inter-VLAN routing

Soldato
Joined
11 Jun 2003
Posts
7,613
Location
The Shadows (london)
Hi all
still pretty new to setting these up and have some questions

Is it possible to access file shares on other VLANs?

I can ping across the VLANs but cannot access the nodes via file explorer.

I'm trying to separate things out in my home network but still need some of the devices to be able to communicate across different VLANs. is this possible?

VLAN1 office (pc, server & 3x NAS)
VLAN10 media (Xbox one, ps4 pro & media player)
VLAN20 (wifi and VPN)

both VLANs 1 and 20 would need access to VLAN 10

I'm doing this for fun mainly but would to limit the broadcasts and separate the traffic as a bonus.

Hope this all makes sense.

Cheers

Soogs
 
Soldato
OP
Joined
11 Jun 2003
Posts
7,613
Location
The Shadows (london)
I guess in an ideal world I'd need all networks to be reachable from all networks

I have 3 issues if there is no access between the networks. cant remote play pc/ps4. cant access plex media server. cant remote control media player from a smartphone.
 
Don
Joined
19 May 2012
Posts
17,055
Location
Spalding, Lincolnshire
I'm trying to separate things out in my home network but still need some of the devices to be able to communicate across different VLANs. is this possible?

It makes no sense at all to separate the things you've listed.

Broadcast traffic is a none issue with so few devices.

If you really want to do what you are suggesting you the easiest option would be some kind of router, something like an Ubiquiti edge router or a mikrotik.
 
Soldato
Joined
1 Apr 2014
Posts
18,532
Location
Aberdeen
I'm trying to separate things out in my home network but still need some of the devices to be able to communicate across different VLANs. is this possible?

I think you need subnets rather than VLANs. That is, if you need anything at all.

A VLAN would come in use where you need complete separation so have a separate VLAN for your IOT devices or a separate wifi network for guests.
 
Soldato
OP
Joined
11 Jun 2003
Posts
7,613
Location
The Shadows (london)
It makes no sense at all to separate the things you've listed.

Broadcast traffic is a none issue with so few devices.

If you really want to do what you are suggesting you the easiest option would be some kind of router, something like an Ubiquiti edge router or a mikrotik.
I am using an EdgeRouter X. would i just set up 3 different networks minus the vlans?

I think you need subnets rather than VLANs. That is, if you need anything at all.

A VLAN would come in use where you need complete separation so have a separate VLAN for your IOT devices or a separate wifi network for guests.
no i dont really NEED this but im doing a netoworking course and am just messing with this for fun/educational reasons.

by subnets do you mean like
192.168.1.0/24 on eth2
192.168.2.0/24 on eth3
192.168.3.0/24 on eth4

or 192.168.1.0/26 on switch0
Different. Managed just means it has a web page or console access and can configure things like bland.

Layer 3 essentially builds in routing to a switch
thanks. ill look into getting one of these for the future
 
Soldato
Joined
21 Jul 2005
Posts
19,981
Location
Officially least sunny location -Ronskistats
Am I the only one that's confused that you say you can ping across vlans without already having some sort of routing going on?

Yes I was confused but didn't want to come across as an arse. I like anyone tinkering for educational purposes and should be encouraged.

However the contradiction that creeps in means your either mixing terminology, or missing the point you would install it in the first place! :)
 
Caporegime
Joined
18 Oct 2002
Posts
26,053
If you've declared interfaces on an EdgeRouter then it will be routing between them without you having to do anything else. So you have inter-VLAN routing working already, at a guess you don't have any sort of service discovery.

https://help.ui.com/hc/en-us/articles/360035256553-EdgeRouter-mDNS-Repeater

Incidentally it would have been good to know what equipment you were using at some point before post #9 in the thread ;)
 
Soldato
OP
Joined
11 Jun 2003
Posts
7,613
Location
The Shadows (london)
Sorry! Yes, I should have stated what equipment I was using.

I'm using 2x 4g modems
ERX as router
2x other routers (1 as WAP/bridge and one as VPN router)
2x unmanaged switches

ERX (eth2,3,4 = switch0)
eth0 <---> modem load balanced
eth1 <---> modem load balanced
eth2 ¦---> WAP ¦---> VPN Router
eth3 <---> GB Switch (office)
eth4 <---> GB Switch (entertainment)



I'll try the mDNS thing come back with an update soon.
I've put the ERX back into a VLAN-less state for the time being and will tinker with it after work&study
thanks for all the help
 
Soldato
Joined
24 Sep 2015
Posts
3,657
In a home environment I don't see much point in splitting stuff into VLANs if you're then wanting to have full reachibility between them. It's adding increased complexity and you may find that throughput between the VLANs is pretty poor which will just end up creating frustration.
 
Soldato
Joined
21 Jul 2005
Posts
19,981
Location
Officially least sunny location -Ronskistats
It makes sense for home IP cctv and guest wifi reasons. To learn about it is also handy.

Going back to post#2 (while were at referencing backslaps) if you want to share freely between each VLAN its a bit pointless and confusing! (confusing in I think you could rejig your VLANs i.e. have printer, NAS etc in one; wifi on another; wired the other - would sound better) :)
 
Associate
Joined
19 Apr 2010
Posts
400
Location
Dorset, UK
If you want all devices to still communicate with each other across VLANs, it makes the idea of VLANs for your setup a bit redundant.

I'm using VLANs for isolation and to use the router/firewall to permit only cross communication between devices on specific ports that I chose.

So I have an IOT VLAN, but my pi-hole sits in a different LAN, the router only allows DNS to go between the two, yet my PC is also in the same VLAN as the pi-hole so I can access the UI, ssh, etc. I also have another VLAN which allows homebridge to communicate with the IOT VLAN, again only on the specific ports.

Some of it is not entirely necessary, although I don't trust a lot of the IOT devices. But the whole point is to be able to restrict (or block completely) cross VLAN communication, there is no point setting them up and permitting everything. You are just asking your router to do more work and reduce your throughput between devices.
 
Back
Top Bottom