Join Log in
Score:0
avatar Server

I Setup A VLAN. Now what?

et flag
Tyrelius

I have setup a VLAN (I think), and can't figure out how to use it. A basic description of my setup is:

EdgeRouter PoE5:

  • eth0 is PPPoE WAN interface to DSL modem in bridge mode
  • eth1 is unused with its own DNS and DHCP on its own subnet 192.168.1.0/24
  • eth2, eth3, eth4 are combined into switch0 using hardware offload
    • eth2 is connected to wireless AP
    • eth3 is connected to a switch
    • eth4 is connected to DHCP/DNS server
  • switch0 does not have DHCP or DNS configured, is on main subnet 192.168.0.0/24
  • switch0.42 is a VLAN I just setup, with DHCP, and on its own subnet 192.168.42.0/24

DNS and DHCP for switch0 are handled by another machine, so it acts just as my gateway/firewall. No DNS forwarding is configured for any of the interfaces in the EdgeRouter. I rely on the DHCP settings to tell my clients where they should be getting their DNS. I know this can be handled more securely, and I can increase DNS performance by having my EdgeRouter cache the last 10000 entries, but for now, I have it this way.

Now that I have my VLAN set up, how do I actually use it? I'm trying to do this based on the idea that you can have multiple subnets on the same port and use tagging to separate the traffic. As far as I know, my EdgeRouter supports this, as I can assign multiple VLANs to a single ethX interface, so I would assume it'll work the same on switch0.

But, how exactly do I assign clients to the subnet? It has its own DHCP, but anything I connect goes for my main subnet on the main LAN, and acts like it doesn't even see the VLAN. I suppose this is expected. But then, how exactly do I get something to actually see the VLAN and use it instead of my main LAN?

I've searched the web, and I can find all kinds of info on setting up a VLAN, but nothing about how to connect clients to it, unless the VLAN is port-based. Tag-based VLAN info is hard for me to find. I found a support article from StarTech on how to set a VLAN tag on NICs that support it using Device Manager in Windows. But what about devices that I can't manually configure, like a Chromecast or my mother-in-law's laptop? Is there an interface (or cli) somewhere that I can assign devices to each LAN/VLAN based on MAC address, kind of like assigning static DHCP addresses?

Maybe an EdgeRouter isn't the right VLAN solution for me. Or maybe VLANs are not the right solution for me at all. The only goal is to dynamically segregate traffic on the same physical network as if they were on separate networks, without having to buy equipment for actual separate networks.

65
0 + 0
joeqwerty avatar
cv flag
joeqwerty
What was the purpose of creating a VLAN? What's the end goal?
1
Reply
et flag
Tyrelius
End goal is to have a separate VLAN for development purposes. My initial use case is for setting up RPi units for my friends and family, installed with AdGuard Home for both DNS and DHCP, and needing to not screw up my main network's DHCP. Other use cases would be eventually setting up another VLAN for IoT and smart devices I don't trust on my main network, like the TV.
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.