[ale] VLANs for home with a Linux Router

Alex Carver agcarver+ale at acarver.net
Mon Jan 2 19:46:22 EST 2017 

You'd have to hang the file server on a spare router port instead of the
switch and then let the router handle the VLAN switching if you're going
to use non-VLAN-aware hardware elsewhere.

Alternatively have the IP range for the guest LAN be different from the
IP range for the other devices and both outside of each others netmasks
(so 192.168.1.0/24 and 192.168.2.0/24) then put IP filtering on the file
server to block the wrong network although with the netmasks as such it
would be up to the gateway to route the packets (the default route on a
guest won't let the packet go straight to an out-of-network device,
it'll route to the gateway).

Which Meraki are you using?

On 2017-01-02 16:36, Robert L. Harris wrote:
> 
>     One of the things I want to do is create 2 wifi lans using my Meraki.  It'll 
> create a guest lan based on vlans.  It should be able to handle multiple 
> subnets, I'll just have to look into that instead.  I want to make sure someone 
> on the guest lan can't get to my file server which is on a common switch though.
> 
> 
> On Mon, Jan 2, 2017 at 5:07 PM Jim Kinney <jkinney at jimkinney.us 
> <mailto:jkinney at jimkinney.us>> wrote:
> 
>     Many home switches don't understand vlan tagging. To get actual partitioning
>     of the network with vlan tagging, you need to use addressable switches so
>     certain ports are allowed certain vlans while others are not.
> 
>     Use different IP networks and control the gateway. It's the same thing in
>     the end and costs less.
> 
> 
>     On January 2, 2017 6:55:33 PM EST, "Robert L. Harris"
>     <robert.l.harris at gmail.com <mailto:robert.l.harris at gmail.com>> wrote:
> 
> 
>             Anyone actually converted an existing "home" network to a VLAN'd
>         network?  I want to segment some traffic which crosses common dumb
>         switches and think that the best way might be to use vlan tagging on my
>         Linux firewall to break out the devices I don't want touching my default
>         network.
> 
>         -R
> 
> 
>     -- 
>     Sent from my Android device with K-9 Mail. Please excuse my brevity.
>     _______________________________________________
>     Ale mailing list
>     Ale at ale.org <mailto:Ale at ale.org>
>     http://mail.ale.org/mailman/listinfo/ale
>     See JOBS, ANNOUNCE and SCHOOLS lists at
>     http://mail.ale.org/mailman/listinfo
> 
> 
> 
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>

More information about the Ale mailing list