Sorry for being such a noob. My networking is not very strong, thought I’d ask the fine folks here.
Let’s say I have a Linux box working as a router and a dumb switch (I.e. L2 only). I have 2 PCs that I would like to keep separated and not let them talk to each other.
Can I plug these two PCs into the switch, configure their interfaces with IPs from different subnets, and configure the relevant sub-interfaces and ACLs (to prevent inter-subnet communication through the router) on the Linux router?
What I’m asking is; do I really need VLANs? I do need to segregate networks but I do not trust the operating systems running on these switches which can do L3 routing.
If you have a better solution than what I described which can scale with the number of computers, please let me know. Unfortunately, networking below L3 is still fuzzy in my head.
Thanks!
It’s not that they are expensive, it’s that they run archaic proprietary OSes which the consumer cannot control. I cannot trust such a switch when the rest of my network depends on it. Please let me know if something in the post didn’t make sense.
Put a multi port NIC in your router PC and use a separate unmanaged switch for each network then.
Thanks but as I mentioned that will not scale. I’m interested in if separating computers by subnets will work. Have you tried something like this?
It’s been a long time since I actually used subnets, but IIRC you will need a physical interface for each network on the router regardless.
So let’s say you set up your /24 network into 2x /25’s, you will need an interface for the .0 network, and another for the .128 network
If you just have an interface for the switch, and another for the WAN connection, I don’t think subnetting will work for what you’re trying to do
Hmm, so virtual interfaces on the router won’t work? I admit I’m a bit stumped, would you be able to give me an ELI5 on why this is the case? I will try and read up more, of course