Three VLAN, unmanaged switch, one interface config questions
-
Hi,
I have a project but I need help to make it work. I have two companies that I run from home so on my network, I have multiple computers. I have a PFsense with two network card (WAN and LAN) and a TP-Link unmanaged switch.
Here's what I would want:
10.20.10.0/24: Company1 computers
10.20.20.0/24: Company2 computers
10.20.30.0/24: Home computersThat, I can probably make it work. Here is the issue now. I use my home computer to access all the computers (RDP, shared files, etc). So I would need one computer to be able to access all VLAN (let's say: 10.20.30.5 needs to be able to communicate on 10.20.10.0 and 10.20.20.0).
Is that achievable?
Thanks
-
You need either :-
2 more unmanaged switches and 2 more LAN ports for the router
or
1 managed switch that does 8.0.1q and vlans on the parent interface
- firewall rules on each interface
-
Get yourself a smart switch… They can be had for $30... If your going to run vlans then there is ZERO reason not to do it correctly. Especially if this is any sort of business/company work... Get the correct hardware and charge it to the customer and or write it off.
Your talking the cost of a couple cups of fancy coffee to do this correctly with a vlan capable switch or switch(es)..
Screw using that hammer that is on the other side of room to drive this nail, I am just going to whack at this nail with this screwdriver I have in my hand...
BTW - do not get the smart tplink switches, they are junk and even though they say they do vlans.. They do not actually do it correctly and there is no isolation..
edit
NogBadTheBad gives the other option if you want to go the dumb switch route by complete isolation of the networks.
-
Actually I also should have also asked, do you require Wi-Fi for each of the subnets ?
-
WiFi only for home network
I'm just playing with it as a personal project.
I was sure I could have done it only with pfsense, no need of smart switch or anything. I can specify the vlan id on the network cards
Company1 = One Hyper-V with VMs
Company2 = One VMWare ESXi, and two computers
Home = WiFi, computers, tablets, etcThanks
-
Any device that can put their network card into promiscuous mode can sniff all 3 subnets if you don't use a switch that does 802.1q
-
Yes, I understand that but I'm the only manager and it's just for a protection against viruses. Right now, they are all on the same network and it works great.
-
A dumb switch will pass all tagged and untagged packets, give it a go.
Interfaces -> VLANs
-
So yeah if you hit the nail hard enough with the screwdriver it will work… Doesn't mean you should do it..
There is zero reason to do this... Zero!!! You are not talking thousands or even hundreds of dollars for the correct tool..
And the best thing is you will actually learn something..
-
A dumb switch will pass all tagged and untagged packets, give it a go.
Interfaces -> VLANs
nope, theres plenty of them that just fuckup the tags in some way or another
-
If your running the connection from pfsense to a vm host… Then you don't need a switch even and you can do tagging and use vswitches with port groups to accomplish what you want.
But if your going to break this out into the real world network and connect to a switch and send use multiple layer 3 networks.. Then yes your going to want to isolate said networks at layer 2 with vlans.
Don't be that guy - forgo that pizza or that case of beer and get a switch that can do tags.. I mean really its 30 freaking $'s - shit you can drop that in after work beers on a tuesday.. Which I am sure I will prob do tonight ;)
Don't be that guy
Your switch may or may not pass the tags… But that is really not the point.. Its not going to teach you anything, and all it does is promote bad habits...
There is one thing when hey this needs to be up and running in 30 minutes, and all I have is this dumb switch and production is down.. Can we connect using this dumb switch and run multiple layer 3 on the same layer 2 until the replacement switch comes in.
And then there is oh lets save $5 and just use this dumb switch..
You get a pat on the back for scenario 1, you get fired and ridiculed by your peers in scenario 2..
So there is knowing that it "can" be done.. And then there is being smart enough to know that nobody should do that.. Your not using duct tape to save yourself on Apollo 13 here.. What your doing is breaking out your hack saw to cut the pizza because your tool lazy to open the drawer and pull out the pizza cutter.
