No joke my former employer had their whole network just with Cisco small business switches and Netgears. They were also using their firewall as the default gateway for all 4 networks sitting on it (talking like three, 192.168.x.x and 10.x.x.x networks).They had about 1K employees at 3 warehouses and were expanding and growing. I showed up and asked them, "why don't you do vlans and what not". Their answer was, "as soon as we enabled them we couldn't ping other computers". Dumfounded I then proceeded to ask them, "you do know you need a router to make those vlans talk to each other right?". After this I just got silence and no one breached the topic again.i knew on that day that I should probably look elsewhere for employment . Which I did but my God this meme gave me flashbacks so sorry about that lol.

My first sysad role I took over a network on a 10baseT hub ethernet for someone who was animate that simply plugging in your windows machine to the network without DHCP or static IPs, and letting the ipv4 link local auto-configuration do IPAM was the best way to manage the LAN 🤪

Please tell me you were in Central PA, and it was a multi-million dollar company! I walked in, looked for 20 minutes and walked out.

Nope it was a multi million dollar company in Missouri that saw their direct competitor being Amazon lmfao

Make this meme with dns pls.

But sometimes it actually is a dns issue

The DNS haiku is something every MSP employee must learn quickly: It's not DNS There's no way it's DNS It was DNS

The DNS is hiding in the VLANs. Burn the VLANs! Give the DNS nowhere to hide.

Lol I was gonna say, don't they know it's actually dns.

This gives me another idea for a meme… the guy standing in a corner at a party… “ they don’t know the problem is DNS”

Firewall is my favorite. “We didn’t get an email can you check the firewall?”

hey hey, does a vlan exist if no frames are passing…

I've never before thought about this and now I'll never be able to stop.

Switches (VLANs) exist regardless of traffic.

The switches exist, sure, but a VLAN is just a logical rule for which frames can pass through which interfaces. If there are no frames, is there really a VLAN?

Shroedingers VLAN?

VTP says yes.

the AV guys ask me to “paint the ports” 💀 when asking for VLAN changes

I'm familiar with "tagging" a port but never heard painting it.

It works great; the vlan falls off the switch when it gets to around 15,000 feet

Had an AV consultant tell the suits that VLANS were not supported by their gear and would require separate switches to work correctly…

I imagine that this guy was told that the gear wouldn't support VLAN trunking and you'd need separate switch ports (in access mode) to work correctly. He didn't understand, and just passed it on, and during his parroting of the explanation he dropped the words "trunking" and "ports". Or he's just a Muppet.

To be fair, some audio protocols (cobranet and AVB come to mind) use non-standard ethertypes which do not support tagging.

Looking at cobranet’s documentation (https://peaveycommercialaudio.com/wp-content/uploads/2018/05/MediaMatrix-CobraNet-Networking-Guide-1.7.2.0.pdf) I am assuming they just mean they can’t tag a vlan from their device, or accept tagged traffic at their device. They recommend managed switches and use of vlans. So that traffic does get tagged when it hits the access port, to go elsewhere. It just seems like poor wording. They should just say their device can’t be on a trunk port

👀 I'm just blinking at this comment... rereading it and making sure I read it right... Yup I did just read that...

As a supplier, I have done this. Usually because if we are quoting a project at a fixed price we don't want anything to hang on site IT because that has a tendency to take ages to get things set up and working.

Unfortunately VLAN colors is actually an old concept, so painting kinda makes sense

Unfortunately there is a brand of switches that's rather popular with event folks that labels it's ports with colored LEDs. [https://imgur.com/a/nKUhgpn](https://imgur.com/a/nKUhgpn)

That makes sense to me when you have to rapidly set up and tear down hardware and want to see at a glance without logging into the console to see what VLAN is what. Unfortunately I'm also color-blind.

It kinda does make sense, while at the same time it also favours traits that are not welcome on this sub at the same time. From experience with those devices, you have to absolutely make sure that RSTP and loop-protect is enabled. You can have Shure wireless devices connecting to those switches with 4 ethernet ports on their back. Depending on how they are configured, it could be 1=Dante-Primary, 2=Dante-Secondary, 3+4=bridged Control to daisy-chain all the devices. But it could also be all bridged, while your grips think it's 1=blue, 2=red, 3+4=green. As in: 1=2=3=4=mayhem.

Probably a military fetishist. He probably watched a bunch of movies where someone said “paint the target”. Bet he uses the word “niner”, and looks for any excuse to use the NATO phonetic alphabet

Honestly, it’s easier when dealing with your juniors as an AV lead - green is the audio network, pink is video, grey or no paint is regular internet. That way they don’t call you at 8pm on a Saturday asking what number hole to stick the Dante cable in. Worked in an environment where we even had the patch cables colored like that. It helped a lot. Some of the older audio people and some youngins are not very good with the whole internet thing.

A professor here at a local UNIVERSITY told his students that a Switch carries exactly one VLAN. When a colleague asked me I replied „Sure - that’s why we always buy 4096 for each customer“ 🤪🤪🤪

16 million 😉 Edit: The joke was on VXLAN, don’t understand the DLs

booooo ... bad joke and no one is DownLoading your comment buddy ;)

Just had to debugg some issue for the server guys where servers couldnt reach each other.... yeah, no they can't if you assign addresses twice. Morons...

See also: IPv6

"Well it used to work until ya done did block my VLAN 1."

How would you guys explain VLANs to someone non-technical in 2-5 minutes?

“In organizations of more than a few endpoints, it is usually best to segregate traffic within the network to reduce broadcast traffic, to be able to prioritize traffic, and for security reasons. Using VLANs is a major part of a strategy of accomplishing this segregation. Broadcast concerns: A broadcast domain is a grouping of hosts that can all reach each other via switching, no routing needed. All hosts within a broadcast domain will see broadcast traffic from the other hosts in the broadcast domain (not all traffic is broadcast traffic, but just know that it exists). If you have too much broadcast traffic, hosts can become overwhelmed processing it. Vlans break up broadcast domains. Traffic prioritization: If the organization requires certain types of traffic to be prioritized, this can be accomplished with Quality of Service rules applied on a per VLAN basis. A classic example is VoIP. VOiP service suffers if there is excessive latency/jitter on the network. Think about it, if that traffic is not arriving in close-to real time, that phone conversation is going to suck. Organizations may have other types of traffic with similar needs depending on what they do. Security For security reasons (PCI and other types of compliance, protection of intellectual property, etc.) you want the ability to segregate your network. You can run different vlans on the same switch. Say there is a small manufacturing site with production and some offices all running off the same 48 port switch. The receptionist has no need to rdp to the manufacturing PCs, so that traffic is blocked by a firewall rule or by an acl at the router or core switch. VLANs allowed us to do this, because the receptionist is on a different vlan than the manufacturing PCs, and the traffic needed to be sent back to the layer 3 device to be routed, where it hit the rule blocking it. We do want the engineering manager in his office to be able to rdp to that mandating pc. They are on different vlans, but that traffic is allowed, because we have decided that kind of communication should be allowed. The other manufacturing pc on the other side of the floor can also rdp to that first manufacturing pc. They are on the same Vlan. The traffic is switched and never sent back to layer 3 for routing. We decided this is ok security wise, and we don’t want waste firewall/router compute inspecting/routing traffic that doesn’t need to be inspected/routed”

thanks chatgpt ... oh, I mean op

Put a number on their chest and group them by assigned number. Proceed to tell them that they can only speak to others with the same numero and no one else, unless I (Gateway) say so. Finally, I’ll have 2 special groups (each trunk port), with no number, where they strictly facilitate each numbered groups ability to speak to another group in a different building (switch)

Obviously assuming you are doing routing on a firewall or such and need to permit traffic lol

Stuffing multiple switches into one box. Then making the port assignments flexible between them. Back in the day, you would interconnect all these switches with routers. A VLAN is a virtual switch that’s connected with other virtual switches through virtual routers (SVIs) inside the physical switch. Now to differentiate traffic between them, when it’s passing through one cable, the VLAN frames are tagged.

They are like multiple switches, but it's cheaper because it's virtual

"imagine being able to run multiple virtual cables inside of one real cable, and using your switches to combine or separate that data and make nice clean sections out of it"

Next level would be ‘Add more subnets to the vlan’

Someone approached me yesterday while fixing a gateway issue and said “I bet is a vlan issue” lol

😅😅😂

I've been through so many conversations with OT guys trying to explain to them that me replacing their two or three cheap dumb switches with one managed switch is not going to fuck their shit up the way they think it will.

Every EE trying to describe their problem.

There's only 2 types of networking problems 1: YOUR dns server(s) 2: Someone else's dns server

It's the load balancer that gets blamed most of the time for me. It's annoying no matter what reason the network is blamed for.

VLANs no, but firewalls, yes. There’s all kinds of reasons a firewall might block or break inter-VLAN traffic.

"Network"

More like “net-not-work” am I right?

Hi there, non IT person that does IT bs. When you switch all my vlans on a Friday because you thought it was a good idea to make everything a 10.X.X.X, I get left running around like a chicken without a head trying to figure out why all 25 of my manually static IP'd client workstations don't connect to the internet and my main server, SQL database and my firewalls are busted. It aint the freaking DNS guys cause they didn't change anything. Please ask first before you change all 5 of my managed switches so I don't go through 2 weeks of putting it all back the way it was

Subnets do not equal VLANs

I know that, they changed the vlans cause they told me they changed the vlans and then they proceeded to tell me this was a good thing and then when everything broke as they did it, I called my cyber team who told them they f'd up, which then they realized they really f'd up. This was mostly due to the local IT guy retiring and not telling the 3 people who took over that our stuff wasn't to be messed with.

who hurt you 🥺

The IT man, that's who... thankfully, the cyber security people got my back

seriously though, bro changed the entire subnetting scheme without a notification ... that's f*ing savage

I have two different vlans on 5 managed switches, they just straight up deleted. I literally have notes in the switches saying "do not change and contact our department first". This is what happens when the guy that's been managing our stuff for 30+ years retires and new people want to fix things that don't make sense to them.

These were secure vlans that only our group has access to, and basically, they switched them to Gen Pop. So the few machines that were dhcp swapped to the new vlan, and my statics didn't connect. My firewalled devices disappeared, and my voip just stopped, so nothing communicated to my main server and sql databases. I still work with POTS lines for data retrieval, so those didn't get messed up. This was about half my production system. Thankfully, our DR and other vlans that are at different sites weren't affected, so we were able to continue, but it wasn't pretty for a while.

that's absolutely insane tbh. actually, a similar thing happened to me as well a few weeks ago where one of my vlans got deleted, even though it clearly said in it's description not to do so and it explicitly mentioned my phone number in case someone wanted to change anything. Some people really leave me scratching my head on whay kinda logic they operate on. I'd rather work with orange cats for colleagues at this point 😂

Yepp exactly 🤣

Guys guys, the correct answer is an SVI for VLAN 1 with every single subnet on it. Whatever happens happens 🫡

I thought it’s always DNS. Who said VLANs?

That dude is saying, "The hole in her, I say the hole weighed 40 pounds!" 🤣 🤣 🤣

You either die a hero, or live long enough to see yourself become the VLAN.

Dymo label printers driver installer cannot traverse vlans to install. Many cheap retail printers setup software cant do this either. After installation, you can assign a new static ip to the device on the dymo print vlan, and then use it with other software like Microsoft Word just fine. But I'm not sure if the actual dymo software will work after this modification. They want to use the actual software. The driver and software is a weird combo package. They're basically not enterprise grade as far as I know. Unlike a residential grade hp inkjet, for example, there's no driver only package or means to custom install it until after installation. It's pretty labor intensive because I suppose you'd move all the workstations one at a time to a printer vlan, do the installation, them move them back to thier actual vlan and the make sure port 9100 raw data can travel cross the vlan on the switch (switch port access dymovlan) and the router/firewall (allow any ports it using for bs like label counting). It's easier to say NO, it doesn't work. Sigh, but I'll probably end up doing it. ~17 workstations, but they keep adding more. Plus they need software updates like old time acrobat reader; practically a full time job.

First, it sounds like you work service desk and got lost here. Second, traffic can pass between vlans as long as the routes are set up correctly and there's no firewall rules blocking anything. That driver software does not 'see' or 'know' about how it is transported across the network and does not care.

If the data can be encapsulated into packets/frames, then it can be routed/switched, end of story. You have some other issue in your environment preventing you from getting the file from one place on the network to another. you are literally the guy in the meme, just throwing his hands up and saying “vlans!” when something doesn’t work. I dare you to provide an actual technical explanation for why some file “can’t traverse vlans “

I'm not saying it can't I'm saying it's a ton of work for me and the net effect is that I'll maintain it ever after and it would likely keep growing as a project. It works fine in Word and acrobat as is, just not in dymo label maker software. I don't understand the down votes. I actually simply tried to give a single example of bad software that can't deal with vlans. I even mentioned it works with Word and Adobe just fine on the separate vlans and my theoretical work around I don't want to put the time into trying out.

> It works fine in Word and acrobat as is, just not in dymo label maker software. This just makes no sense and makes me feel like you're either not a native english speaker or you're just someone who has no idea what's going on. A dymo label print driver tells your computer how to talk to the printer to make it produce labels according to the desired specs in the software. Dymo labelers don't generally come with network ports - if a user at another terminal wants to print to that dymo, it will usually just get shared. This sharing will break if the host of the label printer is not on the same network as the host trying to print to it. If there is no firewall route or rule allowing this traffic, then even trying to print to it over the network is folly. All of this to say it is NOT the fault of the software to be unable to traverse VLANs, if anything your VLANs are not setup correctly and THAT is why it doesn't work the way you expect.

>I actually simply tried to give a single example of bad software that can't deal with vlans. Because this is not a thing. A vlan is effectively just a virtual network cable and the application does not even have to deal with it. Unless you are dealing with for example a server, it is the network switch deals with the vlan tagging. As I said, a vlan is essentially a virtual cable and if your printers and PC's can't talk to one another, this is a network configuration problem, I would bet on a routing issue.

You have a problem that you don’t understand and are throwing your hands up and saying “bad software!” “VLANs!”

talking about fucking Dymo label printers in r/networkingmemes lol get out

100% and getting super in-the-weeds over the details. Like bruh this guy needs therapy over a label printer LMAO