Homelab

371 readers

3 users here now

Rules

Be Civil.
Post about your homelab, discussion of your homelab, questions you may have, or general discussion about transition your skill from the homelab to the workplace.
No memes or potato images.
We love detailed homelab builds, especially network diagrams!
Report any posts that you feel should be brought to our attention.
Please no shitposting or blogspam.
No Referral Linking.
Keep piracy discussion off of this community

founded 1 year ago

MODERATORS

communick@selfhosted.forum

rglullis

Should I assign all VLANs on a single port? (alien.top)

submitted 11 months ago by Several_Cover_6774@alien.top to c/homelab@selfhosted.forum

7 comments fedilink hide all child comments

First Homelab in the making and it’s been an wonderful process learning everything. I am using a Protectli 4 port device running pfSense, an 8 port UniFi managed switch and a Raspberry Pi Cluster for now. I have an IoT VLAN created for these devices on a singular port on top of my already configured LAN setup by default. If I decide to create more VLANs, which I’m sure I will, what interfaces should I assign them too. I am having a hard time finding literature on when to create a VLAN and if you do should you put multiple on one interface or create them on separate interfaces. Like igc0 has my IoT VLAN and LAN should my other VLANs go there or like igc2 for example. Sorry for the long message just curious about industry standards and best practices.

you are viewing a single comment's thread
view the rest of the comments

[–] Fl1pp3d0ff@alien.top 1 points 11 months ago

In the business world, and good practice, vlans should only exist on ports where that vlan's traffic needs to pass.

Example: say my cameras are on vlan 3, and my default vlan is 1. I've also got IoT on vlan 9. IoT does not need access to the internet. Neither do the cameras (they're viewed from a vm running blueiris)... The port going to the modem only needs vlan 1 on it, all others excluded.

IoT needs to talk to the cams sometimes, so the cams have both 3 and 9, and IoT has 3 and 9. (this could also be done with some l3-fu on the switches, but I configured the routes in opnsense so I could log peculiarities).

I've only got two machines that are allowed access to the management vlan (13), which has all my IDRAC/ilo/bmc/nm configured on their ports, and no other vlans.

Those two machines are firewalled on machine and the management access is only allowed when necessary (manually).

Hope that's clearer than mud.