.
81
00:04:45,696 --> 00:04:49,426
If we're comparing it to the red ports, right
there, get the mental image in your head
82
00:04:49,426 --> 00:04:54,686
that says it's as if you could take that
switch over your knee and you do kind of one
83
00:04:54,686 --> 00:04:58,646
of those ahhh chop, Judo chop that
thing into two different pieces.
84
00:04:58,646 --> 00:05:02,706
And we took all of these blue ports and they
kind of snapped off and became their own switch,
85
00:05:02,836 --> 00:05:05,896
and all of these red ports, and they
snapped off and became their own switch.
86
00:05:06,246 --> 00:05:08,916
Logically, that's what VLANs do.
87
00:05:09,666 --> 00:05:16,986
It separates our groups of users, or our
devices that are attached to the network
88
00:05:16,986 --> 00:05:19,606
into completely separate networks.
89
00:05:19,606 --> 00:05:21,406
It segments the broadcast domains.
90
00:05:21,406 --> 00:05:25,756
So if the blue computer sends a broadcast,
it only comes out the blue ports.
91
00:05:25,926 --> 00:05:27,806
Now, let me go beyond this.
92
00:05:27,806 --> 00:05:31,596
It can even transcend switches to where
these blue ports get the broadcast
93
00:05:31,596 --> 00:05:33,046
and these blue -- oh, he's down there.
94
00:05:33,266 --> 00:05:34,866
These blue ports get the broadcast.
95
00:05:34,866 --> 00:05:36,186
So it comes out all those ports.
96
00:05:36,186 --> 00:05:40,636
And if the red guy sends a broadcast,
only the red ports get the broadcast.
97
00:05:40,636 --> 00:05:42,266
So it kind of segments that.
98
00:05:42,266 --> 00:05:49,716
We get a subnet correlation to where when we
split into VLANs, we split our IP subnets.
99
00:05:49,716 --> 00:05:51,556
Now this is a big concept to catch.
100
00:05:52,186 --> 00:05:54,736
The blue VLAN is now a new network.
101
00:05:55,146 --> 00:06:00,936
So it is identified now at Layer
3 at our IP addressing layer
102
00:06:01,196 --> 00:06:02,666
as a completely different network.
103
00:06:02,666 --> 00:06:10,456
So maybe before we did VLAN, like I showed
on the last slide, everybody was 192.168.1.0,
104
00:06:10,456 --> 00:06:15,846
but now I say, OK, well the blue VLAN, well
maybe the blue VLAN stays 192.168.1.0/24.
105
00:06:15,846 --> 00:06:19,986
Now remember, with slash-24, that means
this, this and this represent the network.
106
00:06:20,096 --> 00:06:24,296
It's the same thing as saying 255, 255, 255, 0.
107
00:06:24,296 --> 00:06:26,486
And IP addressing is coming up, don't worry.
108
00:06:26,556 --> 00:06:28,446
So we say slash-24.
109
00:06:28,696 --> 00:06:35,906
But then the red VLAN is
going to be 192.168.2.0/24.
110
00:06:36,166 --> 00:06:36,906
It has to be.
111
00:06:36,906 --> 00:06:39,036
It's a completely different subnet.
112
00:06:39,036 --> 00:06:40,086
Different network.
113
00:06:40,326 --> 00:06:43,836
So these guys are now in a completely
different zone than these guys.
114
00:06:44,106 --> 00:06:46,146
They are completely segmented.
115
00:06:46,476 --> 00:06:54,166
That gives us a full level of access control,
to where I can say, OK, blue cannot access red,
116
00:06:54,836 --> 00:06:58,866
but, you know, and when we get into moving
data between VLANs, I can say, well,
117
00:06:59,076 --> 00:07:02,036
the red can access blue, but
maybe only these devices.
118
00:07:02,326 --> 00:07:07,206
Whereas when we're at Layer 2, meaning we
don't have VLANs, everything's connected
119
00:07:07,206 --> 00:07:11,306
to a normal switch, as I mentioned, it's very
difficult to try and pull a stunt like that.
120
00:07:11,636 --> 00:07:20,606
VLANs also help with quality of service, because
it's way easy to say the red VLAN has priority.
121
00:07:21,216 --> 00:07:24,446
Totally easy configuration
and quality of service.
122
00:07:24,446 --> 00:07:29,276
Whereas if everybody is a member of the
same VLAN, it's a normal switch like we saw
123
00:07:29,276 --> 00:07:33,526
on the last slide, it's very difficult,
it can be very difficult to say, well,
124
00:07:33,526 --> 00:07:37,016
you get quality of service, but you guys don't.
125
00:07:37,016 --> 00:07:42,686
So you, now quality of service, I should stop
assuming everybody's like, well, what's that?
126
00:07:42,846 --> 00:07:45,676
Quality of service says you're
more important than somebody else.
127
00:07:46,796 --> 00:07:48,116
That's not very nice.
128
00:07:48,226 --> 00:07:50,956
Well, it kind of is, depending
on what you're talking about.
129
00:07:51,056 --> 00:07:53,946
Maybe the blue guys are people
that surf the web all day.
130
00:07:54,576 --> 00:07:56,956
Yeah, you hire those kind of people, right?
131
00:07:56,956 --> 00:07:59,336
Or the blue guys are normal day-to-day users,
132
00:07:59,336 --> 00:08:02,456
whereas the red guys, those
are your executive team.
133
00:08:02,656 --> 00:08:05,736
Or even better yet, those are your IP phones.
134
00:08:06,426 --> 00:08:11,406
And we always want our IP phones, our voice-over
IP traffic to have priority over the blue.
135
00:08:11,646 --> 00:08:17,126
Very difficult if the IP phones are
in the same network as the blue guys.
136
00:08:17,336 --> 00:08:20,176
To really say, OK, well --
because they're the same network.
137
00:08:20,176 --> 00:08:21,526
It's hard to identify them.
138
00:08:21,696 --> 00:08:24,696
Whereas if I have a completely
different network, I can say, well,
139
00:08:24,946 --> 00:08:26,866
simple enough, prioritize the red guys.
140
00:08:27,386 --> 00:08:32,306
And the switch is really easy to identify that
and the routers can really easy identify that,
141
00:08:32,446 --> 00:08:33,936
because they're on completely separate networks.
142
00:08:33,936 --> 00:08:35,246
So this is good.
143
00:08:35,386 --> 00:08:37,866
Now let me ask you a question.
144
00:08:38,606 --> 00:08:39,446
Let me do this.
145
00:08:39,946 --> 00:08:44,146
No. I'm just going to drag this off.
146
00:08:45,576 --> 00:08:51,996
Gone. OK, so if the blue guys send a
broadcast, and as I mentioned it comes
147
00:08:51,996 --> 00:08:56,446
out all the blue ports, and even down here,
and the red guys send a broadcast and it comes
148
00:08:56,446 --> 00:09:01,096
out all the red ports, even down here,
then here's my -- I'm going purple on you.
149
00:09:02,256 --> 00:09:03,506
What VLAN does that belong to?
150
00:09:04,096 --> 00:09:06,926
What VLAN does that, and that, and that.
151
00:09:06,926 --> 00:09:09,666
I notice they're kind of a white port.
152
00:09:09,896 --> 00:09:10,836
What VLAN are they in?
153
00:09:11,986 --> 00:09:17,096
The right answer is all of them,
because Cisco calls those trunks.
154
00:09:17,436 --> 00:09:18,516
A trunk port.
155
00:09:18,756 --> 00:09:22,796
A trunk port, and by the
way, trunk is a Cisco term.
156
00:09:23,136 --> 00:09:26,666
Trunk carries all VLANs all the time.
157
00:09:27,146 --> 00:09:32,686
So -- well, put a little
asterisk by "all the time."
158
00:09:32,686 --> 00:09:34,016
Because we can restrict that.
159
00:09:34,016 --> 00:09:37,716
But a trunk, you know, when I set
up a trunk, it will automatically,
160
00:09:37,716 --> 00:09:40,196
from the minute I configure
it, carry the red VLAN,
161
00:09:40,196 --> 00:09:42,926
I think we said that was
VLAN 20, and the blue VLAN.
162
00:09:43,256 --> 00:09:44,396
Red VLAN and the blue VLAN.
163
00:09:44,546 --> 00:09:49,616
So usually, I mean, if these are all 100
megabits per second ports, usually you'd want
164
00:09:49,616 --> 00:09:51,706
that guy to be maybe 1000 megabits per second.
165
00:09:52,056 --> 00:09:54,886
Those are your bottlenecks, because
they're carrying a lot of traffic.
166
00:09:54,886 --> 00:09:56,966
They have a lot of work to do.
167
00:09:57,246 --> 00:10:01,846
Now I just said that trunk is a Cisco word.
168
00:10:02,266 --> 00:10:04,866
Only Cisco uses that word.
169
00:10:05,116 --> 00:10:08,796
Other vendors use the term tagged port.
170
00:10:09,326 --> 00:10:15,866
I hear that all the time, and a 3Com
switch, or 3Com got bought by HP,
171
00:10:15,866 --> 00:10:18,236
so HP switches, Juniper switches.
172
00:10:18,236 --> 00:10:21,066
Everybody else uses the term tagged.
173
00:10:21,826 --> 00:10:25,636
And I have to admit, I kind of
like that word a little better.
174
00:10:25,856 --> 00:10:28,216
A trunk is -- you're kind of like, OK?
175
00:10:28,556 --> 00:10:29,036
What's that?
176
00:10:29,036 --> 00:10:30,446
We have to assign a definition to it.
177
00:10:30,676 --> 00:10:34,836
But a tagged port really identifies what it is.
178
00:10:34,836 --> 00:10:39,596
Because when a frame comes into the
switch -- now, let me tell you this.
179
00:10:39,596 --> 00:10:43,066
A computer has no idea what a VLAN even is.
180
00:10:43,846 --> 00:10:45,606
It doesn't know that it's part of a VLAN.
181
00:10:45,726 --> 00:10:50,836
All it knows is it's got an IP address
and when it sends stuff, it communicates.
182
00:10:50,836 --> 00:10:51,996
You know, things ping back.
183
00:10:51,996 --> 00:10:53,346
It can communicate.
184
00:10:53,396 --> 00:10:55,766
So a computer has no idea what VLAN it's on.
185
00:10:55,766 --> 00:11:00,796
So when it sends a frame into the switch, and
the switch says, OK, you're on the blue VLAN,
186
00:11:00,946 --> 00:11:04,396
what it will do before it ever
sends it to another switch is take
187
00:11:04,396 --> 00:11:07,306
that data -- so let me give a scenario.
188
00:11:07,306 --> 00:11:13,536
Let's say that this guy up here,
192.168.1.50 pings this guy
189
00:11:13,536 --> 00:11:16,846
down here, who's 192.168.1.51, right?
190
00:11:16,956 --> 00:11:18,696
So I have a ping message that's sent.
191
00:11:18,696 --> 00:11:22,826
So it sends that ping into the switch,
the switch realizes because it looks
192
00:11:22,826 --> 00:11:28,296
at the Mac address in the header, and it goes,
oh, well, that Mac address is out this port,
193
00:11:28,296 --> 00:11:30,616
and down this port, and I'm
going to get it to that guy.
194
00:11:30,686 --> 00:11:32,546
So it looks at the Mac address
to figure that out.
195
00:11:32,726 --> 00:11:37,266
Well, it needs to let this
switch know what VLAN it's on.
196
00:11:37,576 --> 00:11:40,456
And this switch needs to let this
switch know what VLAN it's on.
197
00:11:40,456 --> 00:11:46,226
So when the switch sends this frame
out a tagged port, it does just that.
198
00:11:46,656 --> 00:11:52,106
It puts a little tag in the header
that says this belongs to VLAN 10.
199
00:11:52,376 --> 00:11:57,036
I don't know why I always
think of this when I describe
200
00:11:57,036 --> 00:12:00,696
that tagging process, but
have you ever gotten shims?
201
00:12:01,856 --> 00:12:02,326
What's that?
202
00:12:02,476 --> 00:12:07,086
You go to Home Depot and, you know, you've
got the refrigerator that's not quit level
203
00:12:07,086 --> 00:12:09,206
and it kind of rocks back and forth?
204
00:12:09,206 --> 00:12:10,706
You just go to Home Depot, grab a shim.
205
00:12:10,936 --> 00:12:16,626
They're like these little triangle pieces
of wood that you buy a whole pack of them,
206
00:12:16,626 --> 00:12:18,186
because everything in my house is not level.
207
00:12:18,186 --> 00:12:21,346
Like my chair wiggles back
and forth, my desk wiggles.
208
00:12:21,346 --> 00:12:25,736
So you go in my house, and like shims --
I've got them in my back pocket all the time.
209
00:12:25,736 --> 00:12:27,996
Everything's got a shim under
it to make it level.
210
00:12:27,996 --> 00:12:30,386
I think of that when I think of this little tag.
211
00:12:30,706 --> 00:12:36,426
It's like putting a little shim, chunk, in the
header of that packet, so that when it comes
212
00:12:36,426 --> 00:12:39,456
down here -- like, for instance, maybe
it's not a ping, maybe it's a broadcast.
213
00:12:40,706 --> 00:12:44,516
And when that broadcast comes down
to that switch, it has to know, OK,
214
00:12:44,516 --> 00:12:46,406
only these ports get that broadcast.
215
00:12:46,406 --> 00:12:47,486
Well, how's it going to know that?
216
00:12:47,626 --> 00:12:49,046
Well, it's looking at the shim.
217
00:12:49,226 --> 00:12:54,306
It's looking at the tag that was put in the
packet header and it goes, oh, you're VLAN 10.
218
00:12:54,376 --> 00:12:56,826
OK, all these ports are in VLAN
10, so they're going to get it.
219
00:12:56,886 --> 00:12:59,096
And when it comes down here,
he's looking at the shim.
220
00:12:59,096 --> 00:13:02,636
He's looking at the little tag saying,
oh, VLAN 10, only these ports get it.
221
00:13:02,636 --> 00:13:04,656
So the switches are able to
make intelligent decisions.
222
00:13:04,656 --> 00:13:12,226
Now I told you that a computer has no idea
what a VLAN is, so you better believe before
223
00:13:12,226 --> 00:13:17,616
that switch sends that ping or that broadcast to
that computer, it actually yanks the shim out.
224
00:13:17,856 --> 00:13:22,366
It's like, OK, well, if I send you a packet,
or frame, that has a shim in the header,
225
00:13:22,526 --> 00:13:23,886
you're going to go, what is this?
226
00:13:24,046 --> 00:13:24,516
All right?
227
00:13:24,516 --> 00:13:26,456
This must be a messed up packet.
228
00:13:26,456 --> 00:13:27,226
I'm going to drop it.
229
00:13:27,226 --> 00:13:29,926
So this is a switch-to-switch thing.
230
00:13:29,926 --> 00:13:31,226
This little tagged port.
231
00:13:31,226 --> 00:13:35,876
So what Cisco calls trunk, everybody else
calls tag because it's really what's happening,
232
00:13:35,876 --> 00:13:39,426
is it's putting these little
labels on the header.
233
00:13:39,426 --> 00:13:41,026
OK, last thing I want to discuss
234
00:13:41,026 --> 00:13:45,146
in this conceptual VLAN nugget
is what do you do with them?
235
00:13:45,146 --> 00:13:48,706
I mean, getting the concept, like the
last slide is good, where you're like, OK,
236
00:13:48,706 --> 00:13:50,766
I can separate the blue and the red.
237
00:13:50,766 --> 00:13:51,376
I get that.
238
00:13:51,376 --> 00:13:53,146
So it's more secure and all that.
239
00:13:53,356 --> 00:13:55,216
But give me something practical, Jeremy.
240
00:13:55,216 --> 00:13:56,096
What do people do?
241
00:13:56,096 --> 00:13:59,306
Well, I would say this, by
far, is not a cumulative list,
242
00:13:59,306 --> 00:14:02,576
but I would say probably the most common
things people do with VLANs are right here.
243
00:14:02,996 --> 00:14:04,246
Lower right, let's start there.
244
00:14:04,246 --> 00:14:05,886
Like type segmentation.
245
00:14:05,996 --> 00:14:08,056
Almost everybody does this.
246
00:14:08,056 --> 00:14:11,206
Grouping things together
that are of the same kind.
247
00:14:11,666 --> 00:14:13,266
I mean, it helps with security.
248
00:14:13,266 --> 00:14:15,626
Like, for instance, let's say OK,
all the servers are over there.
249
00:14:15,806 --> 00:14:18,536
All of the accounting users are over there.
250
00:14:18,536 --> 00:14:21,146
You know, you kind of group
-- it's good for security,
251
00:14:21,146 --> 00:14:24,896
but also it just makes sense
as your network grows.
252
00:14:25,306 --> 00:14:29,986
As your network grows, it does get more and
more inefficient if it's one big network,
253
00:14:29,986 --> 00:14:33,266
because remember, broadcasts
start accumulating up.
254
00:14:33,266 --> 00:14:36,326
You get more and more of them, things
have to process those broadcasts
255
00:14:36,326 --> 00:14:38,526
and things just get slower and
slower and slower and less efficient.
256
00:14:38,526 --> 00:14:43,816
So what most people will do is start
grouping together, this is where it starts.
257
00:14:43,816 --> 00:14:47,106
Grouping together common
departments or common things.
258
00:14:47,106 --> 00:14:48,226
I'll give you an example.
259
00:14:48,606 --> 00:14:54,156
One of the most bizarre networks I walked into,
I'm trying to think of how to explain this
260
00:14:54,156 --> 00:14:56,386
without revealing exactly what it was.
261
00:14:56,386 --> 00:15:00,426
In Arizona, we have -- I can't.
262
00:15:00,616 --> 00:15:03,256
We have separate governments.
263
00:15:03,326 --> 00:15:06,996
So we have the United States of
America and then there are groups
264
00:15:06,996 --> 00:15:10,296
where they have their own
government within Arizona.
265
00:15:10,296 --> 00:15:15,256
So I was actually brought out to consult
on one of these little sub-area networks
266
00:15:15,256 --> 00:15:22,346
and literally I walked in and the government
building, you know, it's a small little area,
267
00:15:22,586 --> 00:15:27,956
the government building, the police department,
the school, the school library and --
268
00:15:28,326 --> 00:15:33,676
there was one other thing --
oh, a water treatment plant
269
00:15:33,676 --> 00:15:37,556
for waste treatment, all of it was one network.
270
00:15:37,556 --> 00:15:40,826
So let me give you the paradigm
that I walked into.
271
00:15:41,176 --> 00:15:46,236
I could go to a library computer
and ping and actually try
272
00:15:46,236 --> 00:15:49,616
to access a computer in the police department.
273
00:15:50,226 --> 00:15:53,346
I'm pausing just to let that soak in.
274
00:15:53,596 --> 00:15:55,346
That's the kind of network I walked in on.
275
00:15:55,346 --> 00:15:57,166
And I saw that and I was like, wow.
276
00:15:57,166 --> 00:16:02,446
You know, I'm trying to think of, like,
how do I convey just how scary that is?
277
00:16:02,566 --> 00:16:04,096
And I'm like, that's scary.
278
00:16:04,096 --> 00:16:06,726
There's nothing else that
could come out of my mouth.
279
00:16:06,726 --> 00:16:10,576
And that was the first thing that we did is
go into the like type segmentation, I mean,
280
00:16:10,576 --> 00:16:14,396
this was kind of the network type where we have
the government building, and then over here,
281
00:16:14,396 --> 00:16:17,926
maybe Building B is the police
department, over here is the library,
282
00:16:17,926 --> 00:16:18,686
you know, all this kind of stuff.
283
00:16:18,686 --> 00:16:22,106
They were all connected with
fiber optic cable in between them,
284
00:16:22,276 --> 00:16:23,726
and that was the first thing that we did.
285
00:16:23,726 --> 00:16:26,846
We said -- OK, now ignore
all this stuff for now.
286
00:16:27,096 --> 00:16:30,086
But we said, OK, Building A, that's VLAN 10.
287
00:16:30,526 --> 00:16:32,996
Building B, that's VLAN 20.
288
00:16:32,996 --> 00:16:37,116
So immediately I'm putting up security
boundaries and making it more efficient
289
00:16:37,366 --> 00:16:42,346
because now broadcasts in the police
department don't come over to the library,
290
00:16:42,346 --> 00:16:44,796
don't go over to the government
building, and all that kind of stuff.
291
00:16:44,796 --> 00:16:46,186
It's like type segmentation.
292
00:16:46,186 --> 00:16:49,406
And it just kind of feels good.
293
00:16:49,406 --> 00:16:52,876
I don't know how else to say it.
294
00:16:52,876 --> 00:16:56,896
You know, my wife homeschools all of
our -- we have 4 kids right now --
295
00:16:57,196 --> 00:17:00,396
and one of the first things
that she starts doing is putting
296
00:17:00,396 --> 00:17:04,816
like we get all these little colored
balls, right, and red ones and blue ones,
297
00:17:04,816 --> 00:17:07,346
and she kind of mixes them up
and the kids are like, eww.
298
00:17:07,346 --> 00:17:08,926
It doesn't feel good.
299
00:17:08,926 --> 00:17:11,526
There's blue balls with the
red balls and the green balls.
300
00:17:11,526 --> 00:17:14,366
And the first task they have to
do is like put them all in order.
301
00:17:14,426 --> 00:17:17,536
It's kind of like put all the green
balls with the green balls, the red --
302
00:17:17,536 --> 00:17:20,796
and you get done and you just look
at the kid and they just glow.
303
00:17:20,906 --> 00:17:22,446
They're like, look what I've done.
304
00:17:22,636 --> 00:17:24,536
It feels good to look at.
305
00:17:24,536 --> 00:17:28,056
And I know it sounds funny
to make that comparison here.
306
00:17:28,416 --> 00:17:29,596
That's what you'll feel like.
307
00:17:29,736 --> 00:17:31,156
You're like, look what I've done.
308
00:17:31,356 --> 00:17:34,796
The police department is all
in their own little spot.
309
00:17:35,296 --> 00:17:36,326
They don't go anywhere.
310
00:17:36,326 --> 00:17:40,836
It makes sense to you and it just feels logical.
311
00:17:40,836 --> 00:17:42,406
OK, server virtualization.
312
00:17:42,536 --> 00:17:44,646
Let me jump over there.
313
00:17:44,676 --> 00:17:49,306
You know, when I'm talking about VLANs, like
I said, there are a huge amount of things
314
00:17:49,546 --> 00:17:53,066
that I could give you, but a lot
of it crossed the technology lines.
315
00:17:53,366 --> 00:17:57,916
And that's why putting practical
examples is sometimes difficult
316
00:17:57,916 --> 00:18:00,666
because I know sometimes I may
explain something and be like,
317
00:18:00,666 --> 00:18:02,906
I have no idea what server virtualization is.
318
00:18:02,906 --> 00:18:04,456
So let me give you the fly-by view.
319
00:18:04,786 --> 00:18:08,026
Servers have become bigger, bigger,
bigger, better, faster all the time.
320
00:18:08,286 --> 00:18:09,356
That's just the way of things.
321
00:18:09,596 --> 00:18:13,646
And what somebody realized a
long time ago is, you know what?
322
00:18:13,906 --> 00:18:17,916
Most of the time a server, you know,
physically, is just sitting there.
323
00:18:18,126 --> 00:18:21,846
I mean you look at its -- you know, if you're
looking at it like a utilization graph,
324
00:18:21,846 --> 00:18:24,776
it's processor is like [computer sounds].
325
00:18:24,776 --> 00:18:29,926
Because it just sits there
and gives people files.
326
00:18:29,926 --> 00:18:30,516
I mean, that's what it does.
327
00:18:30,516 --> 00:18:33,276
But the processor has way
more capacity than that.
328
00:18:33,276 --> 00:18:34,686
In memory utilization, you know,
329
00:18:34,686 --> 00:18:35,826
it's like here's the total and
it's like [computer sounds].
330
00:18:35,826 --> 00:18:40,306
I mean, it's like memory utilization's low.
331
00:18:40,306 --> 00:18:44,536
So what somebody came along and decided
to do, and this is, by the way, VMware,
332
00:18:44,826 --> 00:18:53,286
Microsoft with their knockoff hyper -- I didn't
say knockoff, I meant innovation, Hyper-V.
333
00:18:53,896 --> 00:18:56,266
You know, there's all kinds
of different virtualization.
334
00:18:56,266 --> 00:19:00,806
As a matter of fact, you can go download one
for free called, what is it called, Virtual.
335
00:19:01,606 --> 00:19:02,436
VirtualBox.
336
00:19:03,346 --> 00:19:06,606
Right? And you can actually run
virtualization on your own workstation for free.
337
00:19:06,606 --> 00:19:09,316
I think Sun, Sun Micro?
338
00:19:09,316 --> 00:19:11,456
Somebody started doing this for free.
339
00:19:11,456 --> 00:19:13,406
So this is all virtualization.
340
00:19:13,406 --> 00:19:17,676
What it allows you to do is take that
one physical box and start splitting it
341
00:19:17,816 --> 00:19:23,096
to multiple servers, to where I actually run --
it's like I have one operating system on here
342
00:19:23,296 --> 00:19:27,906
that is, we'll say Windows
Server 2012, you know.
343
00:19:27,906 --> 00:19:28,696
It's running.
344
00:19:28,696 --> 00:19:30,576
This is our core server.
345
00:19:30,676 --> 00:19:32,606
And then over here I've got a little, maybe,
346
00:19:32,606 --> 00:19:36,006
accounting server that our
accounting department runs.
347
00:19:36,006 --> 00:19:37,936
It's Windows 2003.
348
00:19:37,936 --> 00:19:39,626
Just an old server they use for file storage.
349
00:19:39,756 --> 00:19:45,446
And then over here I've got maybe a voice-over
IP server than runs our phone system.
350
00:19:45,446 --> 00:19:49,616
So I can use one physical box
because of the resource capacity
351
00:19:49,616 --> 00:19:50,976
to run all of those different servers.
352
00:19:51,046 --> 00:19:52,586
But here's the dilemma.
353
00:19:52,986 --> 00:19:59,136
I've got phones that are on their
own VLAN and they can only, I mean,
354
00:19:59,136 --> 00:20:02,356
they need to talk to the server and
it needs to be on their network,
355
00:20:02,356 --> 00:20:06,336
and then over here is the accounting
department, and maybe they want --
356
00:20:06,336 --> 00:20:08,336
and I'm just coming up with this as I go, right?
357
00:20:08,336 --> 00:20:11,366
And so the accounting department,
they want a server in their network
358
00:20:11,366 --> 00:20:13,556
to store their files on and
communicate with, there.
359
00:20:13,776 --> 00:20:17,976
Well, what we can do with server
virtualization is set up this link --
360
00:20:18,086 --> 00:20:22,156
now this is heavy, hang with me -- as a trunk.
361
00:20:23,186 --> 00:20:25,976
So remember, what does a trunk do?
362
00:20:26,216 --> 00:20:27,436
Carry all VLAN.
363
00:20:27,436 --> 00:20:32,436
So let's say accounting is VLAN 10,
voice is VLAN 20, and these servers,
364
00:20:32,436 --> 00:20:34,276
whatever they are, is VLAN 50, right?
365
00:20:34,276 --> 00:20:39,986
So this switch can actually send all the
VLAN traffic, so the accounting department,
366
00:20:39,986 --> 00:20:43,826
the voice phones, and everything like
that, even though they're separated.
367
00:20:43,826 --> 00:20:47,326
Like accounting can't actually get to the phones
and the servers can't actually get there --
368
00:20:47,326 --> 00:20:52,916
I can actually send all of those
packets tagged to the server and just
369
00:20:52,916 --> 00:20:56,686
about every virtualization solution,
VMware, Hyper-V, all that kind of stuff,
370
00:20:56,686 --> 00:21:02,626
they can all say, I'm going to look at that
VLAN header and then I can assign, you know,
371
00:21:02,626 --> 00:21:08,076
like I can assign this server within
this box to VLAN -- what did I say -- 20.
372
00:21:08,556 --> 00:21:13,646
So now, as packets come in tagged with VLAN 20,
it'll say, oh, you're able to reach that server.
373
00:21:14,196 --> 00:21:16,136
Did I say accounting?
374
00:21:16,136 --> 00:21:16,676
I meant voice.
375
00:21:16,676 --> 00:21:19,426
As voice packets come in tagged with
VLAN 20, they can reach the voice server.
376
00:21:19,636 --> 00:21:23,156
As accounting packets come in,
and they're tagged VLAN 10,
377
00:21:23,936 --> 00:21:25,096
they can reach the accounting server.
378
00:21:25,096 --> 00:21:29,166
Because within this server, I assign
that server -- that sounds funny --
379
00:21:29,356 --> 00:21:33,856
within this physical server, I assign
this logical server to VLAN 10.
380
00:21:33,856 --> 00:21:36,516
And so I can separate, even within one box,
381
00:21:36,586 --> 00:21:39,216
all the different servers,
making it totally efficient.
382
00:21:39,266 --> 00:21:41,816
That's great to be able to do that.
383
00:21:42,176 --> 00:21:42,896
Last example.
384
00:21:43,776 --> 00:21:46,686
Up here I've got Unified Network and Wi-Fi.
385
00:21:46,966 --> 00:21:51,026
So what I can do is, let's say, you
know, I've got common departments.
386
00:21:51,026 --> 00:21:55,746
Like I've got this accounting group, but just
because of how our company grew, you know,
387
00:21:55,746 --> 00:22:00,006
we kind of filled up this little 2000
square foot building to start off with
388
00:22:00,006 --> 00:22:02,326
and we immediately bought
the building next to it,
389
00:22:02,326 --> 00:22:05,826
which was 6000 square feet,
you know, to allow for growth.
390
00:22:05,826 --> 00:22:09,346
And then we outgrew that one really
quick and had to buy another, you know,
391
00:22:09,346 --> 00:22:12,256
the next little 3000 square
foot building next to it.
392
00:22:12,256 --> 00:22:16,876
And so just kind of how our building grew,
we've got accounting people sitting right here
393
00:22:16,876 --> 00:22:18,986
and we ran out of chairs so
some had to sit over here.
394
00:22:19,186 --> 00:22:24,776
Well, using VLANs, we can have a unified network
to where even though I've got accounting people
395
00:22:24,776 --> 00:22:30,006
in this building, I can have these guys,
accounting people, that are on the same network
396
00:22:30,056 --> 00:22:32,086
and have the same permissions applied to them.
397
00:22:32,086 --> 00:22:36,886
Because I can send that VLAN across all of
these links, which would be my trunk links.
398
00:22:36,886 --> 00:22:38,966
Wi-Fi. So handy.
399
00:22:38,966 --> 00:22:42,826
Wi-Fi is becoming like an
everywhere kind of thing.
400
00:22:42,826 --> 00:22:44,376
Everybody is on the wireless network.
401
00:22:44,606 --> 00:22:46,216
You might have an iPad.
402
00:22:46,586 --> 00:22:52,836
Let's say you've got an iPad that you're
walking around with, watching a YouTube video,
403
00:22:53,076 --> 00:22:56,786
and in here you actually
have a wireless access point,
404
00:22:56,786 --> 00:22:59,476
and over in this building you have a
wireless access point and all that.
405
00:22:59,606 --> 00:23:03,766
Well, we want people, you know, as this
iPad, as I'm walking, watching this video
406
00:23:03,766 --> 00:23:08,176
as I'm walking -- or even more
relevant, they have wireless IP phones.
407
00:23:08,336 --> 00:23:12,076
You know, to where maybe I'm talking
on a phone call connected to Wi-Fi,
408
00:23:12,296 --> 00:23:14,156
roaming between these different buildings.
409
00:23:14,326 --> 00:23:17,446
Well, if I don't use VLANs,
then every building that I come
410
00:23:17,446 --> 00:23:19,706
to might end up being a different network.
411
00:23:20,046 --> 00:23:24,776
And if that happens, my call is
severed if I'm talking on the phone.
412
00:23:24,926 --> 00:23:30,236
My YouTube video, or whatever I'm watching,
stops on the iPad, because it loses connection
413
00:23:30,436 --> 00:23:32,266
as it moves from one building to another.
414
00:23:32,546 --> 00:23:39,266
But with VLANs, I can send that same VLAN across
all the buildings and allow it be segmented
415
00:23:39,396 --> 00:23:45,616
so it's efficient, and yet at the same time,
stay unified to where Wi-Fi stays the same
416
00:23:45,616 --> 00:23:51,566
as I move and I don't lose connections
as I move from one building to the next.
417
00:23:52,196 --> 00:23:56,216
Think of those VLAN uses
as the tip of the iceberg.
418
00:23:56,546 --> 00:24:00,026
I can't tell you how many times I'm
in a conversation with somebody,
419
00:24:00,026 --> 00:24:05,956
whether it's at a data center or, you know, at a
corporate network or wherever and they're like,
420
00:24:05,956 --> 00:24:08,646
man, we've just got to figure
out how to do this.
421
00:24:08,646 --> 00:24:12,756
And I can't tell you the number of times where
I've looked at them like, oh, totally possible.
422
00:24:13,096 --> 00:24:14,036
We've got to use the VLANs.
423
00:24:14,036 --> 00:24:15,386
Just use our VLANs in the right way.
424
00:24:15,576 --> 00:24:17,496
We can separate that business from that one.
425
00:24:17,496 --> 00:24:20,116
We can make sure that their
traffic doesn't mix with theirs.
426
00:24:20,116 --> 00:24:25,516
I mean, just the uses of VLANs
are literally, I mean, endless.
427
00:24:26,106 --> 00:24:31,326
There are situations that even I -- after
dealing with VLANs for a decade and beyond --
428
00:24:31,526 --> 00:24:35,926
haven't run into yet that I know,
I'm like, a VLAN would solve that.
429
00:24:36,046 --> 00:24:39,956
So VLANs give you such flexibility
and capability wherever you are.
430
00:24:39,956 --> 00:24:40,876
So let's review.
431
00:24:41,376 --> 00:24:44,476
We have seen in here the
view of a normal switch.
432
00:24:44,476 --> 00:24:45,916
You know, what it looks like without VLANs.
433
00:24:45,916 --> 00:24:47,176
Everything's kind of flat.
434
00:24:47,176 --> 00:24:48,396
Everybody can talk to everything.
435
00:24:48,396 --> 00:24:49,136
No security.
436
00:24:49,516 --> 00:24:51,756
Then we added in the VLANs and the trunks.
437
00:24:51,936 --> 00:24:53,876
VLANs being your way of separating it.
438
00:24:53,876 --> 00:24:56,796
Did I ever tell you what a VLAN stands for?
439
00:24:56,876 --> 00:24:57,626
How did I get here?
440
00:24:58,066 --> 00:24:59,206
Virtual LAN.
441
00:24:59,206 --> 00:25:02,836
It's Virtual Local Area Network,
because it's virtually
442
00:25:02,836 --> 00:25:05,576
as if I'm creating a new network altogether.
443
00:25:05,576 --> 00:25:10,596
So VLANs separating our networks into
different groups and then a trunk,
444
00:25:10,596 --> 00:25:17,046
which allows you to carry all of those tags,
all of those identifiers between your switches,
445
00:25:17,046 --> 00:25:19,266
so we can have a unified network
446
00:25:19,266 --> 00:25:23,936
to where everything supports the same
VLANs within our campus, all right?
447
00:25:23,936 --> 00:25:25,936
Within our infrastructure.
448
00:25:26,356 --> 00:25:29,386
And then we saw some examples
of what VLANs make possible.
449
00:25:29,386 --> 00:25:32,166
So from here, we're going to
start picking up on the config.
450
00:25:32,166 --> 00:25:35,766
For now, I hope this has been informative for
you, and I'd like to thank you for viewing.
42896
Can't find what you're looking for?
Get subtitles in any language from opensubtitles.com, and translate them here.