No video

Learn vLANs, Subnets, and NAT to Improve Your Network Security

  Рет қаралды 12,968

Jim's Garage

Jim's Garage

Күн бұрын

In the latest episode in the Homelab Series I'm discussing vLANs, Subnets, and NAT. I explain in basic terms what they are, why you might want to use them, and how to configure them within your homelab.
This video covers definitions, network diagrams, hardware setup, and technical configuration of Sophos XG firewall, and Netgear switches.
Netgear Switch: amzn.to/3PBb3Qz
Discord: / discord
00:00 Introduction and recap
00:43 Understanding basics, Static IPs
01:32 NAT
03:18 Subnets
04:10 ARP
07:55 vLANs
09:24 Sophos XG Configuration
10:14 Enable DHCP
13:10 Add Static IP
15:25 Create a Host
17:00 Create a vLAN in Sophos XG
21:00 Additional Configuration in Proxmox
25:45 How to Configure vLANs on a Netgear Switch

Пікірлер: 22
@lockharj
@lockharj Жыл бұрын
Thanks for the great content. I've been following along diligently, but started running into issues. ie. when I enabled DHCP I lost access to the admin panel; ie2. when I tried assigning static IPs, the proxmox machine would not accept it and was left out of the IP range; ie3. after solving the former, some devices still don't have internet access while others do. It would be great to do a troubleshooting guide, not particularly about any 1 issues, but about how to troubleshoot issues. Also, like you mentioned, when things break the whole family is w/o internet, what recommendations would would you have to isolate the 'test environment' while you are finetuning the setup. It seems like it's all in or all out. All the best and looking forward to the next video, hopefully network is back on its feet by then LOL
@Jims-Garage
@Jims-Garage Жыл бұрын
Glad to hear that you have some of the devices connected to the internet, that's a good thing, it means the issue is likely DHCP related. I.E., existing devices on the network aren't being assigned a new IP. Usually you can fix it by rebooting those devices. Good suggestion for a troubleshooting video, I'll try to collate some common issues. The firewall is probably the most impactful item for your homelab in terms of it breaking connections when something is wrong. The good news is that it's effectively "set and forget", once you have a working config... Try the above in first paragraph and let me know how it goes. The fact that some devices have internet shows you're doing it right 👍
@Jims-Garage
@Jims-Garage Жыл бұрын
It might be worth checking the DNS settings on the devices as well. They might have "internet" access (i.e., you could ping 1.1.1.1), but you cannot resolve DNS (i.e. google.com won't work).
@lockharj
@lockharj Жыл бұрын
⁠@@Jims-Garage thanks Jim! I didn’t get notifications for the responses so late to the party. It turns out I was missing some theory. A friend took a look and those devices had an ip configured manually and was out of the dhcp pool. The missing concept was thinking devices would request that up from the dhcp server, and rather it seems like they just “trust” they have it and don’t communicate with the dhcp server at all. Conceptual error but easy fix. Thanks for the advice!!
@Jims-Garage
@Jims-Garage Жыл бұрын
@@lockharj glad you fixed it. Yes, a manual IP will ignore DHCP.
@DarrylGibbs
@DarrylGibbs 10 ай бұрын
Hi Jim, I'm new to the channel (found when I had issues with my Immich install) and as a "beginner to low-intermediate" homelabber, your series is awesome! Great work! Your concepts are well explained, giving enough info to lead me to study up more on my own, whilst giving enough to understand what you're on about. Keep them coming!
@Jims-Garage
@Jims-Garage 10 ай бұрын
Thanks, really appreciate your feedback.
@TheStevenWhiting
@TheStevenWhiting Жыл бұрын
Will be a good one. I still need to work out vLANs as years ago when I attempted on my home Vigor Router, I vLANed myself out of the router.
@Jims-Garage
@Jims-Garage Жыл бұрын
Thanks, hopefully it demystifies some of the concepts , gives you a basic setup, and provides some pointers for where to expand your knowledge.
@markandrow4010
@markandrow4010 8 ай бұрын
Thank you, Very informative and detailed, Great as all other videos,
@Jims-Garage
@Jims-Garage 8 ай бұрын
Thanks, the camera quality improves soon you'll be pleased to know 😂
@crc-error-7968
@crc-error-7968 7 ай бұрын
Thank you @Jim this 25:40 helped me a lot! I bought an used intel x710 and it has the same issue with the number of vlans Thanks again and happy holidays to you and family! Ciao Roberto
@Jims-Garage
@Jims-Garage 7 ай бұрын
Thanks, Roberto. Same to you!
@zaluq
@zaluq 3 ай бұрын
Stupid question here , but to implement a vlan in your homelab network is a Layer 2 or 3 a prerequsite ? Or can it be done in Opnsense or Sophos FW ?
@TheStevenWhiting
@TheStevenWhiting Жыл бұрын
I only know about the high availability and fail over as we have that setup at work and had an issue the other day with it. Had to reboot primary sonicwall which then failed over to the secondary.
@Jims-Garage
@Jims-Garage Жыл бұрын
It's great to have for the Homelab, means I can segment my lab and not interfere with the family's web usage. I tend to break stuff whilst tinkering... It's also surprisingly easy to accomplish once you've already done one virtual setup.
@BenSmithuk
@BenSmithuk Ай бұрын
Hi Jim great video as usual I'm trying to wrap my head around the assignment of vlans. I think i get it but are you saying that if you tag the vlan in proxmox then i dont need to do anything in the switch vlan settings (unless i want to dedicate a single port on it to a specific vlan (e.g. an access point - in which case ill need to understand tp links confusing interface) but all vms because theyre tagged from proxmox will go through the switch up to the firewall without my having to config the managed switch (seems to easy to be true!)
@Jims-Garage
@Jims-Garage Ай бұрын
@@BenSmithuk essentially the port is tagged or untagged to a vLAN (you can have many vLANs on a port). If it's untagged the switch will add the tag, if it's tagged the switch expects the VM/hypervisor/firewall to have already tagged it.
@BenSmithuk
@BenSmithuk Ай бұрын
@@Jims-Garage oh man I don't get why but I've watched countless videos and that sentence has made it click for me. Thanks again Jim!
@BenSmithuk
@BenSmithuk Ай бұрын
Hi Jim, after all the fear of making the switch, I jumped into the void and connected up opnsense to my existing setup. I was surprised though as I made proxmox vlan aware and changed the VLAN tag on proxmox for the VM, the VM adotped the IP address set in Opnsense - I assume that I still need to tag the ports on the managed switched to ensure it all plays nicely?
@antoniomax3163
@antoniomax3163 2 ай бұрын
Can sophos be tried for free? On a virtual machine somehow? Or do they only have hardware solutions?
@Jims-Garage
@Jims-Garage 2 ай бұрын
Yes, Sophos UTM and Sophos XG are free for home users.
How to structure networks with VLANs
18:36
Christian Lempa
Рет қаралды 117 М.
НЫСАНА КОНЦЕРТ 2024
2:26:34
Нысана театры
Рет қаралды 1,8 МЛН
WHO CAN RUN FASTER?
00:23
Zhong
Рет қаралды 15 МЛН
Kind Waiter's Gesture to Homeless Boy #shorts
00:32
I migliori trucchetti di Fabiosa
Рет қаралды 2,5 МЛН
Ouch.. 🤕
00:30
Celine & Michiel
Рет қаралды 33 МЛН
THE TRUTH ABOUT EXECUTIVE PROTECTION EPISODE #44
1:56
Katalyst Training Group
Рет қаралды 1
You NEED a firewall
23:04
Jim's Garage
Рет қаралды 11 М.
CrowdSec Absolute Beginners Workshop
46:57
CrowdSec
Рет қаралды 10 М.
The Homelab Show Episode 41: Network Segmentation, VLAN, And Subnets
57:20
Don’t run Proxmox without these settings!
25:45
Christian Lempa
Рет қаралды 171 М.
Thunderbolt Networking is FAST & CHEAP!
31:04
Jim's Garage
Рет қаралды 23 М.
НЫСАНА КОНЦЕРТ 2024
2:26:34
Нысана театры
Рет қаралды 1,8 МЛН