Divide Lans into three VLANs
Divide Lans into three VLANs
For those familiar, I'm looking to set up three separate VLANs—N1, N2, and N3. I want N1 to be isolated, N2 to function independently, and N3 to act as a management hub. The idea is that from N3, devices can communicate with both N1 and N2, while N1 and N2 remain separate from each other. This setup should rely on inter-VLAN routing to maintain visibility and interaction. The subnet for N3 would need to be chosen carefully to support its management role without interfering with the others.
Subnet mask defines the scope of a subnet, not its communication partners. The reachability of a subnet hinges on your routing configuration. Yes, you can configure routing and manage access. The subnet itself doesn't restrict connections; instead, define only the necessary ports and devices, then permit all traffic over WAN.
Right, so that makes more sense. the subnet mask would only need to increase in size if you needed to support more than 255 devices on a specific vlan? So all three vlans could have a /24? an youre saying for WAN on all three vlans have everything open so theyre able to talk to the web, and all remotely accessible to each other, and then for the lans have all ports closed off on all of them except for ports x, y, and z? and same thing for devices/ips? -> = ping, or interact -|- = unable to ping, or interact If i'm understanding this then I could specify 192.168.1.x -> 192.168.2.x, 192.168.3.x (if my ip was 1.x I could ping/interact with anything on 2.x, and 3.x) and also specify 192.168.2.x, 192.168.3.x -|- 192.168.1.x the .x could be for any number of devices, on any number of ports
It's about adjusting the scale to your preference, a /24 works well but you can customize it. You should grant access for the ports you specify between VLANs. Direct one-way communication isn't practical—requests and responses must be allowed. For example, if you need a web server in network 1 from network 2, set up rules to permit any device in network 2 to send HTTP requests via port 80 to the server in network 1, and configure the server to accept those responses. What type of router or switch are you using?
You don't require VLAN support on the router if you have sufficient ports. VLANs are also possible on the router, so with four ports it should function properly. How much bandwidth do you need? Are you looking for advanced firewall capabilities such as IP addressing or a VPN? What are your plans? Home setup? Small business? Personally, I’m a bit of a fan of untangle now, and I also use PFSSLens. I employ a SonicWall at work, and it works well.