VLANs: How to Protect Your Wifi and LAN

20 thoughts on “VLANs: How to Protect Your Wifi and LAN”

• Never heard it explained so well. Nice video

• The first stone or nail for killing Net Neutrality. Now you too can become a sociopath control freak. I know someone like that. He records and watches every movement of his family, as if they are all prison inmates.

• Great video, thanks!

  Ive been dabbling into learning more as networking is not my strong side .. having that said .. i am playing , of course, at home. O e thing is haven’t been able to understand is wifi and vlans using access points (ap). I am not able to grasp the concept. For example i have 2 tplink xe75pro, they are ok with the typical main/guest/iot but I am planning to go further .. so if i ger a router and a switch that are vlan capable i van have the same (iot/guest/main) and add a couple more than what i am needing.. but then all of tjos is done at the router seitch side… how the ap (wifi) cones into pkace.. how they are setup.. can they broadcast more than one “wifi” that can route to a specific vlan?? Is so i haven’t been able to grasp my head around it. Perhaps an idea for a future video 😂

• Clear and comprehensive. Thank you!

• The most technical explanation of VLAN's is the segmentation of broadcast domains. Each MAC address table entry also has a VLAN property constraining local and broadcast traffic within itself. By using segmentation you force traffic to a router, switched virtual interface or firewall where you can define policy for traffic between VLAN's.
  However this is important: a broadcast storm on 1 VLAN WILL bring your entire local network down even if that traffic belongs to another VLAN on the same switched network. Only traffic living on another physical interface on an upstream router or firewall will not be affected since the broadcasts only are on 1 physical interface.
  The reason why switch CPU's spike in a broadcast storm is because they have to continually rewrite the mac table because source MAC addresses keep jumping between ports. And writing to the CAM memory has to be done by the CPU.

• Being the old-fashioned guy that I am, I had a physically separate network for the cameras, with a Windows 10 PC with dual Ethernet ports and a PoE switch. So the networks were physically separate.

  The mini-ITX motherboard I use for that was actually ideal. It has the aforementioned dual Ethernet ports, but also six SATA ports, and wifi. Unfortunately, it has a really cheap and crap solution for the back-up battery, which is causing the CMOS to be empty and it no longer restarting after a power cut.

  Another problem is that it's an Intel motherboard, and Intel like to change their sockets very often so that you need to keep changing Intel CPU and motherboard with Intel chipset if you want to upgrade, and I'm getting a bit tired of this planned obsolescence. However, there are hardly any mini-ITX board with an AMD chip and dual Ethernet ports.

  So… it appears I actually need to go and read the manuals of the switches that I have, to see how to set up VLANs. Thank you for this video, which explains the concept to me, and which I never thought of before.

• Dave had a question, does enterprise grade router or mesh router really help? I went with tplink deco and it will connect fine upto 20 devices afterwards it causes sudden drop in connectivity for no reason and it didn't allow custom dns with adblock and malware blocking which causes all routing to fail after 5 minutes. So wanted to check if ubiquity allows custom 3rd party DNS and pihole servers or even DoH? I do have a device isolation feature to isolate IoT devices but there is no fine grained control.

• "ensure all switch ports are assigned to the correct VLAN…." — we have this cisco switch at one of our offices that just RANDOMLY decides to revert VLAN configs on ports…. it is a nightmare

• This sounds as though a VLAN is a "series of tubes"
  But isn't a big truck.

• 106 devices…. Dude, are your dining room chairs wifi enabled? Did you buy your goldfish their own tablets and laptops? I have 15 devices and I thought that was a lot. Are you providing internet to the neighborhood? 106 devices… Man…. The IOT devices are also insane.
  42 devices? Do the RGB values of each lightbulb have their own connection or what?
  For IOT, I have like, 8 things, and most of them are lights.
  You have to explain this, please!

• Why should I understand them? Why-for I'll be using those soon enough 😉

• Hi @Dave great videos!! I am hooked going over your playlist! Quick question, what tool is the diagram tool being used in 15:40? (I apologize for the noob question, I am not into networking just yet, I am training prior to my studies with your channel!)

• You know what would make a nice shirt? ChatGPT for president. Thanks dave. Are you CNAA?

• Great, info. But in reality setting up VLANs at home requires additional training and administrative burden. The average family would just rely on "plug and play" technology. Usually, breaches on VLANs are usually insider's with access to physical infrastructure.

• I’d tell you a joke about udp, but I’m afraid you may not get it.

• So much repetition in this script

• I was hoping to hear a little commentary about needing to strike the right balance between complexity and usability. It's very easy to over engineer VLANs if you don't truly understand how a network should look. If you're in particular not good at documenting it, you can really create pain for your org.

• I used to set up the built-in guest wifi to provide visitors with wifi access without compromising my home network, but lately I've started using it myself for my own IoT devices. Nowadays, almost everyone has a good LTE/5G data plan anyway.

• my wifi is in dmz through vpn….

• Do you have a sort of graduation party when your kids grow older and are migrated from one vlan to another of fewer restrictions?

Comments are closed.