Sorry for being such a noob. My networking is not very strong, thought I’d ask the fine folks here.

Let’s say I have a Linux box working as a router and a dumb switch (I.e. L2 only). I have 2 PCs that I would like to keep separated and not let them talk to each other.

Can I plug these two PCs into the switch, configure their interfaces with IPs from different subnets, and configure the relevant sub-interfaces and ACLs (to prevent inter-subnet communication through the router) on the Linux router?

What I’m asking is; do I really need VLANs? I do need to segregate networks but I do not trust the operating systems running on these switches which can do L3 routing.

If you have a better solution than what I described which can scale with the number of computers, please let me know. Unfortunately, networking below L3 is still fuzzy in my head.

Thanks!

  • marauding_gibberish142@lemmy.dbzer0.comOPEnglish
    2·
    11 hours ago

    Thank you so much for the explanation. I followed everything but:

    Untagged (sometimes called Access) is something you apply on a switch port. For example, if you assign a port to Untagged VLAN 32, anything connected to that port will only be able to connect to port 32.

    I couldn’t really understand what you meant here. Did you mean VLAN 32 in the last line?

    • neidu3@sh.itjust.worksEnglish
      1·
      11 hours ago

      Derp, yes. Corrected. VLAN numbers are obviously not related to port numbers in any way.