Edgerouter X configuration for hardware VLAN setup
Edgerouter X configuration for hardware VLAN setup
Hi, I'm configuring an edgerouter X and need help creating a hardware-based VLAN to split the two networks securely. My goal is to isolate my work, gaming PC, and home server from the same internet provider, keeping them safe from any risky activities. I plan to add a PF-Sense firewall later for more advanced protection. I'm looking for a clear guide or video that explains setting up VLANs properly without getting confused. Any recommendations would be greatly appreciated!
If your setting up a pfsense system, just let that handle the multiple subnets, I don't see a reason to have a pfsense system and a edge router here, just makes it more complex, an either of these devices can do all that you need. Is this for wifi or wired? If its just wifi, you can give the kids the guest network and they can't touch your other stuff on the network.
pfsense includes a software VLAN feature, similar to setting up a guest network. I’d prefer a hardware-based separation instead. The Edgerouter X offers this capability—split an ISP connection into two separate networks at the hardware level, enabling independent operation without interference. It’s a bit complicated and time-consuming, but it would provide better isolation for your workstation. Currently, I only have the Edge Router X and plan to add PF Sense later, as it’s quite expensive right now. Any suggestions on implementing this with the Edgerouter X?
VLANs are applied on the same cable and port to create additional virtual wires and subnets. I’m not familiar with EdgeRouter X, but if it supports more than one LAN port, you can reach your goal without using VLANs. Make sure to review the documentation before designing the network.
You can also create separate networks that can't communicate in PFSSL. It's confusing why you need two devices when one would work better and be easier. I'd simply use a single device, set up multiple subnets, and configure rules to block data exchange between them.
I’d explore further details… Vlans operate on the same physical layer. Well-designed vlans match the security of truly isolated cables. If a method exists to manipulate vlans across a network like PFense, it signals a much bigger risk than a home setup being compromised by kids’ downloaded malware. The existence of such exploits would indicate serious vulnerabilities at a national level, not something to worry about in a domestic environment. Vlan hopping is real, and some devices like Cisco’s VLAN1 may be vulnerable, but PFense and properly configured switches should prevent it. I suggest digging deeper into this topic. Yes, physical separation adds extra protection, but it moves us into espionage territory—irrelevant for a home network. If you’re overly concerned, you’d also worry about fiber optics, which eliminate the risk of signal interception through splicing or eavesdropping. Optical signals don’t transmit data in the same way as Ethernet, making it harder to detect any tampering. This level of concern is far beyond what most homeowners need to address, and even large corporations wouldn’t prioritize it.