 Tom here from Lawrence Systems and we're going to talk about VLANs with ZenOrchestra and XCPNG. If you want to learn more about my company, head over to LawrenceSystems.com. If you'd like to hire us for a project, click the hires button at the top. If you want to support the channel in other ways, there's plenty of affiliate links below that do support and help us out. Software-defined network controller and all kinds of advanced features are supported in XCPNG. Matter of fact, there's quite a few in good write-ups here about how they can use VXLAN and GRE and tie it all together to create a software-defined controller that spreads across multiple posts and then ties those VMs together. That's really cool, goes beyond the scope of this and I'm not overly familiar with it because most of the systems that we've set up, we haven't really had to use that. We're just using standard VLANs. It's not too difficult to do. There's some discussion here on the approaches. On my understanding, you can't attach more than seven of them and I really haven't run into any networks that I've needed more than seven, which includes my lab. I don't even have that many in my lab. There's just a handful for the different things I'm working on. If you need less than seven, this way works for you. Well, seven or less, I should say. This way should work for you. We're also going to define it very simply. This way it gives you the building blocks you need to get started and maybe expand further. We're going to start out with just a single host and show how we take off the VLAN traffic. I'm using this little micro-take switch. This is just a picture of the server sitting in the studio right now. Yes, it's just a single connection. Obviously, if you were going to design something more advanced in a separate storage network, etc., you'd use multiple connections. For us and the simplicity of this talk, this comes in and it's all ports. That's important. We do not define or need to define for this particular topic any of this inside the switch to make this happen. We're just going through and saying, give me all traffic. Don't trunk it out into different VLANs. Don't tag or untag it to different ports. Just give me all traffic. Pass it through. No definition. And just to show you what the micro-take switch looks like, here's those two connections at 10 gig, just like you see in the picture there. Here's all the VLANs are defined, which is none. No VLANs defined. And I'm doing it this way just to keep it simple. You could define them. You could then tag and untag ports and maybe later I'll do something more advanced like that. But for now, you don't even need to define these in the switch. Because some of these are defined inside of PF Sense because I want them to route. And what I mean by that is I have my main network and then I have VLAN 6950 and 1337. And the Ponage network is one of the ones we're going to use an example. So the PF Sense is connected and passing all to the first port of the switch. And then the switch is passing all to the XCPNG boxes. It's just important to have this defined that even though the PF Sense technically is going to live like right here and we'll just drag a line to it. All of these are passing all traffic and the switch is passing all traffic. It's just an important little aspect so we're not actually starting and defining anything in here. So here's the XCPNG lab and the XCPI 7 box. This is the one in the studio right now. We're going to start with just this one for simplicity and then we'll show you how the two can talk to each other. Back over here and take a look. So we go here and we go to the pool. When you're defining networks, you define them in the pool. Now even though there's a single host in this pool, not multiple, you always start by defining things in the pool not inside of here. So this is a network control for an individual host and this is the network for the pool. And when you add it to the pool, even if it's one host or 10 hosts, it adds it to all the hosts that are within that pool. So this is always where you want to start defining networks. Now you don't really need to do much with this unless you only are doing it in a lab and have one. You can have host only that are attached to no physical network interface. The thing with the host only interfaces is they can't leave the system, but maybe that's fine for you. And what you can do is you can define things, attach them to host only. So one side, for example, if it was a router, one side is attached to the main network connection and then the other side is host only and you can define things inside of there. That is an option, but it won't work across pools or even if they're in the same pool, it won't work across the machines. That's where you get to the defined software defined networking and GRE tunneling that goes between them. We're going to talk about just VLANs attached to physical interfaces. Now I labeled these three interfaces not in use. So here's main connection, which is ETH2, the only wire you've seen plugged in and alive on that system in that picture. So that's ETH2 and all these are just unplugged right now. So they're there, but we're not using them. So here's the main connection. And main connection is on the dot three network. So the dot three network is what happens when you switch to all. It's kind of like the native network, if you will. So we go here, we look at the VMs. And this is on main connection, which gave it the address of 192.1683.187. So go over here, let's clear it. So right here's the IP address 192.1683.187 because we took all and just passed it over there. Which, by the way, both servers are on the same network. So this one here and this one here. We're only working on the studio demo server to get this started. Let's go back over to pools. We'll look at the networks again. And we'll look at this ponage network of 1337. How do I get this defined network, which has its own separate IP range? It's a separate network that's dedicated to pawning things that's right here. How do we get that over here? Real easy. We're going to create a new network. You select the only network adapter plugged in, ETH2, 10G, 2P. What's the name of it? We'll call it ponage. Leave everything the same. What's the VLAN? 1337. Where things get pwned. All right. Create network. That was it. Pretty pain-free. What we've done now is create this ETH2, which has all traffic coming in and it strips just the 1337 VLAN traffic and passes along to whatever we attach it to. So we go over to VMs. We go over to network, and we don't need to even reboot this. Let's go over here. Ponage. There we go. Little up arrow and 10.1337.103. It pings. It works. It's up and running. It's on a different network. It is no longer on a .3 network matter of fact. One of the rules of this particular ponage network is because we use it for testing. 3.190. You can't ping things or even my computers .9. You can't ping my computer either. Once you put things on this particular network, they're locked down. So it has to obey the traffic. It can't escape out of it because the virtual machine running here, this devian system, it's locked down and we define it to be in there. So let's define another network. So let's go over here. Backdoor to pools. And just so you know, another one we have in here. 51.337. So we can add 50. So add 50. I think that one's actually called IoT. Create network. Oops. Oops. VM, I'm sorry. Go to VM. IoT. And we change it. Now, because I've got these end tools loaded, that's also what it's essentially doing is performing a plug-on plug of the network, which this is set to DHCP. So IP. And it just grabs a new address when it does it. So I will note that I do have the Zen tools loaded on this for this to work this way. If not, you could start and stop VMs that don't have Zen tools in it. But now we got the 192.168.50 network. We had the Ponage 10.137 network. So that's pretty simple. And once again, nothing was defined here in the Mikrotik. We have the link on 10 gig here. No VLANs to find. No need to do anything because we're just passing all the traffic back and forth through, and away we go. So as long as the traffic is going back and forth, we're good. And the network works. That's a really simple way to define it. What if we don't want this to route it? What if we wanted to install, and I've done plenty of videos on this, people ask, how do you do your PF Sense videos inside of a VM? Well, one, I followed the guide and probably have a few videos on it. I'm setting up PF Sense inside of XCPNG and how you want to define it. Next step is, once you have that all defined and you load all the different tools and you make sure that the network interfaces are set properly, now we're loaded onto this other server, XCPNGLab, and we have more networks to find. This is my usual lab server, not the one in my studio. This is a private network, which can't leave. So LAN of Zen is only on this particular XCPNGLab box. However, it's not going to carry over to that box in the studio. But VLAN 10 lab, which, by the way, not defined in my router, is my routing does not need to do anything with it. I want PF Sense to handle the routing. And I wanted to talk across pools, across hosts, and everything. So we just created a VLAN and it's going to take any traffic that comes out of here and tags it as VLAN 10 lab. So we're just defining this. And if you look over here, here is 10.1.10.1. Okay, let's look at the virtual machines. This one's running on that XCPNGLab server. And it's attached to that VLAN 10 lab and has that address of 10.1.109. So this lives here on XCPNGLab. Now let's define it on that other server. And we'll even turn this off because we don't even need it beyond. So we're right back to just the studio server, pools, network, add network, only interface. It was VLAN tag 10. If you weren't paying attention. It's the 10 lab. And we'll just hit create network. All right, go back over to the only VM running on here. And other than me talking with XCPNG or Zen Orchestra on here, like I said, these servers don't have any real relationship to each other. We'll just change it right here. Call it the 10 lab. Over here. I already got an IP address from that PF Sense machine. So it's 108. And the PF Sense was at 10.1.10.1. And of course I can ping it. So this two separate servers, two physically separate pools and everything, as long as they have the same VLAN tag. And that VLAN tag is not defined anywhere else. But the switch is facilitating. As long as you have a good managed switch, it will facilitate copying all the traffic from point A to point B. It's just acting as a switch, whether there's VLAN traffic or not, or what those VLANs are is not real relevant to the switch. And it just passes all the traffic along. It's really, to me, this is the simplest way to do it. It's how we do our lab videos. It's how I can have multiple machines running and have VLANs defined and then have a whole another system in the other room. As long as I have them trunked and all data going across, they'll grab that VLAN and away they go. It allows me to very quickly move servers around and have them talking different ways and, you know, on different, completely different physical boxes just by defining the VLANs like this. I'm not saying there's anything wrong at all and it is really nice to do these more advanced software defined networking controllers. But when you start defining these, you end up with a much more complicated system. It has a few more dependencies that you have to set up. So I may do a video on this because there's definitely, especially if you talk about servers not even in a physical same building or you want a GRE tunnel across, you want to encrypt it. There's some really cool use cases where you'd want to use something more advanced like this or you have a really advanced network with a whole lot of machines. But on the basics of it, if you just wanted to define something and have it move across like that, this way I just talked about very easy to do. Now, the last thing I will mention for anyone wondering is what about if you did define them here? Well, if we did define them here, for example, because we have PF Sense running in a virtual machine and I wanted to make SFP4 be that VLAN 10, I could actually just put VLAN 10 and apply it in anything I plug into SFP4. I'm not going to go ahead and hit apply, but if I did, anything that would get in there would also get that IP address from that PF Sense. And this is a way to bring things from the virtual interfaces that you have defined in XCPNG out to the real world, so to speak. So if I wanted to plug in my laptop or something else into one of these ports, I could. And I will want to demo that maybe another time. I'll dive more deep into that particular topic, but it's only needs to be defined in here if you plan to have the switch handle something about it. But in a case like of this, the Mikrotik switch is just passing any traffic it receives, any VLAN traffic coming in, forward it on to the place it's going to, but you don't have to define anything with it. So hopefully this was helpful. Hopefully it answers the questions, because a lot of people ask me about the VLANs. It's as simple as that for setting them up. And the final thing I will note, and we'll go ahead and connect the servers back together again and show you something about PF Sense. When you're doing PF Sense inside of here, because this inevitably will come up as a question, please note that these aren't defined as VLANs. So they're not X and O dot, dot, dot, dot. And then with the address on there, they're defined as interfaces. So if I wanted another interface added to this particular PF Sense instance, I would add another network interface like this. So I would first define it, tag it with a VLAN, like VLAN 10 LEB or PON-ages, and then that was how it would do the VLAN. But someone will point out there is a way to do it, and there are notes in here of how to do it by going through and defining PF Sense inside of here. And I believe it is in... Oh, not there. That's the link to the PF Sense. There's a link in there, and it talks about going to the command line of how to dive into exactly changing it. So you can create VLANs inside of PF Sense. It's just the way that the virtual interface is supported. It won't do it through the UI of PF Sense. So yes, it is possible, but it's not even the way I do it because, well, it's just easy to do it this way. I add a network interface, I attach it, and I pre-define it inside of here in the pool itself. So you go to the pools, and that's where we define everything. And there's all the networks I have defined that I use for all of my networks for all the demos I do. All right, and thanks. Hopefully this clears some of the issues up. And thank you for making it to the end of the video. If you liked this video, please give it a thumbs up. If you'd like to see more content from the channel, hit the Subscribe button and hit the bell icon if you'd like YouTube to notify you when new videos come out. If you'd like to hire us, head over to laurancesystems.com, fill out our contact page, and let us know what we can help you with and what projects you'd like us to work together on. If you want to carry on the discussion, head over to forums.laurancesystems.com where we can carry on the discussion about this video, other videos, or other tech topics in general, even suggestions for new videos that are accepted right there on our forums, which are free. Also, if you'd like to help the channel in other ways, head over to our affiliate page. We have a lot of great tech offers for you. And once again, thanks for watching, and see you next time.