Hi Guys i have 2 networks 192.168.23.x and one 192.168.11.x that run on separate lan's but come together at one switch that links them. What are the options to have these incorporated into one lan while still being able to control traffic between the 2 different networks. Should Vlan work or Different subnets?
Thanks.
Re: 2 Separate Vlan / Subnets on one Lan.
Hi
Few options I see:
* port based bridging + routing between bridges
* vlan untagged: on / port basis, which is basically same as above
* vlan tagged: on all ports, and can be then routed as normal between vlan interfaces
Few options I see:
* port based bridging + routing between bridges
* vlan untagged: on / port basis, which is basically same as above
* vlan tagged: on all ports, and can be then routed as normal between vlan interfaces
Re: 2 Separate Vlan / Subnets on one Lan.
What i actually want is to run the 2 networks over on physical media whilst access can be controlled as to what traffic can communicate to each other?
(in other words i want to remove the 2nd physical network because now it runs a dual one admin and one production, i would like for both the networks to run only one one physical network )
Sorry i am quite new to this .
(in other words i want to remove the 2nd physical network because now it runs a dual one admin and one production, i would like for both the networks to run only one one physical network )
Sorry i am quite new to this .
Re: 2 Separate Vlan / Subnets on one Lan.
Well, "back to basics":
You can easily have 2 subnets inside the same layer 2 domain (or physical media, or VLAN, whatever you are calling a single layer 2 network). You just put the gateway addresses on the same interface, for example:
/ip address add interface=ether2 address=192.168.1.1/24
/ip address add interface=ether2 address=192.168.1.2/24
Even though those 2 subnets are inside of the same layer 2 network, they can't "talk" to each other without the packets being routed by the router. So just put firewall rules on the router.
Of course, anyone with even a little bit of network experience can then dump the traffic, see the 2nd subnet, then put an IP from that subnet on their local interface and speak directly with the other subnet. You can't really prevent this in any way that I'm aware of. Or not simply, anyway.
If you really want to keep that traffic separate and you're worried about what I just said above, you have to segregate the layer 2 domains.
You can easily have 2 subnets inside the same layer 2 domain (or physical media, or VLAN, whatever you are calling a single layer 2 network). You just put the gateway addresses on the same interface, for example:
/ip address add interface=ether2 address=192.168.1.1/24
/ip address add interface=ether2 address=192.168.1.2/24
Even though those 2 subnets are inside of the same layer 2 network, they can't "talk" to each other without the packets being routed by the router. So just put firewall rules on the router.
Of course, anyone with even a little bit of network experience can then dump the traffic, see the 2nd subnet, then put an IP from that subnet on their local interface and speak directly with the other subnet. You can't really prevent this in any way that I'm aware of. Or not simply, anyway.
If you really want to keep that traffic separate and you're worried about what I just said above, you have to segregate the layer 2 domains.
Re: 2 Separate Vlan / Subnets on one Lan.
If you need to control traffic in diff nets on L2 you need Vlans. If you need to control them on L3 and do some filtering, you need router which will terminate these Vlans.Hi Guys i have 2 networks 192.168.23.x and one 192.168.11.x that run on separate lan's but come together at one switch that links them. What are the options to have these incorporated into one lan while still being able to control traffic between the 2 different networks. Should Vlan work or Different subnets?
Thanks.