00:00:00
00:00:02
A LAN is a Local Area Network.
00:00:04
We commonly define
this as a group
00:00:06
of devices that are in
the same broadcast domain.
00:00:09
In this example, we have
two different switches.
00:00:12
One is the red switch and
one is the blue switch.
00:00:15
On the red network, we
have two devices that
00:00:17
are in one broadcast domain.
00:00:19
And on the blue
switch, we have devices
00:00:21
that are on a completely
different broadcast domain.
00:00:24
We might want this separation
for security reasons.
00:00:27
Certainly this would
have a separation
00:00:29
between these devices and these.
00:00:31
We might want to limit
the number of broadcasts
00:00:34
that might be on a network.
00:00:35
So we might segment the
network into smaller pieces.
00:00:38
And in many ways, this is
a very straightforward way
00:00:41
to manage the network.
00:00:42
Because if somebody needs
to be on the red network,
00:00:44
we connect them
to the red switch.
00:00:46
And if someone needs to
be on the blue network,
00:00:48
we connect them to
the blue switch.
00:00:50
However, looking
at this diagram,
00:00:52
we can immediately see a
number of inefficiencies.
00:00:55
We've of course purchased
two separate switches.
00:00:57
We are powering two
separate switches,
00:01:00
and we're managing
the configurations
00:01:02
on two separate switches.
00:01:03
All of these are
duplicating the effort,
00:01:05
in some cases duplicating the
cost we would need to maintain
00:01:09
both of these networks.
00:01:11
We can also see
on these switches
00:01:12
that we're connecting
two devices,
00:01:14
but we have a lot of empty
interfaces on the switch.
00:01:17
So we've paid for
a lot of switch
00:01:19
that ultimately we're not using.
00:01:22
It would be much more
efficient and cost effective
00:01:24
if we could buy a single
switch, maintain a single power
00:01:28
source for that switch and
a single configuration,
00:01:30
and simply logically
associate certain interfaces
00:01:34
on that switch to
the red network
00:01:36
and logically associate other
interfaces on that switch
00:01:39
to the blue network.
00:01:40
The switch itself would
provide the separation
00:01:43
between the red network
and the blue network,
00:01:46
and these devices
still would not
00:01:48
be able to communicate
directly to each other.
00:01:50
We refer to this virtualization
of the local area network
00:01:54
as a VLAN.
00:01:55
This is grouping the devices
still in their same broadcast
00:01:59
domain, but we're
doing this across
00:02:01
the same physical device.
00:02:03
This means that we won't
need separate switches.
00:02:06
We can instead have exactly
the same functionality
00:02:08
on a single switch by
implementing and configuring
00:02:11
VLANs for each of these
individual interfaces.
00:02:15
Let's add even a third network.
00:02:17
So on this switch,
we've configured
00:02:18
a red network, a blue
network, and a green network.
00:02:22
And you can see that we've
connected different devices
00:02:24
to these interfaces.
00:02:25
As the network
administrator, we've
00:02:27
specifically configured the
interfaces on the switch
00:02:30
to match a certain network.
00:02:32
So in this case, if you're
connected to port one,
00:02:34
you're on the red network.
00:02:35
If you're connected
to port nine,
00:02:37
you're on the blue network.
00:02:38
And if you're
connected to port 17,
00:02:40
you're on the green network.
00:02:42
Of course, instead
of using colors
00:02:43
we associate a
VLAN with a number.
00:02:45
So the red network
may be VLAN 1,
00:02:48
the blue network
might be VLAN 2,
00:02:50
and the green network
might be VLAN 3.
00:02:52
You can see that
not only does this
00:02:54
make it easier to
manage the network,
00:02:56
but now we can keep costs
lower by having a single switch
00:02:59
instead of purchasing
three separate switches
00:03:02
for these three VLANs.
00:03:04
A technology that has
become rather commonplace
00:03:07
on our networks today is a VPN
or a Virtual Private Network.
00:03:11
This is usually a combination
of software and hardware
00:03:14
that allows us to
securely send information
00:03:17
across a public network
such as the internet.
00:03:20
Everything sent over that VPN
connection is automatically
00:03:24
encrypted, which means
if anyone in the middle
00:03:26
happens to capture
this information,
00:03:28
they wouldn't be able
to see or understand
00:03:30
anything in the conversation.
00:03:32
If you've used a VPN,
then you certainly
00:03:34
are familiar with how that
looks from the desktop
00:03:37
of your operating system.
00:03:38
But somewhere it's connecting
to a separate device
00:03:42
and the device we're connecting
to is a concentrator.
00:03:44
This can be a
standalone device or it
00:03:46
may be integrated
into a firewall
00:03:49
or some other multi-use device.
00:03:51
There are many different
ways to deploy VPNs.
00:03:53
The example we have here
is a hardware device
00:03:55
that may have specialized
VPN or encryption hardware
00:03:58
inside of it.
00:03:59
But you can also configure
VPN software that
00:04:02
might be running on a server.
00:04:04
Many VPN implementations
have their own application
00:04:07
that can be installed
in an operating system,
00:04:09
and you'll find that these
days most modern operating
00:04:11
systems come included with
some type of VPN client.
00:04:16
This means that you can
still be secure when
00:04:18
using your laptop
in a coffee shop
00:04:20
even if the wireless
network in that coffee shop
00:04:23
is one that is open
and not encrypted.
00:04:25
You would either use VPN
software that's always
00:04:28
on and always
connected or you would
00:04:30
have the option on your
laptop to enable or turn
00:04:33
on the VPN capability.
00:04:35
When you do that, it creates
an encrypted tunnel back
00:04:37
to the VPN concentrator,
and now everything
00:04:40
sent from your laptop
will be encrypted
00:04:42
across the wireless network of
the coffee shop, the internet,
00:04:46
and any other links until it
reaches that VPN concentrator.
00:04:50
At this point, the
VPN concentrator
00:04:52
will receive that
encrypted information.
00:04:54
It will decrypt the data
and send that information
00:04:57
into the corporate network.
00:04:58
Any device that needs to send
information back to the laptop
00:05:01
will send that information
to the VPN concentrator.
00:05:04
The concentrator will
encrypt that data,
00:05:06
send it over the
encrypted tunnel,
00:05:08
and when it reaches
your laptop, the laptop
00:05:10
will then decrypt that data so
that it can be used locally.
00:05:14
This entire process
happens behind the scenes
00:05:17
and is automatic when you
enable your VPN software.
00:05:21
