VLans, Subnets, Block rules
-
I'm watching these Lawrence Systems videos on Youtube https://youtu.be/ouARr-4chJ8?t=726
And he's created some VLans - each with a subnet.
Then he goes to the firewall, explicitly and specifies that a Vlan can send to anything, except the other Vlans. Basically blocking access into other Vlans.
But by virtue of each VLan having its own subnet - my understanding is that you can't access those other IP ranges in the different subnet, making the blocking from firewall pointless?
-
@underworld
You are correct about VLANs being segregated on Layer2 (L2), the MAC Layer.
But on Layer3 (L3) (Routing Layer) it is possible to forward (IP) packets from one VLAN to another.pfSense is a L3 device, doing routing.
Ps:
pfSense does both L2 + L3 operations.
In order to do L3, you must support all of the lower layers too.
Hint: OSI Model
https://en.wikipedia.org/wiki/OSI_model/Bingo
-
@underworld said in VLans, Subnets, Block rules:
my understanding is that you can't access those other IP ranges in the different subnet, making the blocking from firewall pointless?
Huh? How would the internet work if could not access other IP ranges?