This is a wonderful video, thank you for putting it together. It's been super helpful. Skipping straight to configuring without knowledge is dangerous. And the tidbits you share along the way (eg. banish untagged packets from the firewall to their own vlan & ditch vlan1 membership from the untagged ports) are wonderful tips.
Thanks for the feedback, it's really appreciated I aim to try and help folks understand what's going and why I'm doing things in a certain way, so it's good to know you found that useful
Thanks for the feedback, I really do appreciate it Good to hear you found that part useful as I wanted to let folks know more about VLANs before configuring them
This was VERY helpful. I configured a VLAN on my router and all was working fine from any LAN port on the router. But I could not access the new VLAN through the switch (tp-link TL-SG108E 1.0). I kept searching through the menus of the switch config software looking for a way to "list VLANs for a port". But I had it backward. This video inspired me to dig in again. The menus are still hard to follow, but the way it is done on this switch, as you said, is to "create" VLANs on the switch and then assign ports to that VLAN. All ports were already assigned to VLAN1 the default, I "created" my new VLAN 50, and also assigned all 8 ports to that VLAN as well. Now the switch forwards (tagged) traffic on any port, for either the default network or the added VLAN. Thanks for pointing me in the right direction. TP-Link docs were not good at explaining this.
Thanks very much for sharing this as it could certainly help other folks with a problem for that type of switch or similar I must admit, vendors don't make it easy to configure switches
VLANs are a very useful security feature for networks, including the home, especially as we add more smart home devices If you are interested in buying any of the managed network switches shown, check out the links below I am an Amazon Associate and will earn commission from qualifying Amazon purchases. However, this is at no extra cost to you :) Netgear GS110TPv3 US amzn.to/3vO0fRX UK amzn.to/3nTRX8A MicroTik CSS326-24G-2S+RM US amzn.to/3nUZ9kT UK amzn.to/3esEi59
@Tech Tutorials - David McKone Wow! I'm glad I've never bought a "smart" device. No Siri, no "hey Google", no fancy light bulbs. Now, when they learn how to hack my 20 year old vacuum cleaner, I might have to give some attention to security 🙄.
Because vendors are selling us devices which connect to the Internet and security isn't being given the high priority it should be This poses a risk because if one of your devices gets hacked through a vendor's cloud portal for instance, then that person could reach your device over the Internet and might be able to use it to try and hack other devices in your home network Even with a firewall between you and the Internet, the problem is that the device will have started a connection to a server on the Internet from behind your firewall and thereafter can be instructed by that server on the Internet As an aside, this how botnets work and why scammers want you to install software on your computer. They can't initiate a connection to your computer from the Internet and need your computer to connect out to a computer on the Internet which can then control it Now by using a managed switch and configuring it to place devices into different VLANs you can reduce the impact if something like this ever happened E.g. if your NAS is in a trusted VLAN, but a smart home device gets hacked. With that smart device in another VLAN, a firewall will be set up to block access between your VLANs and so the hacked device can't be used to hack into your NAS Similarly it would stop someone using a smart home device to try and hack into the computer you use to connect to your bank account and so on Now I use smart home devices as an example but anything that connects to a cloud portal could be seen as a risk Customers of a well known NAS vendor for instance were victims of a ransomware attack because the NAS connected to the Internet portal and a hacker took advantage of software vulnerabilities including a built-in account with admin rights Vendors provide these cloud portals for remote access to your home network but the risk as demonstrated here isn't worth it And some will have this as the default settings and most folks will be unaware of the risk Some smart home devices I've been using are connecting to cloud portals just to register and get them up and running because it has to be done in an App But segregation at least helps to reduce the impact if something ever goes wrong
Thanks for the feedback. It's appreciated Personally I don't like videos without some detailed explanation as to why things are being done the way they are They will be longer as a result, but they help me to learn about how things work
Agree with another comment. 20 minutes in the video and you haven’t configured anything. You literally have not even shown people how to set up the ports for your basic at home network switch vlan. Which will not have a firewall or PFsense etc..you won’t be able to sign IP addresses for each side etc… I think you’re trying to do a beginners video here but you’ve wasted so much time talking about advanced hardware/software beginners won’t have. People running PF sense and able to sign their own IP to each side of there network would not watch this video. You seem very knowledgeable but you’re’ wasting to much time. Cheers!
@Tech Tutorials - David McKone I appreciate the response. You again are very skilled and knowledgeable and what you do. It’s sometimes hard to pass on this kind of information. I couldn’t agree with you more as well regarding the vendors. The different terminology used in the switches. Is where the real issue and confusion comes from. I would also suggest maybe using the example of a ISP to set up the VLAN’s. Instead of a firewall appliance/software that is running the network. Again most people in this beginners bracket. Are going to have a modem/router/gateway from their local ISP plugged into the switch. They believe firewall is nothing but software that blocks porn sites.. :) Nonetheless you’re doing a great job! I appreciate you taking this as constructive criticism, as it’s meant to be. Cheers!
Thanks for the feedback. It is appreciated I am indeed trying to educate people unfamiliar with VLANs, hence why the implementation is later If I'd jumped straight into click this, select that, I don't feel people watching this would really learn anything and those are the types of videos I personally don't like The problem is, it's not practical to cover every type of vendor switch so I felt a broader background on VLANs would help But again, thanks for the perspective. I can see I need to be more mindful of the target audience
I really appreciate your videos. Your explanations are always so good. I'm learning a lot from you. Thank you!
Thank you for the feedback. I really appreciate it
This is a wonderful video, thank you for putting it together. It's been super helpful. Skipping straight to configuring without knowledge is dangerous. And the tidbits you share along the way (eg. banish untagged packets from the firewall to their own vlan & ditch vlan1 membership from the untagged ports) are wonderful tips.
Thanks for the feedback, it's really appreciated
I aim to try and help folks understand what's going and why I'm doing things in a certain way, so it's good to know you found that useful
Finally a video that explains VLAN concepts clearly! On to Pt2!
Thanks for the feedback, I really do appreciate it
Good to hear you found that part useful as I wanted to let folks know more about VLANs before configuring them
Great insights David. I'm honored to be learning from you.
I really appreciate your feedback. And I'm glad to hear you found the video useful
This was VERY helpful. I configured a VLAN on my router and all was working fine from any LAN port on the router. But I could not access the new VLAN through the switch (tp-link TL-SG108E 1.0). I kept searching through the menus of the switch config software looking for a way to "list VLANs for a port". But I had it backward. This video inspired me to dig in again. The menus are still hard to follow, but the way it is done on this switch, as you said, is to "create" VLANs on the switch and then assign ports to that VLAN. All ports were already assigned to VLAN1 the default, I "created" my new VLAN 50, and also assigned all 8 ports to that VLAN as well. Now the switch forwards (tagged) traffic on any port, for either the default network or the added VLAN. Thanks for pointing me in the right direction. TP-Link docs were not good at explaining this.
Thanks very much for sharing this as it could certainly help other folks with a problem for that type of switch or similar
I must admit, vendors don't make it easy to configure switches
Great info and well presented! Thanks
Thanks for the feedback and glad to hear you found this video useful
Sir you are such a good teacher. Thank you for the videos
Thanks for the feedback and glad to hear the video was helpful
VLANs are a very useful security feature for networks, including the home, especially as we add more smart home devices
If you are interested in buying any of the managed network switches shown, check out the links below
I am an Amazon Associate and will earn commission from qualifying Amazon purchases. However, this is at no extra cost to you :)
Netgear GS110TPv3
US amzn.to/3vO0fRX
UK amzn.to/3nTRX8A
MicroTik CSS326-24G-2S+RM
US amzn.to/3nUZ9kT
UK amzn.to/3esEi59
Thank you
Glad to hear the video helped
Why would using an unmanaged switch cause a security issue? I'm the only one using my components, not my next door neighbor. What am I missing?
@Tech Tutorials - David McKone Wow! I'm glad I've never bought a "smart" device. No Siri, no "hey Google", no fancy light bulbs. Now, when they learn how to hack my 20 year old vacuum cleaner, I might have to give some attention to security 🙄.
Because vendors are selling us devices which connect to the Internet and security isn't being given the high priority it should be
This poses a risk because if one of your devices gets hacked through a vendor's cloud portal for instance, then that person could reach your device over the Internet and might be able to use it to try and hack other devices in your home network
Even with a firewall between you and the Internet, the problem is that the device will have started a connection to a server on the Internet from behind your firewall and thereafter can be instructed by that server on the Internet
As an aside, this how botnets work and why scammers want you to install software on your computer. They can't initiate a connection to your computer from the Internet and need your computer to connect out to a computer on the Internet which can then control it
Now by using a managed switch and configuring it to place devices into different VLANs you can reduce the impact if something like this ever happened
E.g. if your NAS is in a trusted VLAN, but a smart home device gets hacked. With that smart device in another VLAN, a firewall will be set up to block access between your VLANs and so the hacked device can't be used to hack into your NAS
Similarly it would stop someone using a smart home device to try and hack into the computer you use to connect to your bank account and so on
Now I use smart home devices as an example but anything that connects to a cloud portal could be seen as a risk
Customers of a well known NAS vendor for instance were victims of a ransomware attack because the NAS connected to the Internet portal and a hacker took advantage of software vulnerabilities including a built-in account with admin rights
Vendors provide these cloud portals for remote access to your home network but the risk as demonstrated here isn't worth it
And some will have this as the default settings and most folks will be unaware of the risk
Some smart home devices I've been using are connecting to cloud portals just to register and get them up and running because it has to be done in an App
But segregation at least helps to reduce the impact if something ever goes wrong
you have talked a lot instead you could have done some configurations
Thanks for the feedback. It's appreciated
Personally I don't like videos without some detailed explanation as to why things are being done the way they are
They will be longer as a result, but they help me to learn about how things work
Agree with another comment. 20 minutes in the video and you haven’t configured anything. You literally have not even shown people how to set up the ports for your basic at home network switch vlan. Which will not have a firewall or PFsense etc..you won’t be able to sign IP addresses for each side etc… I think you’re trying to do a beginners video here but you’ve wasted so much time talking about advanced hardware/software beginners won’t have. People running PF sense and able to sign their own IP to each side of there network would not watch this video. You seem very knowledgeable but you’re’ wasting to much time. Cheers!
@Tech Tutorials - David McKone I appreciate the response. You again are very skilled and knowledgeable and what you do. It’s sometimes hard to pass on this kind of information. I couldn’t agree with you more as well regarding the vendors. The different terminology used in the switches. Is where the real issue and confusion comes from. I would also suggest maybe using the example of a ISP to set up the VLAN’s. Instead of a firewall appliance/software that is running the network. Again most people in this beginners bracket. Are going to have a modem/router/gateway from their local ISP plugged into the switch. They believe firewall is nothing but software that blocks porn sites.. :) Nonetheless you’re doing a great job! I appreciate you taking this as constructive criticism, as it’s meant to be. Cheers!
Thanks for the feedback. It is appreciated
I am indeed trying to educate people unfamiliar with VLANs, hence why the implementation is later
If I'd jumped straight into click this, select that, I don't feel people watching this would really learn anything and those are the types of videos I personally don't like
The problem is, it's not practical to cover every type of vendor switch so I felt a broader background on VLANs would help
But again, thanks for the perspective. I can see I need to be more mindful of the target audience