I’m not much of a networking person. But I understand the importance of different vlans. Currently I have 4 separate vlans that I change my PCs ip address to access If I buy a four-port nic and assign each port to a separate lan does the computer know which port to use to access the appropriate traffic or is there something else I should be doing instead?
Only the main network has access to the outside internet and it would be nice to have one system that could access everything. Or even allow my email server access to different vlans to send out alerts.
- Main network
- NVR & Cameras
- KVM & IPMI
- Various equipment
My main system is normally powered off so I wouldn’t see this as an added security risk But it would definitely save some time when I sit down to check things out
What is your current network setup? Where are these Vlans setup on?
This seems like an odd setup that you need to change IP’s to access the different Vlans, if you have something that is capable of setting up Vlans, then it would be capable setting things up to allow access across Vlans?
If you don’t want everything on the main network to access all areas, you could create a 5th Vlan that only certain devices like the device you use to check on everything sits on that has access across all areas of the network. I do this at home as the Wife and Kids devices sit on a separate network to my devices which can go anywhere they like.
My main network is on a N4064 - 192.168 two separate vlans on a N3048P - 10.10 the other is on a dumb switch - 10.2 vlans are setup within pfsense.
I know how to assign ports within both Dell switches but then I have to physically move my patch cable and frankly I’m lazy
It was setup for me and I was only shown how to hop back and forth. I’m not a networking guy at all so I’m trying to learn, and I assumed there was a better way.
Would like the NVR to have access to both the camera vlan and the main network and give my main computer access to the equipment vlan I have a system on that vlan that runs my CNC routers/3d printers that I’d like to keep from the Internet be great to just have the access on my main pc usually access it through the kvm
You current nic may support VLAN trunking, so you could have multiple IP addresses on a single physical nic, so wouldn’t need 4 physical interfaces.
But as the others said, use routing or a firewall to do this.
The way to do this with an L3 managed switch is to use inter-vlan routing and access control lists.
First part is simple enough, enable IP routing in the switch, then give your vlan interfaces an IP address.
To control which nets can talk to others you build ACLs and attach the policy to the vlan. For instance, you can permit your workstation on the main net to talk to anything on nets 2, 3, and 4, and conversely they can talk back to only your workstation if you wish. Then you can deny anything on nets 2 - 4 from talking to each other.
if they’re all separate ip spaces and everything is directly connected and on linux it should work fine. directly connected is the best route. people are saying windows is weird so i believe them.
