Thanks for the feedback, glad the video helped

Good to know the video was useful and thanks for the sub

Thanks very much for sharing this as it could certainly help other folks with a problem for that type of switch or similar I must admit, vendors don't make it easy to configure switches

I really appreciate your feedback. And I'm glad to hear you found the video useful

Thanks for the feedback and glad to hear the video was helpful

Thank you for the feedback. I really appreciate it

I prefer to keep things simple so I don't bother with features like mac based, protocol based, etc. These are a dynamic ways to put certain types of traffic into different VLANs and I think they just overcomplicate things As for port configurations... Most end devices like PCs and laptops should be connected to a port which is untagged. They don't need access to more than one VLAN so the switch port will be configured to put that traffic into a VLAN of choice Devices like other switches, hypervisors and firewalls will need access to multiple VLANs and so their port will need to be a tagged port I am curious about the router though because if it doesn't support some form of firewalling there isn't much gain in using VLANs, assuming it will be the default gateway for the VLANs Without rules to restrict traffic between VLANs, any computer can talk to any other, which is the same as everything being in the same VLAN Some routers do have firewall capabilities, but a dedicated firewall is better suite to the task

@@TechTutorialsDavidMcKone Thanks David. I'm running a Fujitsu S920 low power pc with pfsense installed on it as my router. It has a four port Intel NIC installed in its single PCIe slot. Currently I'm just using two ports - WAN and LAN, but was thinking about doing a LAGG on the remaining ports to my switch and using this as the parent interface for the VLANs. The tricky thing is experimenting and learning from mistakes without getting an earful from my wife and kids when the internet goes down!

As I'm sure you know perfectly well, but for others reading this, pfsense is the router, the firewall and the DHCP server for each VLAN.

@@julian.morgan Understood; IT is so much easier without users

Thanks for the feedback, much appreciated And yes, experience is the best way to learn

Thanks for the feedback and glad to hear you found this video useful

It depends on what's supported Most Wi-Fi routers and access points sold to retail or provided by ISPs don't support VLANs There are access points sold by Ubiquiti and TP-Link for instance that do, but they are higher priced They do VLAN tagging so you can associate an SSID with a VLAN tag but the switch port they're plugged into has to support VLAN tagging as well, so it needs to be a managed switch If you have a spare router or access point you could connect it to a switch port and assign that to a VLAN It's not as good, but at least it puts those Wi-Fi devices into a specific VLAN

Thank you for responding, it is much appreciated!

Good to know the video was helfpul

I separate devices out depending on their need so it depends on what you do with yours If a device only needs access to the Internet for instance it goes into a guest vlan which only has access to the Internet via a firewall A PC though typically needs access to internal things like a printer, nas and so on so I'd have a vlan that allows that internal access plus access to the Internet

@@TechTutorialsDavidMcKone thank you for taking the time to answer.. Gave me a better prespertive

Thanks for the feedback, I really do appreciate it Good to hear you found that part useful as I wanted to let folks know more about VLANs before configuring them

Of the Access Points I've used that support VLANs, end devices don't know about VLANs When you configure an SSID, you associate it with a specific VLAN So the SSID determines which VLAN the device will be in I don't know of any retail APs that support multiple VLANs within a single SSID

@ Thank you for answering!

Glad to hear the video helped

Because vendors are selling us devices which connect to the Internet and security isn't being given the high priority it should be This poses a risk because if one of your devices gets hacked through a vendor's cloud portal for instance, then that person could reach your device over the Internet and might be able to use it to try and hack other devices in your home network Even with a firewall between you and the Internet, the problem is that the device will have started a connection to a server on the Internet from behind your firewall and thereafter can be instructed by that server on the Internet As an aside, this how botnets work and why scammers want you to install software on your computer. They can't initiate a connection to your computer from the Internet and need your computer to connect out to a computer on the Internet which can then control it Now by using a managed switch and configuring it to place devices into different VLANs you can reduce the impact if something like this ever happened E.g. if your NAS is in a trusted VLAN, but a smart home device gets hacked. With that smart device in another VLAN, a firewall will be set up to block access between your VLANs and so the hacked device can't be used to hack into your NAS Similarly it would stop someone using a smart home device to try and hack into the computer you use to connect to your bank account and so on Now I use smart home devices as an example but anything that connects to a cloud portal could be seen as a risk Customers of a well known NAS vendor for instance were victims of a ransomware attack because the NAS connected to the Internet portal and a hacker took advantage of software vulnerabilities including a built-in account with admin rights Vendors provide these cloud portals for remote access to your home network but the risk as demonstrated here isn't worth it And some will have this as the default settings and most folks will be unaware of the risk Some smart home devices I've been using are connecting to cloud portals just to register and get them up and running because it has to be done in an App But segregation at least helps to reduce the impact if something ever goes wrong

@@TechTutorialsDavidMcKone Wow! I'm glad I've never bought a "smart" device. No Siri, no "hey Google", no fancy light bulbs. Now, when they learn how to hack my 20 year old vacuum cleaner, I might have to give some attention to security 🙄.

Thanks for the feedback. It's appreciated Personally I don't like videos without some detailed explanation as to why things are being done the way they are They will be longer as a result, but they help me to learn about how things work