 Tom here for more systems we're going to dive into making the VLANs work with Unify XCPNG But once you get the concept down you can apply this to other switches And this is a follow-up to the video I just did yesterday and I'll leave a link to that one below for how to build your open source lab with XCPNG So if you want to learn more about me my company head over to Lawrence systems comm if you like to hire short project There's a hires button at the top if you want to support this channel other ways Some affiliate links down below to get you deals and discounts on products and services we talk about on this channel And yes, the shirts are there too. We they're all available through T-Spring We're at least some of the ones that are on there that's ever changing so check that if you are interested some of the shirts You see on the channel. All right, let's dive into the lab walk through the setup. So this is our Brief overview not every exhaustive detail everything on the network. Maybe I'll do a tour later But for now, what's relevant in terms of this video? So we have a physical PF sense running at the head end of our building the native VLAN as in the marked in red here It comes out of the PF sense And starts going in all the different switches that are involved here Now the important part is the setting on any of these switches for each one that plugs into my network The setting is going to be all and we're gonna ignore these right here I mean those do exist on a network and these are the Freenance and the tank ones and I've talked about them in the past But for focusing on this all these red means Everything in every connection between every switch is set to all the important reason I'm bringing that up This is frequently your people get stuck on VLANs is they start messing with the settings between Switches and all switches you need to pass all the traffic past each one if you started messing with or only tagging certain VLANs Well, they're not going to propagate across all the switching network And the way that our system here, this is the lab system I built in that video This system has one physical network connection It is an SFP plus at 10 gig it is connected to our Unify 16 port 10 gig studio switch Which is actually why you probably hear a little bit of ambient noise the fans running on it from using it They are a little bit louder than any other switches, but not much But that's why you may hear a little bit of fan noise in the background plus the servers sitting there running on it this particular server right here Inside of it, and we went through this yesterday in the video We went through how to define all the VLANs so even though there's one physical There's some virtual network cards in there and they are assigned a PF sense You don't define the VLANs not the way I prefer to set this up And it's an easier way to support doing it this way inside a PF sense We're not defining in our virtual PF sense each one of the VLANs We define them inside of the XC PNG lab server We tag the VLANs and then present them as network adapters to PF sense So what am I talking about and what does it actually look like? So right here we have 10 gig native Studio 100 studio 200. How does PF sense see them? XN 0 XN 1 XN 2 so Pulling from my native it actually gets an IP address for my upstream PF sense It gets an IP address of 192 1683 dot 195 So 195 there and then LAN and LAN 2. This is where it's actually handing out addresses and It's pretty simple and I've done this before you just kind of lay things out on a spreadsheet Sometimes helps quite a bit when you want to make sure you don't have a collision of things So here's the native VLAN or VLAN 1 VLAN 690 we're just not using it But I mentioned they exist VLAN 20 in case you see it want to know what it is Then VLAN 100 and 200 now VLAN 100 and 200 is not defined in my PF sense Let me scroll to the top here. I've only got the native VLAN There's a lot of things in here that aren't relevant to the video But we don't define the VLANs in our PF sense the reason why I don't want PF sense handling these at all I want them just to be VLANs that can propagate across the network But we do have to define them to make them propagate properly across the network over in unify So we go over to unify We go over to networks And here's those studio 100 studio 200 VLANs Defined inside of here now. Let's go back and look at the connections inside the system here So if we go back to devices and we look at our lab 10 gig Pop that out. Oops Lab 10 gig here's where it up links to the back end just like we show here It's up linked to this 10 gig studio in Iraq And this is just a cat 6a connection and once again the setting is all all So then it goes to the unified 16 port here, and then we have a 10 gig connection here with an SFP plus So this is where that lab server is plugged in and I still have it named for the old lab server will for Naming because the i7 one is dead. It has been commandeered for another purpose We'll just go ahead and do that But you notice the switch port is all and if you look at this one switch port all That's an important thing when it comes to VLANs is making sure that is set Because we let the system in this case XC PNG slice up the VLANs to be however they want But what about if I want to assign my laptop and we'll look at that real quick here We have this blue network cable which you can see and if like zooming in over there is attached to port 2 of my Studio switch and not plugged in anything right now So what we want to do is go into and we have our pfSense boot it up and we see that it's got 192 168 40 and 40 is assigned to the second network adapter right here x10 zero and a second network adapter is studio 100 So how do we get studio 100 assigned to my laptop? How does my laptop work behind a virtual pfSense for lab testing or really any time we're building out some type of network? Let's actually pretty easy We're gonna go over here and we'll find the studio switch that that's on So pop that out and we'll mouse over and we see we have Tom laptop already named it where my laptop's gonna plugged in and Studio profile VLAN 100 so let's edit it real quick to show you Because we have these defined Right here. I could make it 200 300 or one of the other networks where we made it 100 because that will Bring it all the way back from these switches actually hopping through quite a few things So if we look at it here, it's hopping back through this Through this and all the way back through all of these but every one of these unified switches is connected all all between every single switch Therefore it will bring that all all until it gets to that final port where it splits it out and goes All right, you get video VLAN 200 on there so to show it in action, we'll plug it in and We'll watch the network change and IPA there's my 192 168 40 dot 1 2 3 right there pretty simple So how did it get that? Well back over to pfSense go in the lab go to services TTP server. We'll take a look at it. Hey look pop top 480 and there's the IP address assignment And now my laptop is behind a virtual psense now you got to remember one thing about VLANs You are sharing bandwidth between all the other networks. So even though I do have a one gig connection This is still shared between all the other traffic that does come across there and some of these switches Although I'm connected at 10 gig with the main server Some of these switches only have one gig connections between them and you're trunking everything across So that is a shared medium something to think about VLANs Also anything on the native VLAN when it's passing all this is an important thing to think about from a security standpoint Let's say you want to have all as going across and someone is able to put a sniffer on that all The other encapsulated within there are all those that are VLAN tags So a all tap will be able to see if someone were to intercept all the in-betweens of Network is what VLANs do is they encapsulate it all into a single network stream That's why it's passing that full network stream all the way across in its own virtual land But something to consider from a security standpoint that yes when you do that anyone who also has the all tap Can also pick out all the VLANs because you're passing them along. This is why sometimes when you Are setting up devices you may not want to send all you may want to filter it down Or in this case we filtered all the way down to 200 which I'm sorry Studio VLAN 100 but this is what allows that to work and be able to trunk it down to the one piece And it's just some considerations when you're doing design and of course just to show you real quick None of these VLANs are defined inside of PF sense because there is some incompatibilities between the way XCP and G Presents network adapters to get the VLANs to work properly inside of PF sense But I don't think that is a big deal at all because at any time I want to define more VLANs I just go and define them as network adapters go over here to hosts. I'm sorry pools And you can just define each network adapter with each VLAN that you want to me That's one of the simpler ways to do it from a management standpoint I let the hypervisor or as they refer to a next CPNG Dom zero the hypervisor is going to be Defining all of the VLANs and taking care of all of it and like I said, you can see these are all on each zero Each one of these VLAN defines so it keeps it pretty simple It's pretty easy to manage and you know which ones which and you know keeps your sanity for as far as labeling So pretty straightforward on how to do that and this works, of course even cross labs So we're gonna do is a plug this and we'll show how we can go from this lab to my other lab and exactly the same concept So we're gonna go here. All right. So this is a separate lab server. So we have well lab and production I got a lot of different things running in here. So here's our lab system. Here's a separate system Now where does this live? We go over here. We actually have the VM running on here But once again, we have a network card with all VLANs coming out of it's actually another 10 gig connection. So it's connected to this 10 gig switch This is connected to this 10 gig switch all all back over to here So now we have PF sense running on the lab box in a studio physically behind me and then this is in Iraq in the back and Let's change the network So instead of this and we don't have even the network's name to 100% the same But we do have the VLAN tags the same because I've said has to match Let's set this to studio 100 and these pools have no relationship to each other This one's running a different third Well, they're both running one's running 8.0 still another one's running 8.1 over here So once again kind of doesn't matter there in point is that they're both connected To the same network with all and we're letting XEP and G handle the actual trunking of the network to give it an assignment and if we do IPA Here we are 192 168 40 out 124 if we go to our PF sense go back over services DHCP server Hey, look Debian 630 host is now popped up on there So pretty straightforward how to do that and if I wanted to plug my laptop back in which I did unplug it It would be able to ping it and talk back and forth that I would be on that same network So it only gives you an idea of how all the networks work. It's pretty straightforward once you get used to it but the first time you get Start using VLANs they can be very daunting very confusing But once you start playing around a lab and that's probably the big point of having a lab Well, you're building one at home Or building one in your office because it helps the client testing and we actually use this Equate of it for client testing because we have to build out and match networks before we program equipment and Send it out to clients. We will test it in our lab here and we'll match their network settings with this process We'll grab a group of ports assign it the studio 100 for example And you've seen setups on this channel where we've had all the stuff laid out here frequently We'll just build something in our lab environment that matches their network So we can have all the IP ranges and everything assigned and everything else exactly how their network would be set up So we can go through and configure test box chip and get something going The last little piece I want to cover is because someone's gonna say Tom You're just such a unified fanboy. Will this even work with Mikrotik? Why not? Why not show you Mikrotik real quick here? Because I got one and I need to do some more demos on this It's a bit of my to-do list, but we have a Mikrotik with SFP 10 gig cord right here Let's go plug it in and see what happens All right, we plug the Mikrotik in it is Let's go to the SFPs. We have one connection right here And it's physically plugged into the unified switch. Let's show where it's plugged in over the unified switch We'll go over to here close this Go here pop it out and Right here This is where the unified switch is plugged into the Mikrotik So once again, I'll just wiggle the cable so I'll have to go all the way back there But you can see it physically plugged in and it goes into this port on the Mikrotik switch now What we have here is a 10 gig SFP plus adapter to our J45 plugged into port one so there's the physical port that's plugged into and Let's go ahead and change Mikrotik to the same thing. So we go over here to the VLAN This is the switch OS. So the switch OS is a little bit easier to use with Mikrotik than the other system is it serves their their full OS. I Kind of like it a lot better because it's faster to do things like this So we're gonna take and that's SFP one. So this is where it comes in we leave it VLAN receive any you could say only tagged only untagged you can do the filtering here You can force VLAN IDs. I'm not gonna dive into that. I'm maybe do another video on the switch OS but as far as just taking and Taking one port assigning it a VLAN tag. Yeah, it's pretty easy. We're just gonna go ahead and assign this one VLAN 100 So that's it. It was when you started 200 you just hit apply one thing I will say for Mikrotik is they apply really fast to the web interface. So There's not like a delay or a pause. So bonus for that So we'll go ahead and assign it that and now we are going to plug in a network cable to my computer here And plug this into that port right there And we'll see what IP address I get Well, just exit And once again, I got that 40.123. So let's unplug it You'll see a little thing change at the top here Now I'm plugging it that way my computer releases the IP address and we can change it again. So now we're gonna switch it to 200 apply pretty simple It's not set to 200 my computer's released the IP address We're gonna plug it back in so it gets a new one now the 200 is studio 200 So we have the all coming in on Go back over to the Mikrotik all coming in on SFP4 and we're splitting out only 200 right here. And if you remember over on our lab in the XEP and G lab here council The 200 was assigned to XN2 and it's a 10 dot address. That's right here, which means My computer now has a 10 dot address inside of PF sets So yes, you can mix and match between Brands when you want to bring these over and it's gonna vary of course setups is This is the Mikrotik one and like I said Maybe I'll do a video a little bit on the switch OS because it does work a lot better I think than the full Mikrotik when I'm gonna say better It's easier to understand better would be the wrong words easier for people to Get started because you've seen how quick I was able to just tag a vlan on there I believe there's several more steps But it also could be my lack of knowledge on how the Mikrotik full OS the router OS works I'm just not as familiar with it. Mikrotik's are inexpensive So do make a pretty good device in terms of home labs in terms of cost But they come at the expense of being a little bit more difficult than the unify platform to set up and manage so but hey They got a good price and this is still a killer deal. I have a review of this switch It's a killer deal on a 10 gig switch when they're in stock and available. Alright, hopefully this was helpful I will leave a link in the forums to that layout the map and someone asked me for that template I can leave links all this will be a forum post that'll be in linked in this video. Thanks And thank you for making it to the end of the video if you like this video Please give it a thumbs up if you'd like to see more content from the channel hit the subscribe button and hit the bell Icon if you like YouTube to notify you when new videos come out If you'd like to hire us head over to Lawrence systems calm fill out our contact page and Let us know what we can help you with and what projects you'd like us to work together on If you want to carry on the discussion head over to forums not Lawrence systems calm Or we can carry on the discussion about this video other videos or other tech topics in general even suggestions for new videos They're accepted right there on our forums, which are free Also, if you like to help the channel in other ways head over to our affiliate page We have a lot of great tech offers for you and once again, thanks for watching and see you next time