VLANs as Interface
-
Hi, i'm currently running PFSENSE on an old notebook and in order to be able to connect to internet and since the notebook has only one interface i configured the main NIC as a trunk Interface and assign 2 vlans to it (WAN-Vlan & LAN-Vlan) then I connected the box to a switch that is already configured with the same VLANS created on the PFSENSE Box to a trunk port that is also configured with the 2 VLANs (WAN-Vlan & LAN-Vlan), then i have a port that is member of the WAN-VLan and there is my ISP connected and the other ports are members of the LAN-Vlan.
The setup is working fine, but my question is. is this setup secure or safe?
My main concern is that there is only one physical interface connected to the switch so there is only one MAC Address with the VLAN Tagging, so I'm not sure if this exposes a risk to my network.Appreciate your comments, recommendations & Advice.
Cheers
-
As long as you do not use VLAN #1 other than internally in your switchit should be fine.
What's your line speed on WAN? Remember that WAN and LAN on the same trunk are still in the same collision domain.
-
Hi, thanks for the info.. Of course I'm not using VLAN1 :)
My wan is 100mbps and the switch is working at 1Gbps.
At the moment I haven't seen any performance issues, but as i said my biggest concern is security.
Once again, thanks for the advice.
Cheers
-
And the interface of your old notebook has what speed?
-
Traffic entering on one vlan wont Access the other vlan, unless you have a router allowing that traversal.
The packets will only see the ones in the same Vlan. Although they may crash together due to being on the same collision domain.
I have a similar setup where my WAN link comes in untagged at one port and tagged out on another to my ESXi Box. This Works fine, and there is no indication that the traffic bops from one vlan to another
-
Hi, Thanks for your replies Guys..
My Notebook Interface is 1Gb, so it's running ok (so far)..
I prefer to have all the VLANS Tagged and disable untagged traffic on the port that connects to the Notebook (PFSense Box).
so only tagged traffic is sent from the switch to the notebook, basically I'm using 3 interfaces on the switch, 1 belongs to the LAN Vlan and connected to another non managed switch, another port connects to the ISP and it belongs to the WAN Vlan and the 3rd port is connected to the notebook as a trunk that accepts only tagged traffic and it only has 2 Vlans (WAN & LAN).
So far it is working OK, but please if you hear or read of a possible flaw when using VLANS appreciate your advice.
Cheers :)