Are VLANs Appropriate Here
-
Not sure if this will muddy up the water but we have 3 VLANS on our network. All wired traffic (Servers, PCs, and VOIP) on VLAN 1, All Secured "corp" wifi on VLAN 2, and all student/guest wifi on VLAN3.
VLAN 3 cannot communicate with VLAN 1 or 2 without ACLs
VLAN1 and 2 can communicate with each other but cannot see anyone on VLAN 3
-
then why do VLAN 1 and 2 need to be on different VLANs?
-
@Donahue said in Are VLANs Appropriate Here:
then why do VLAN 1 and 2 need to be on different VLANs?
Technically they don't but I kept all LAN traffic outside of the WIFI scope
-
@WLS-ITGuy said in Are VLANs Appropriate Here:
@Donahue said in Are VLANs Appropriate Here:
then why do VLAN 1 and 2 need to be on different VLANs?
Technically they don't but I kept all LAN traffic outside of the WIFI scope
I am setting mine up so that all my stuff on the corp network can be switched, not routed. I am coming from a setup where everything was separated, and its was all inefficient. When my router blew up, it took most of my network with it because it all had to be routed.
-
@WLS-ITGuy said in Are VLANs Appropriate Here:
@Donahue said in Are VLANs Appropriate Here:
then why do VLAN 1 and 2 need to be on different VLANs?
Technically they don't but I kept all LAN traffic outside of the WIFI scope
No, if they can talk to each other the their traffic is not kept out of that scope. They are comingled, so what is the purpose of the VLAN?
-
@Donahue said in Are VLANs Appropriate Here:
@WLS-ITGuy said in Are VLANs Appropriate Here:
@Donahue said in Are VLANs Appropriate Here:
then why do VLAN 1 and 2 need to be on different VLANs?
Technically they don't but I kept all LAN traffic outside of the WIFI scope
I am setting mine up so that all my stuff on the corp network can be switched, not routed. I am coming from a setup where everything was separated, and its was all inefficient. When my router blew up, it took most of my network with it because it all had to be routed.
My VLANs are all at the switch level and my wireless controller.
-
@Donahue said in Are VLANs Appropriate Here:
@WLS-ITGuy said in Are VLANs Appropriate Here:
@Donahue said in Are VLANs Appropriate Here:
then why do VLAN 1 and 2 need to be on different VLANs?
Technically they don't but I kept all LAN traffic outside of the WIFI scope
I am setting mine up so that all my stuff on the corp network can be switched, not routed. I am coming from a setup where everything was separated, and its was all inefficient. When my router blew up, it took most of my network with it because it all had to be routed.
That's the boat that the OP is in, he has this massive bottleneck and risk in the router that isn't serving a purpose. Even without removing the VLANs, he could fix that by moving their crossover point to the switch.
-
is this just a DHCP scope thing?
-
@Donahue said in Are VLANs Appropriate Here:
is this just a DHCP scope thing?
Right, DHCP is affected, but not security.
-
@scottalanmiller said in Are VLANs Appropriate Here:
@Donahue said in Are VLANs Appropriate Here:
is this just a DHCP scope thing?
Right, DHCP is affected, but not security.
I can see the argument of having two different DHCP scopes, one for wired and one for wireless. I cannot comment on if that is the best choice though, just that it makes sense.
-
@Donahue said in Are VLANs Appropriate Here:
@scottalanmiller said in Are VLANs Appropriate Here:
@Donahue said in Are VLANs Appropriate Here:
is this just a DHCP scope thing?
Right, DHCP is affected, but not security.
I can see the argument of having two different DHCP scopes, one for wired and one for wireless. I cannot comment on if that is the best choice though, just that it makes sense.
Based on what need? Just the fear that someone will hijack the secure wireless and perform a DHCP exhaustion attack? It's a huge amount of effort for a really trivial attack vector that has no serious impact.
-
no, I am saying that I could see that someone wanted to separate out their devices so each could have its own separate DHCP scope. I am not saying that this was a good idea, or that I would do it, just that I can see how VLAN's could be used to achieve that effect. Again, I am not saying this would be using VLANs correctly
