Network Connectivity Devices Part 2
Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Already have an account? Sign In »
Video Transcription
00:04
>> We talked about hubs.
00:04
In the last section,
00:04
>> we had talked about routers
00:04
>> and said routers are going to isolate
00:04
>> our network into broadcast domains.
00:04
They can help subnet my network
00:04
so I have different quality of service segments
00:04
>> and privacy and security segments.
00:04
>> A router really does a lot of good things
00:04
>> for my network but a router is expensive.
00:04
>> I'm not really taking a Linksys or a NETGEAR router.
00:04
I'm talking about grown-up routers
00:04
>> like you'd use in production, a real router.
00:04
>> When we have these
00:04
>> and I have the situation of my folks on the left
00:04
>> and the sales team
00:04
>> and my HR folks in the middle,
00:04
and the VoIP network over on the right,
00:04
I still want to create
00:04
>> the separate segments or subnets,
00:04
>> but I want to do it cheaper.
00:04
That's when I bring back my switch
00:04
>> and I enable a feature called VLANs, virtual LANs.
00:04
>> A virtual LAN is a function of
00:04
the operating system on a switch.
00:04
Not every switch has VLAN capability.
00:04
It's not required for a switch to support VLANs,
00:04
but to tell you the truth,
00:04
>> just about all of them today do.
00:04
>> Typically a switch is a layer to a device.
00:04
We said switches are layered too,
00:04
they use MAC addresses to direct traffic.
00:04
But when you implement a VLAN on the switch,
00:04
you start to script the waters
00:04
>> into meeting a Layer 3 switch,
00:04
>> which is the next layer up.
00:04
With VLANs, you assign certain ports
00:04
>> on the switch to a particular VLAN.
00:04
>> That VLAN all the hosts on that VLAN
00:04
>> will share the same network ID,
00:04
>> so all the hosts connected,
00:04
>> say into ports 2, 3, and 8.
00:04
Whatever ports I want will be part of the sales VLAN.
00:04
The HR VLAN assigned
00:04
>> to whatever ports I'm plugging into
00:04
>> and the same with VoIP.
00:04
>> Broadcast isolation is done through these VLANs.
00:04
The sales VLAN broadcasts stay
00:04
within the ports assigned to the sales VLAN,
00:04
same thing for HR and same thing for VoIP.
00:04
However, if you're trying to create VLANs on
00:04
a Layer 2 switch because a Layer 2 switch does
00:04
not understand IP addresses
00:04
even though these VLANs
00:04
>> can be created and kept separate,
00:04
>> the VLANs cannot communicate.
00:04
The reason for that is that a switch can't say,
00:04
"An IP address at 172.16 goes out these ports,"
00:04
>> because the switch
00:04
>> doesn't understand the IP addresses.
00:04
What happens if you set up a VLAN
00:04
>> with a Layer 2 switch,
00:04
>> is that you have three separate subnets
00:04
because they can't communicate with each other.
00:04
There are some cases
00:04
>> where that might actually be desirable.
00:04
>> You might, for security purposes,
00:04
truly want three totally isolated networks,
00:04
but you probably want your networks
00:04
>> to be able to communicate.
00:04
>> If you want your VLANs to be able
00:04
>> to communicate you need a device
00:04
>> that functions at Layer 3
00:04
>> and understands IP addresses.
00:04
>> We can go back to the router
00:04
>> or we can upgrade our Layer 2 switch
00:04
>> and instead have a Layer 3 switch.
00:04
>> Going back to the OSI model,
00:04
that Layer 3 switch is where IP addressing is used.
00:04
Your Layer 3 switches use IP addresses.
00:04
Wrapping up with our network connectivity devices,
00:04
we talked about hubs,
00:04
>> which sends all data out,
00:04
>> all ports all the time.
00:04
Then we looked at switches that use MAC
00:04
addressing because they are Layer 2 devices.
00:04
They isolate traffic into collision domains,
00:04
that way we can use all
00:04
>> but eliminated collisions on our Ethernet networks.
00:04
>> Then we looked at routers that isolate traffic
00:04
>> and broadcast domains
00:04
>> and they're able to interconnect different networks
00:04
>> based on IP addresses,
00:04
>> but routers are expensive.
00:04
We talked about using VLANs to
00:04
create that same broadcast isolation.
00:04
If we create our VLANs on a Layer 3 switch,
00:04
not only do we get the same isolation,
00:04
but we also get inter-VLAN communication.
Up Next
Similar Content
