Sorry for being such a noob. My networking is not very strong, thought I’d ask the fine folks here.
Let’s say I have a Linux box working as a router and a dumb switch (I.e. L2 only). I have 2 PCs that I would like to keep separated and not let them talk to each other.
Can I plug these two PCs into the switch, configure their interfaces with IPs from different subnets, and configure the relevant sub-interfaces and ACLs (to prevent inter-subnet communication through the router) on the Linux router?
What I’m asking is; do I really need VLANs? I do need to segregate networks but I do not trust the operating systems running on these switches which can do L3 routing.
If you have a better solution than what I described which can scale with the number of computers, please let me know. Unfortunately, networking below L3 is still fuzzy in my head.
Thanks!
I’ve got 3 subnets on an L2 switch. You will have clashes over DHCP if you have both broadcasting on the same L2 switch without VLANs.
My guest wifi is on a vlan, but the switch is L2 and it’s fine. The router has separate physical ports for each subnet. The “guest” subnet is only accessible over Wifi, and the access points are configured so that the guest VLAN is mapped to a separate SSID.
My third subnet has no VLAN. It’s IPv6-only and all devices have a static IP address. It’s only used for security cameras. I did this so they don’t transmit on the same physical cables as my primary subnet. It is otherwise insecure, as I can join the subnet by simply assigning myself a static address in the same range.
Note: There is a bug in Windows where it will join an IPv6 subnet on a different VLAN. I had to tweak my DHCPv6 / radvd so that Windows would ignore it. Yes, Windows is this dumb.