Even 4 years after you published this it’s still the only tutorial that I have found that calmly & logically goes through the basic process. Many thanks.
I watched this video because it showed how VLANs work on a Netgear switch which is a bit different than other switches. I loved the fact that you utilized different technologies like the SIP phone, PC, and AP. Great job!
I too have watched about 20 videos here on RU-vid discussing VLAN and LAG setup and uses. This is THE FIRST video on VLAN's that I can understand. It is the ONLY one that explains each part and the steps to set them up. Thank you for an extremely informative, clear and concise video all put together without the muddled up doublespeak that usually gets blathered around by so called IT guys. I honestly believe that quite a few of them want to make it look a lot more difficult and deliberately make it confusing for newcomers. Then in some other cases, they are just useless at explaining thing, full stop.
Thank you so much for the positive feedback Richard. It's quite rewarding to hear that I'm able to help others understand and setup something that's supposed to be simple and easy but as you rightly say isn't explained and taught as such. I'm planning one or two more videos where I go through specific implementations of VLANS.
This is the video I have been searching for! I purchased a used NETGEAR managed switch and wanted to get a USG but wasn’t sure if it would work correctly until I found this video! Just ordered my USG since I’ve now seen it done!
This is the first youtube video that actually explained how the T and U actually work. I like the simple explanation of "are the incoming packets tagged". Thank you for taking the time!
I have watched a lot of videos about Netgear VLANs but this one is by far the most thorough, easy to understand and follow. I now understand the concept. Thank you.
I was pulling my hair out trying to figure these T and U tags. I spend ages trying to set my VLANs up with no luck. Your video was like a light bulb moment. Thanks heaps.
4 minutes in and you're already doing a much better job than the other videos I've seen. I am using this switch for a project and I needed to familiarize myself with it. Thanks a million.
This is the best video regarding VLAN setup using Netgear hardware. The one unanswered, or perhaps unanswerable, is how to connect two computers who should be on two separate VLANs with a non-smart switch connected to one port on the smart port. In my home I have one smart switch near the router, and then multiple dumb switches throughout the house to split the internet signal. I was trying to find a was to TAG a NIC in a computer but have been unsuccessful so far. Nor can I tag a unifi access point itself.
Agree with the rest here that this was one of the best videos I've seen explaining the difference between and associated logic behind tagged and untagged ports and associated traffic. I especially liked the explanation of both the untagged and tagged traffic coming through the same port from both the phone and the pc. Can't thank you enough.
This is by far the best video i seen which explains any tag and untag.. You answered so many of my questions. I can't thank you enough. Everyone keep saying use tagged traffic for router but they forget to mention it has to have capability as well to specify vlan id. Here i keep thinking why if I use untagged for my router works but not with tagged lol..
Thank you very much for this, as you said there isn't much people putting their videos up with much explanation and your's is perfect, got a better understanding out of it all with this.
Great job on the explanation. I searched everywhere to understand and this video you made nailed it for me. Thank you very much for taking the time to share this.
Great video; my networking experience is very limited and seeing your practical examples and simple explanation really helped me conceptualize this. I've been putting off hardening my home network for awhile, but I feel pretty confident with this. Thanks for posting!
Best video on VLAN'ing on neartgears so far. Thanks very much for taking the time to produce this. I totally miss interpreted the netgear interface and read it as the opposite on T and U. I thought the neagear did T = Tag traffic coming in, and U = Untag the traffic coming in. In fact as you show, it is how the neargear is expecting to see the traffic presented. U = Netgear expects to see untagged traffic and will then tag it. T = Netgear expects to see tagged traiffc and will keep it tagged. When its neither U or T, netgear will ignore traffic for that VLAN on that port.
Thanks for a great tutorial on setting up the VLANs for a Netgear switch. I just added a Ubiquiti access point and set up my VLANs there and in my Netgate SG-3100, and this was the last bit I needed to integrate my switch into the topology. I appreciate the work you put into the video. Keep up the good work!
Ah this solved my problem. I created a guest VLAN for guest wifi connections in my firewall, and had my ubiquiti AP tag guests for that VLAN, but couldn't get the netgear switch to work. Now I see that I had to set the AP's port on the netgear switch as tagged instead of untagged for that VLAN, because the AP was already doing the tagging (like your VOIP phone was, so that was a helpful example).
Excellent video! Details on VLAN setup made this useful. If you were to add a second NetGear GS724TPS to the USG (or UDM Pro ) would you set the second switch with a static IP address or 192.168.1.253 ?
Unfortunate you did not add some of those plans you mentioned at the end! I’m essentially working with the same setup accept bypassing voip and using a UniFi ac lr. You should consider making them, they’re quite helpful
Hi there, you have a very clear for my entry level to understand, but I do have a question if you can help. I do have netgear ready nas attach to default vlan. When I connect to other vlan and I am unable to connect to my mapping drive. Do you have any advices to share? I can ping to that IP address, but I cannot get the mapping drive to work. Thank you
Cool. That's what I am getting the switch for. I didn't quite figure out what you need the Ubiquiti thing for. I was interested in getting one of those and wire everything up with a managed Ubiquiti switch (because you can manage everything in one controller then). But technically the Netgear switch can already do all that. So my question is? What's the USG for in your setup? the Netgear Switch does all of the heavy lifting already.
Hi! Let me ask how do you treat the gateways ? How can p.ex wifi & PC get out to the internet. Do you have to do something in the switch or is just in the your router ? Best regards
This helped a lot. I have one question is using vlan a good idea for having my internet go into my switch tag it and receive it by my router and then sending it back to the switch untagged. So I just setup my p1 and p2 to be tagged 10 P1 being internet, P2 being wan port of router. Then I removed the markings on the default for port 1 and 2. and my lan port on the router sends back to 3 where the rest of my devices are. The whole idea behind this is to make switching internet easier without manually plugging them in.
I just bought the Netgear GS324TP switch which supports auto-voip. I noticed that you had auto-voip capability also on your switch. Can you help me understand the purpose of it, what it does or doesn't do, and why you didn't use the auto-voip vlan? I don't seem to be able to get the information from Netgear. Thanks in advance.
Great video sir!! Sir why did you stop making videos?? You definitely know what you are talking about!! We need guys like you to help us NOOBS!! Lol. Seriously you should consider making more videos!! Lol. Happy New Years sir!!!👍🎉💯
Thank you! It's been a long time coming but I've got a new VLAN video dropping shortly where I use a Netgear Switch, UniFi Switch & AP and a Mikrotik Router.
Hi Ian: I’m wanting to setup 3 maybe 4 VLANs. Here is the issue I’m not sure about. I have a Cisco Router SV260W default gateway of 192.168.123.254. I have an Ubuntu Webserver static on 192.168.123.104. I am forwarding ports 8083 and 8080 to that address as well for the Server. So would like to leave that setup alone if possible. I have the following Ubiquiti equipment. 24 port POE switch, an 8 port 60 watt switch, 4 of the 5 port mini flex switches. I’m wanting the following VLANs. One for IoT, one for guest wifi access and one for my main LAN like doing my video editing. I also have a cloud key gen. 2. Do I have to set the VLANs in the Cisco router and the the 24 port switch. I even thought of changing over to an Edgerouter X even. So looking for some ideas on implimenting.
So, to recap, let me see if I understand this correctly: If I just have a whole bunch of clients that are connected, say from port 1-8 and I want them to be able to talk to each other (and all of them are data connections), then I would mark ports 1-8 as untagged in VLAN 10 (using your example here), correct? And then I would mark port 24 as tagged, correct? And if I have a whole bunch of IP handsets and I don't configure the IP handsets to tag its own IP packets, and let's say that they occupy ports 9-16, then I would mark those ports as untagged in VLAN 20, and port 24 as tagged, correct? And then in theory, all of the data clients can talk to each other and all of the IP handsets should be able to "talk" to each other (as an IP/network device), correct? Your video is very good, but I want to make sure that I understand the concepts correctly. Thank you.
Why do you remove the untagged VLAN 1 from ports 1 and 23 ? Whenever I remove the untagged VLAN 1 from any port I lose all connection to that port. I have the same model Netgear switch version 3 and the Port PVID Section doesn't have all the tabs you have. I specifically cannot put more than one VLAN member per interface. Last thing I want to know how you did configure the Port PVID Section for the interface of 23 and 24?
I have the same switch, v3. I've got it set up fine if either of you are still looking for info 2-3y later. You CAN put more than one vlan member per interface. In the membership screen, not the PVID screen. A port can only have one pvid.
Im having an issue getting to your login screen? I believe where i am stuck is making sure the switch is at a subnet. Have no idea what that means. 1. I was told to add to my iPV4 on my computer 192.168.0.X and i put dns to be my Comcast BOX.. What i want to do is learn how to program each ethernet port. I do havec the resource CD and ran it.. But no info comes up on the network side... Please help if you can.
Thanks for the info, also didnt get a good explanation of whats going on elswhere. only problem i have is my gateway is a mikrotik, DHCP works and all VLAN seems to be working but i cant get the traffic to breakout from the mirkotik.
i was trying to make a vlan , made a vlan using the pc , but as soon as i took the port the pc is on from vlan1 off the switch , the switch resets, is that normal ? or im i doing something wrong i made a vlan for the firestick and ps5 , when i took the port they are on from vlan1 , they work .
Great video. Didn't know you could have different vlans on the same port. Can you tell me how you would set up a firewall to stop vlans from communicating with each other?
You got that tagging thing completely wrong. If the port is a member of A Vlan, packets from that vlan will leave the port untagged or tagged according to the setting. if its not a member, packets inside the switch will not leave over the port. incoming packets may be tagged or untagged. if they are untagged, the get the PVID tag set. so, untagged traffic can only go to one vlan. if its tagged, then it will only be forwarded, if the port is member of the tagged vlan. There is also a setting to only allow untagged or tagged packets in general from each port.
Actually frames aren't even dropped by default when a port is not member of the tagged vlan. i just looked it up, you need to set ingress filtering for that as well
On VLAN 1, why are ports 1 and 23 blanked out? Is it because those ports were assigned to other VLANs (i.e. port 1 on VLAN 10 and port 23 on VLAN 30)? Is this a security measure or optional?
@@AinzOoalG0wn It's a security measure. But it's up to you if you want to implement it or not since it depends on your own environment. In this case, he decided not to allow the computers and VoIP phone and WiFi endpoints to be able to access the management VLAN.
@@AinzOoalG0wn The pfSense firewall will only prevent Layer 3 traffic between VLANs. But to prevent a "VLAN hopping" attack (Layer 2), it is recommended not to expose the native VLAN for normal user traffic. Again, this level of security may not be necessary in every environment, but it is considered best practice.
@@michaelk412 OOO i get it. this is why for the tagged ports, he didn't untag for those same ports as well. However question, if you do that, will you still be able to get internet connectivity? do u have reddit or something so i can private msg u? so i can show u how my network looks like
Really good video, i understand alot more about vlans now, thanks. Quick question, What is the /24 on an ip address? i have also seen 0.0/100, what is /100?
Oscar Oganiza, the G724T doesn't have routing capabilities. I used the USG in this example to do things like routing and DHCP but you could use any vlan capable router of which a Mikrotik would be the most powerful and least expensive.
Thank you very much for the helpful information! I just kindly want to advise you for your own professional benefit to STOP USING "WANNA, GONNA, GORA, TWENNI" ALL THAT horrible unschooled pronunciation because it makes you sound NOT that professional as you ought to. Thanks again.
Thanks for the feedback. I'll keep that in mind when wanna make another video... I'm not sure if I'm gonna... :) The challenge when making videos (especially initially) is that you can spend so much time fixing and re-recording segments that you end up not making the video, so with this one I just went ahead and produced it... Imperfect and potentially unprofessional. As long as I was able to help someone understand and implement vlans I feel it's mission accomplished!
This helped a lot. I have one question is using vlan a good idea for having my internet go into my switch tag it and receive it by my router and then sending it back to the switch untagged. So I just setup my p1 and p2 to be tagged 10 P1 being internet, P2 being wan port of router. Then I removed the markings on the default for port 1 and 2. and my lan port on the router sends back to 3 where the rest of my devices are. The whole idea behind this is to make switching internet easier without manually plugging them in.
This helped a lot. I have one question is using vlan a good idea for having my internet go into my switch tag it and receive it by my router and then sending it back to the switch untagged. So I just setup my p1 and p2 to be tagged 10 P1 being internet, P2 being wan port of router. Then I removed the markings on the default for port 1 and 2. and my lan port on the router sends back to 3 where the rest of my devices are. The whole idea behind this is to make switching internet easier without manually plugging them in.
This helped a lot. I have one question is using vlan a good idea for having my internet go into my switch tag it and receive it by my router and then sending it back to the switch untagged. So I just setup my p1 and p2 to be tagged 10 P1 being internet, P2 being wan port of router. Then I removed the markings on the default for port 1 and 2. and my lan port on the router sends back to 3 where the rest of my devices are. The whole idea behind this is to make switching internet easier without manually plugging them in.
This helped a lot. I have one question is using vlan a good idea for having my internet go into my switch tag it and receive it by my router and then sending it back to the switch untagged. So I just setup my p1 and p2 to be tagged 10 P1 being internet, P2 being wan port of router. Then I removed the markings on the default for port 1 and 2. and my lan port on the router sends back to 3 where the rest of my devices are. The whole idea behind this is to make switching internet easier without manually plugging them in.
This helped a lot. I have one question is using vlan a good idea for having my internet go into my switch tag it and receive it by my router and then sending it back to the switch untagged. So I just setup my p1 and p2 to be tagged 10 P1 being internet, P2 being wan port of router. Then I removed the markings on the default for port 1 and 2. and my lan port on the router sends back to 3 where the rest of my devices are. The whole idea behind this is to make switching internet easier without manually plugging them in.
