Dumb switch on dedicated vlan port
-
I am looking to set up a vlan network on my pfsense box. I have two unused ports on the back of my pfsense box. I was wondering if I can use that port for a specific vlan and use my dumb switch on that port. I would only plug in devices that would belong or should be kept on the matching vlan network.
The last port I would use for my Ubiquity AP, for all VLans.
Any issues with my thinking or would this not work?
-
You do not have to vlan tag on that interface. Just assign it a new IP range. Will kinda look like a vlan, but is really just new network segment.
-
So the intent was to separate stuff on my network. I have following:
BlueIris Security camera server and cameras.
IOT devices (smart TVs, Alexas, etc)
Guest network
etc.I have a 3750 cisco POE Switch 10/100 that can manage the slower devices and networks.
I am especially concerned with the cameras and other IOT devices that could potentially get hacked and allow access to other parts of the network.
Would assigning a new IP range help separate the network?
-
You don't need a managed switch. If you assign the VLAN to a port, there's no way for anything connected to it to know it's on a VLAN. That switch will also pass tagged VLANs, but won't be able to manage them.
-
Yes, adding a new IP range to the port connected to the switch will separate the devices. Then if you want you can do interesting things with rules to isolate or not isolate devices.
Port 1 might have the IP 10.10.220.0/24 and port 2 might be 192.168.100.0/24. The only way they talk is if you allow (the default is to allow) them to talk.
