 So welcome to my lab. Well, this is the physical side of it. We're not going to spend too much time here, but I'll just give you a quick overview of how all this is connected. We have some Zen servers down here. We have the FreeNAS storage via iSCSI. Got a whole video on how we set that up and how you can configure it. So Zen server iSCSI FreeNAS, that's the storage for all of this. PF Sense runs at the heart of our network. And then up here, a couple of dumb switches and one managed to unify switch. Now I know I could use more managed switches than someone always points out, but you could do this and these aren't that expensive. I know this is a basic setup and it works for us. We put high end stuff at the clients, but I don't always need super high end here. So give you a quick idea how it works though in the physical layer here is my computer happens to be on port one. They wired my office first, you know, because my guys liked me. I guess I don't know. I was probably complaining about it. So mine became port one and these are some of the other ones in the office. This is our bottom dumb switch and it's fed by one port of the Unify switch here. So the PF Sense comes into the Unify switch because I need all the VLAN support for my lab. Then we have a dumb switch. Here's one network and a dumb switch. Here's another network. This is fed direct. The dumb network here is fed directly by PF Sense. It's a physically separate network, not even VLAN. So the Unify distributes the VLANs and connects directly to the Zen servers. So the Zen servers are here. Unify switch here, just an eight port switch. I wish they had rack mount. They don't. That's why it's up here. The smallest rack mount they have, I think is their 24. And I really like the Unify product line. Now these couple switches over here, these go to the studio and the studio is where I do my lab testing. And so I have a couple VLANs over here that go to there. And we're going to talk about how the software works in a second. But this is that physical layer part just so you kind of see how it's connected. Now let me take you into the studio to show how that works in a little bit detail. It's because we're going to show the lab environment and I want you to understand how it all connects. So I'm here in the studio and this is one of the projects that I'm getting ready to do another video on. It's another mini server I built that's for virtualization. But what I do to simulate my lab environment and because this is actually going to be an install for my house, I needed to have a couple of network cards set up in it and I needed one to be external and one to be internal to the network. So we have two network cables here. And that's all I really need for the lab so we can test things here in it while in the studio. There's two ports down below, two standard, you know, RJ45 Logix. One's labeled studio top, one's labeled studio bottom. So I know which cable's plugged into the top, one's plugged into the bottom and they map to the unify. Now what we're going to show you here is once you get into the software is how I just switch those ports around and create the different network environments I do so I can create segmented networks because another new test I have to do, I've done this and they've updated the software so I got a new test. I can just take these two ports and like take this edge router for example and because I want to test it routed, which there was some contested debate of whether or not it was actually routing, trust me I know how to route and I was routing for sure, what we do is put one on one side of the network, one on the other and because my computer is also plugged in to that unify switch, I can move my computer via the VLANs to the different segmented networks so I can put myself on the LAN side or the LAN side and I'm kind of lazy sometimes I guess, I don't want to get up and physically move cables around. So I plug things here in the studio, I plug in which cables which, I make a mental note of which where I plugged into and then I assign the VLANs to create the segmented networks and I can place my computer for speed testing for example on each side of the network really easily and that's what we're going to cover is actually how I do this on the software level. So now you kind of get an idea of physically how it is, a couple wires here, a couple things here so when you see me do the switch reviews and everything else, it's a really simple setup I like the products to be here in the studio because it's easy for me with all we've actually designed this with a whole lot of lights in here so this is not even any added lights and it makes everything easy to see and then I just have to plug in two network cables and boom I have a network or sometimes I've laid a switch here because I got just too many devices we want to simulate or like the ones I mounted in a rack because we can we have some of that stuff kind of laying around so we're setting it up for clients all the time. Alright so let's jump into the software part now and put this away before I lose something. We've covered all the physical layers of the network this is the behind the scenes on how those physical layers are tied together with the software so I put this little map together for you guys and it's showing the different networks that we have on there so our internet's fed in from Comcast and I have it Comcast at Craftastic because it's a love hate relationship we have with them but they're the provider we have here so we have the .2 network which isn't really for the lab this is where we keep some of our production machines we put them on the .2 network so I drew it because it's there and it's the other unmanned switch so PF Sense feeds that switch directly because it's just there for our servers with certain rules that keep everyone except for exclusionaries who we want on there it's just a separate network but it is part of what I showed you so it's in here it's not really part of the lab though that's where the production stuff goes is on the .2 network. Now the .3 network is kind of our customer network and where the VLANs come and it's I call it customer network is where you know we plug in general computers that we may bring into the store but it's also where we do a lot of our testing because it's easy to plug things in when I want to plug and test the switch and whatnot but then it has a few VLANs on there and we're gonna get into after I run over this software part we're getting to the what I refer to as the practical part of how actually this is set up so this is the overview here it starts out with this coming out of the PF Sense so the orange represents the physical connection out of the PF Sense one single network cable that carries the .3 network and VLANs over to the Unify 8 port switch. Part of the reason we do this is because we have computers coming in that we're working on and you know just general as I refer to as retail computer work it provides an easy network for testing when we want to load something up it's easy to do some basic testing what we want to do a lot of testing we want to connect a lot of devices to it so we actually see how it performs not with a single device but with multiple devices that's why we keep that network like that but I also need to do routing and do some of the speed tests for different routers and firewalls and VPNs so we have to have some routing going on in there and it becomes very easy with VLANs when it comes into the Unify 8 port switch it has these two VLANs this VLAN is defined in PF Sense this one is not defined in PF Sense and I'll show you why in just a second PF Sense provides networking for the 192.168 network and it provides networking for what I've referred to as VLAN 69 to 172.1669 and then VLAN 10 is just defined in the Unify so we can create virtual installs of firewalls to do further testing now when it comes out of the PF Sense this orange represents it going into the Unify 8 port and each port that comes out of there also can be tagged with the VLANs so the VLANs are tagged and come out of here and we'll show you how that works inside of the Unify software so the VLANs come out of there and go into the backup server that's generally not on it's just a spare then our main server but once it hits the dumb switches it changes the purple and the reason for that is once you pass a VLAN through a unmanaged switch or dumb switches I just referred to them you lose the VLAN so it just becomes a .3 network so everything in this part here is what you physically see in Iraq and then this just distributes throughout the office we have a couple more dumb switches so you have a dumb switch there two more here because there's a bunch of computers in our essentially computer repair area and all the ports go in there and all those computers just fall on this .3 network for the office except for the Unify AP it's plugged directly into the Unify 8 port switch and the reason for that is so I can easily create another access point VLAN so I can create an SSID have its own VLAN and tie it to different networking for different testing purposes if need be but it also keeps the .3 network on there so if I needed to just keep things there easy enough to do now also coming out of the Unify 8 port it goes to my computer it goes to the studio with two different network connections that's why I showed you in the studio the two network connections we have in there each represent a port on the Unify 8 that allows me to create different networks so I can actually use those two ports to do a WAN and a LAN on a device that comes in and I usually use this as the WAN and this as the LAN because that's what creates the definition of it is either a virtual machine or a physical machine I tie it tag it to VLAN 10 and then I can create a series of VLAN 10 networks now let's get into a little bit more how this works on a more virtual side so here is the virtual servers this just represents things running on the Zen server so here's a test lab pf sense a test Linux server we have the LAN of Zen which is a LAN that only exists in the Zen server does not go outside the network this box here essentially represents the Unify 8 port switch so you have the virtual servers if I create a network and tie it to the LAN of Zen this will pick up an IP address from the PF sense I can create like a virtual network inside of there or if I use the WAN side on the PF sense as VLAN 69 and the LAN side as VLAN 10 VLAN 10 is defined in a switch it can go outside of here and distribute two other networks so I can actually build a test PF sense box virtually tag it the LAN side to VLAN 10 and it can go out to the studio or my computer and I can switch my computer to that IP address and route through whatever I design inside of my lab this is kind of essential for doing the lab because if I want to do a speed test I want to know how it looks when it's surfing the net and I can surf the net through this system and if I create more virtual servers inside of Zen I just tag them all onto VLAN 10 and that also that means they pick up an IP address from this because that's what it was tagged to and this is being fed from the outside it's feeding this is our actual PF sense box and it feeds the VLAN 69 and the reason once again that I do not have VLAN 10 inside of PF senses I don't want PF sense our physical server to have any influence over the routing of it because I want to create its own gateways arps everything contained in VLAN 10 so it's its own separate network that way everything is self-contained and a test doesn't get so to speak contaminated I don't want multiple gateways in there and anything like that so nothing is defined on this until we define it over here or in other cases we have defined it with the studio by plugging it into the LAN side of the studio and once you define this in the Unify switch that that port is VLAN 10 it doesn't matter I can test even an old unmanaged really old Linksys router and because I'm doing it at the port level it thinks it's plugged into a port that is part of a different network so let's get into how this actually works this is where it gets a little bit interesting so here's the VLAN on the PF sense referred to as VLAN 69 I'm going to do a separate tutorial to get more in detail of how you set this up so few people have asked but it's it's really easy but I guess I should probably do a demonstration so you pick the parent interface pick the VLAN tag like this there's the interface of LAN VLAN tag 69 I called it VLAN 69 and we go to interfaces VLAN 69 static set the IP address of it then that's it it now adds that to there now like I said there's two VLANs to find there's VLAN 69 and then there's VLAN 10 so here's VLAN 10 and VLAN 69 when you create these inside of the Unify software it's pretty straightforward you go here and you just create the VLAN give it an ID give it a name so you give it an ID as in a VLAN tag the number and then you give it a name like some do a separate tutorial maybe more in depth of how that works but this also will show you how that works so you have VLAN 10 VLAN 69 and VLAN 69 connects to the PF sense this one just exists so we can tag traffic to that VLAN and let me show you how the routing works on that or at least how we push it through the ports so this and I'm gonna start at devices to show you where I got this the port switch and rack I just do this and undock it because I think it's easier and it's kind of cool the way the Unify software makes it float and we're gonna look at the ports so right now and here's the different ones this is tagged to VLAN 69 but it's not plugged in there's the studio conference room bottom port studio conference room top port not real creatively named but I like them easily named now here is the Xenifer which has all profiles and we get to these profiles here in second the backup sensor all profiles Tom's computer all profiles uplink to 24 port studio conference VLAN 69 LTS highway all now this is the uplink that was talking about to the dumb switch I only have the LAN traffic has in the 192 1683 traffic it's restricted to that but if we want to move my computer to another network that's where this is kind of cool so here's our uplink which gets all all all and I say okay right now I want to put my computer on another network so we're gonna go over here and you can see my computer is on 192 1683.9 so that's my IP address on this network so real quick we're gonna switch it so we go over here to Tom's computer I know it's gonna break a couple things but no big deal we're gonna put me on VLAN 69 we're gonna hit apply and we see a provisioning and actually lose connection for a second here because it's actually changing my computer's connection on the network all right changes complete and now my computer has 172 1669 is still set to DHCP and I'm on a separate network and I have to reload this page real quick it's gonna fail because it came from a different IP address so all they do is refresh the page and you can see that my computer is now on VLAN 69 so that's how we change ports back and forth to move the different objects here well different ports over to like the studio and that so I can create these virtual networks and put my computer on there because this is where I sit and do the videos and testing like I am now so I'm actually gonna put my computer back on the LAN and I actually set it to all that way if there's anything I want to jump around on my computer or even tie virtual machine to for other things I can easily do that by having everything right here and I want all the VLAN ports coming to my computer so it's gonna take a second to change again it's gonna provision it and then I'm back on the dot three network you know and here I am only takes a few seconds and I'm back on the 192 168 dot three network so that's how I move things around in my virtual lab with one basic eight port switch and the page is stuck because of my p address changing I just refresh and it's connected and you can see everything's back to the way it was now let's dive into how this works inside of Zen Center which is my preferred virtual lab software Zen Center free it's open source it's a great thing I've got an entire detailed tutorial on how to set it all up and we're gonna go objects by tag but I got to reconnect changing it made it not connect there we go here is a PF sense lab machine and this is where we use the dot 10 network for so we're gonna go over here to networking and show you what it's connected to the land the WAN side is connected dot three network to get internet the other side is connected to VLAN 10 so we get to define the networking on there so we look at the council we can see that the first network card is getting DHCP 192 168 3 the other one is 192 168 40 dot 1 slash 24 so it's at the 40 network and I'll bring that over here's what it looks like logged in you can see the same IP addresses here I'm logged into it because I have a firewall rule that lets me access it externally as you can see here I'm accessing it from the external address so this was how I build these servers virtually inside of here and now we're gonna show how we network something behind this to kind of give you an idea of how it works so I'm gonna move this out of the way that was just saying that my tech turned down server was off we have a backup send server it's not on right now so here we have a WM machine on VLAN 10 it got its IP address 192 dot 168 dot 40 dot 50 and if we go over back to the PF sense box we go to the services DHCP server we can see I actually had it assigned a static but right there it is it's assigned the address and I can see it from there we can ping it from the PF sense it's on the PF sense network now from my computer because we don't have a route to that I'm on the dot 3 network I cannot ping that doesn't go anywhere so you can see they're separated networks but they're physically plugged into the same switch this is what the VLANs do is create these separation so I can do all of this network testing in a virtualized environment I can do it without getting up out of my seat to which is actually kind of fun and let's show you how quickly we can change an IP address for this so all we have to do if we want is go here and hit the pull down there's VLAN 10 if I wanted this to be on VLAN 69 I just hit it but let's do something a little bit different here first because this is a question it seems to come up of yeah you can do that but you're doing an accurate speed test fair enough I like the challenge here so we're gonna run I perf 3-S for server now remember I can't ping this so it's definitely behind the firewall it is a separate network I am on the 192.168.3.9 actual pull that up real quick so here's my computer 192.168.3.9 clear I perf 3-S for server and it's listening right now we're gonna I have to move it out of the way I can't do it all at the same time but I'll pull it over real quick so you can see and this I was already doing some testing to confirm this but we'll go I perf 3 now here's my IP address and show you just to double make sure you understand this is on the dot 40 network which means it's routing through this PF since lab box right here which is producing dot 40 so we created VLAN 10 VLAN 10 has the LAN side of this inside of the PF sense then it goes in this virtual LAN over here to this box and now we're going to connect to my box and do a speed test to see just how fast it is connected this way client 192.168.3.9 let's see what kind of speed we get and you can see it right here so it's done about 935 megabits a second same thing here this is the other side this is my side of the receiving side because I'm running it on my computer so you can see it's all working we transferred that much data across and I'm gonna run the tests one more time and you can see it here here's the data peeking out inside of this PF sense that is running on 98 so that was our speed test and now we're gonna talk about the results so 933 we're seeing pretty consistent that's routed through this let's put this on a different network so networking properties the creatively named dot 3 network hit okay all right it switch networks I'm on the dot 3 network it actually has an IP address of 192.168.3.133 just up arrow twice to do the same test again let's see if we get a different speed result so we had 933.936 the sender receiver for transferred through the routed network through the virtual system now this is going IP direct we're going right out of the IP here and over to my system and we see roughly the same results actually it seems to be slightly slower that could be also because I'm transferring data back and forth on my system so that's a really slight less than a percent variance doing it routed versus not routed so we're on the test again to see if we get a different result but you're seeing here that it operates at full speed even though it's in the VLAN which is really convenient for some of the virtual labs when you want to do these testing and make sure everything works now I will point out something about PF sense when you run it in Zen server I've found out that if because it doesn't support some features if you're in the networking part you have to take hardware checksum offloading and disable hardware checksum offline what that does is allow some of the hardware checksums to go and be offloaded to the interface card now you have to disable this with some of the other Intel network non-intel network cards or ones that are dubious compatibility with PF sense or more specifically compatibility with FreeBSD I generally recommend if you're going to build a PF sense box for production by the Intel cards they're not that expensive to get and they work great with here without any hiccups or trouble or mystery problems but if you want to run it virtually it runs fast it runs at full gigabit speed you just have to disable this because the Zen server will handle it for you you don't have to worry about this hardware checksum offloading but if you don't have it checked I found some much lower speed results on there so that could be where some people had some problems with how that works so that kind of gives you an idea how the virtual lab works and we'll go back over here networking and we'll change it again just to show you that the VLANs from externally can be pulled right in here as well so we're gonna go properties and we're gonna go VLAN 69 oops hit okay council and now we've flipped it over to this network it's really simple once you have these labs set up and I've got an entire tutorial how to put Zen server together how all of this works and this gives you lots of flexibility so I can sit here from my desk move machines around and as you can see this is like from another video I did I had a couple VPN server and clients to set up in Debbie and it made it very easy because I just pop them each on their own networks and away you went you can do it right from here and I can troubleshoot and solve problems and there's not really speed test because some people say oh no you can't do it that fast if you do it this way it works fine it's full gigabit speed even if it's on here now the last piece we'll show is we'll mess around here with the PF Sense Labs I mentioned the LAN of Zen and what that is here is being able to swap this out for a different network that only exists inside of here so it never even leaves a switch so the way you do that is we're gonna go into council now one thing about PF Sense I imagine I could load the Zen tools but because I didn't it won't let me change a network on the fly I actually got to stop halt and restart the system so we're gonna halt it real quick oops now it's halted we go to properties and I call it LAN of Zen because it's only exclusively on the Zen server and this is kind of a neat feature of Zen servers you can create networks to find that are only within it and you don't need to create bands I can create me these I want to have a whole tutorial on how to do networking inside of Zen centers we're gonna go here Tom's LAN of Zen hit okay they're gonna go back up and start this virtual machine again I'll wait to get started up so I left the WAN the same as on the dot three network but now this is pushed to the LAN of Zen which is the exclusive network for this machine now this has Zen server tools installed so I can go here to networking and not have to reboot and just plug in a different network so we're gonna go LAN of Zen hit okay so take a second to push it council and it's still getting the dot 40 address works the same now this works in Windows as well I have a Windows 10 machine and I see another one I'm sure one of my staff his name we're gonna wreck it this is how we do the same testing inside of here for Windows or that and we right now actually have this running we have a couple videos I want to do with server to 2016 so we just have an eval because it's a demo machine that'll be destroyed when it's done and this is where having a lab is really handy for this because if I wanted to fork this and like he forked this one here if I want to fork it we can just say copy VM we're gonna go within pool and we leave it at fast clone so we kill copies of some Windows 10 thing we're going to do finish and now I have yet another virtual machine and because I copied it I hate all the parameters from this one stay the same and when I'm done I can just destroy it and hit delete VM delete and away you go the same thing goes for when I want to clone these I can I will shut this down I prefer to do it shut down but you don't have to there's ways it works both ways but generally shutting them down so I know there's nothing in some data in flight state and if I want to copy the VM just call it let it call it copy and now I have another Debian box that I can quickly deploy I generally leave this one here so I can do it now the other thing we have is how the snapshots work and this is also how we do the demos with my freeNAS test server I keep a snapshot of it so whatever I'm doing in it this is my fresh load part versus now and this lets me revert quickly back to it they have this kind of cool tree view that forks out so you can create different snapshots from different times it's neat and I've demoed that in my more in depth one I like it like this I have a more in depth video on as I said on Citrix then server which I'll leave in the comments in the description below so we can you can watch that video so we give you the whole picture on how that works but it's really simple this lets me revert back to this so when I do my testing I build it all out do the video maybe I keep it for a little while maybe I don't but instead of having to reload freeNAS each time I want to do a test I just do it that way now running freeNAS virtualize because people ask this can I yes it works fine but you're not getting advantage of ZFS to its full power because ZSF works best when it works directly on top of the hardware layer so it's interacting with the drive so yes you can virtualize it yes virtualizing PF sense on the other hand works fine matter of fact it's kind of nice because I have the same things here I can create easy snapshots to do my demonstrations like this is the PF sense lab Basin before VPN setup I this was the one I recently used for my VPN demos so after I do it one demo I just hit revert back to that and roll it back do another demo when I had to create these you can actually clone from this so you can actually take a snapshot or take here new VM so you know right now I have a VM running that is with all that stuff set up in a VPN I know is still loaded on there and some of the configuration if I go you know what I want another PF sense box you can still do it from here I can actually create a new VM from previous snapshots that also makes sense of a really flexible and you can see how quickly I can build out my lab environment and create these scenarios this is really key to getting a lot my workflow and getting things done is having this server and doing some of the testing but I was on your overview of my virtual lab setup and how it works if there's questions comments or something I need to cover more in depth sometimes those the comments and suggestions I get from you was what makes better videos so I can you know create that you're like oh I didn't understand this part I should do this I am going to do probably one on some of the virtual networking in terms of VLANs and how you work a PF sense but hopefully this was helpful and kind of give a big overview of how our lab and some of the testing works if you like the content here like and subscribe and thank you again for watching