this post was submitted on 24 Nov 2023
1 points (100.0% liked)

Homelab

380 readers
9 users here now

Rules

founded 1 year ago
MODERATORS
 

I'm not much of a networking person. But I understand the importance of different vlans. Currently I have 4 separate vlans that I change my PCs ip address to access If I buy a four-port nic and assign each port to a separate lan does the computer know which port to use to access the appropriate traffic or is there something else I should be doing instead?

Only the main network has access to the outside internet and it would be nice to have one system that could access everything. Or even allow my email server access to different vlans to send out alerts.

  1. Main network
  2. NVR & Cameras
  3. KVM & IPMI
  4. Various equipment

My main system is normally powered off so I wouldn't see this as an added security risk But it would definitely save some time when I sit down to check things out

all 16 comments
sorted by: hot top controversial new old
[–] [email protected] 1 points 11 months ago (2 children)

This is what a router is for. To communicate between clans.

[–] [email protected] 1 points 11 months ago

Clash of clans? Not my type of game <3

[–] [email protected] 1 points 11 months ago (1 children)

There can be only one! 🗡️ ⚡️

[–] [email protected] 1 points 11 months ago

lol. Now all my vlans will be named McLeod

[–] [email protected] 1 points 11 months ago

This setup might work, if you get the routing right. Set the default Route to the interface where your internet is connected to. If it is a Windows be careful to set up only one default route (this gets wrong easy and is hard to catch)

But i would not recomment this setup, try to use a (virtual) firewall or at least a router and learn about trunks/tagging to avoid buying unnecessary nics.

[–] [email protected] 1 points 11 months ago

This is what firewall ACL rules are for.

[–] [email protected] 1 points 11 months ago

User your router to route between vlans. It will require you set up proper firewall rules. Then you can access it from any system you like.

Alternatively just pass the tagged traffic to your desktop and set them up to each have their own IP address on your main NIC. There really is no reason to have a NIC for each VLAN.

[–] [email protected] 1 points 11 months ago (1 children)

What is your current network setup? Where are these Vlans setup on?

This seems like an odd setup that you need to change IP's to access the different Vlans, if you have something that is capable of setting up Vlans, then it would be capable setting things up to allow access across Vlans?

If you don't want everything on the main network to access all areas, you could create a 5th Vlan that only certain devices like the device you use to check on everything sits on that has access across all areas of the network. I do this at home as the Wife and Kids devices sit on a separate network to my devices which can go anywhere they like.

[–] [email protected] 1 points 11 months ago

My main network is on a N4064 - 192.168 two separate vlans on a N3048P - 10.10 the other is on a dumb switch - 10.2 vlans are setup within pfsense.

I know how to assign ports within both Dell switches but then I have to physically move my patch cable and frankly I'm lazy

It was setup for me and I was only shown how to hop back and forth. I'm not a networking guy at all so I'm trying to learn, and I assumed there was a better way.

Would like the NVR to have access to both the camera vlan and the main network and give my main computer access to the equipment vlan I have a system on that vlan that runs my CNC routers/3d printers that I'd like to keep from the Internet be great to just have the access on my main pc usually access it through the kvm

[–] [email protected] 1 points 11 months ago

You current nic may support VLAN trunking, so you could have multiple IP addresses on a single physical nic, so wouldn't need 4 physical interfaces.

But as the others said, use routing or a firewall to do this.

[–] [email protected] 1 points 11 months ago

The way to do this with an L3 managed switch is to use inter-vlan routing and access control lists.

First part is simple enough, enable IP routing in the switch, then give your vlan interfaces an IP address.

To control which nets can talk to others you build ACLs and attach the policy to the vlan. For instance, you can permit your workstation on the main net to talk to anything on nets 2, 3, and 4, and conversely they can talk back to only your workstation if you wish. Then you can deny anything on nets 2 - 4 from talking to each other.

[–] [email protected] 1 points 11 months ago

if they're all separate ip spaces and everything is directly connected and on linux it should work fine. directly connected is the best route. people are saying windows is weird so i believe them.

[–] [email protected] 1 points 11 months ago (1 children)

You change your IP address only and you have access to different devices?

Or you change your IP address and plug into a different switchport / switch / device?

If its the first, you're not running separate vlans, you're running separate subnets over the same layer2 network.

[–] [email protected] 1 points 11 months ago (1 children)

I reassign it in the router to the proper vlan and set my IP accordingly. My switches have layer 3 functions but I just treat them as their own lan

[–] [email protected] 1 points 11 months ago

Re-assign it? Whats it? Reassign a port to the proper VLAN?

So are you plugged straight into your router, with switches plugged into other router ports?

If you have a diagram, it would make it easier to understand your network.