Sorry for being such a noob. My networking is not very strong, thought I’d ask the fine folks here.
Let’s say I have a Linux box working as a router and a dumb switch (I.e. L2 only). I have 2 PCs that I would like to keep separated and not let them talk to each other.
Can I plug these two PCs into the switch, configure their interfaces with IPs from different subnets, and configure the relevant sub-interfaces and ACLs (to prevent inter-subnet communication through the router) on the Linux router?
What I’m asking is; do I really need VLANs? I do need to segregate networks but I do not trust the operating systems running on these switches which can do L3 routing.
If you have a better solution than what I described which can scale with the number of computers, please let me know. Unfortunately, networking below L3 is still fuzzy in my head.
Thanks!
https://en.wikipedia.org/wiki/IEEE_802.1Q
Vlans are simply a tag on a frame. You can set what if any tags are allowed and you can set the switch to tag untagged traffic. You can can limit Mac addresses with port security.
Thank you. Now I just need to learn to do all of this on Linux/BSD lol
https://openwrt.org/docs/guide-user/network/vlan/switch_configuration
You create an device called interface.vlanid
Something like eth0.1
Ooh, would it be similar on other Linux distros/Unixes? I’m trying to decide between Debian, VyOS, Alpine and OpenBSD for my main firewall. All of them have strengths but I think it’ll be between VyOS and OpenBSD for me.
Anything that uses the Linux kernel
I would strongly suggest OpenWRT