Hi,
I’m running VyOS on an Alix board with (only) 3 physical interfaces.
However, I want to configure 4 network subnets + WAN:
LAN - 192.168.1.0/24
DMZ - 10.0.0.0/24
Management - 192.168.0.0/28
Smart Home - 10.0.0.1/27
In my understanding I must define at least 2 VLANs (VLAN 802.1Q) for this network setup.
Can you confirm this?
The network subnets must be routable and secured by appropriate firewall rules.
THX
Well, you could have several IP networks on the same interface, but it is generally considered a bad idea. If defeats the idea of having different networks in the first place.
So if we keep the standard scheme one network per interface, we need 5 interfaces and we have 3.
2 VLANs would be enough, however that would mean you have at least one interface where you use both directly the interface (without VLAN) and a VLAN on the same interface.
That means you will have both tagged and untagged traffic on the same interface.
While this is perfectly possible, I would rather use either:
or
I would go with your proposal
There’s another thing I must consider:
I have 2 routers in total connected to 2 public IPs.
Router 1 (provided by ISP: AVM Fritz!Box) cannot work with VLAN; router 2 is running VyOS.
The demand for WiFi resulted in defining router 1 with network subnet LAN.
In order to communicate from LAN to DMZ I have defined a static route in router 1 which means that router 2 must have an IP from LAN that is untagged.
Therefore I would define
eth0 = WAN
eth1 = LAN
eth2 = MGMT
eth2.10 = DMZ
eth2.20 = Smart Home
Would you agree on this?