Menu
What's new
By:
Filters Better Search

are VLANs sufficient to separate two LANs?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

S

ScottInOtt

New Around Here
I work in a library. We have two, physically-separate networks: one for public use and a staff network that is used for the operation of the library. Each network has its own Internet connection. Wi-Fi connections are isolated from all other devices on the network; wired public computers only need Internet access and access to two ports on a reservation system. Network devices, such as APs and switches are on a separate management VLAN.

I want to merge the infrastructure for the two networks into a single network for unified management and sharing of specific resources, such as printers. I have a network design that partitions the network using VLANs with shared resources on a separate VLAN with very restricted routing to/from the shared resource VLAN.

My question is: if I define the VLAN at the switch port and AP, are VLANs sufficiently secure to partition my two networks? I know that "sufficiently secure" is pretty subjective, but if you have experience in this area, would you be comfortable using VLANs?

Thanks!
 
Hi @ScottInOtt - While VLANs will naturally create Layer 2 (MAC layer) isolation, you still need to block/permit access at Layer 3 (IP layer), between IP networks/subnets/addresses/groups, either on your router/firewall, or layer 3 switch(es) if you have one/several. For traffic that would move between VLANs, you'll want to selectively drop or accept certain kinds of traffic, networks, address groups and/or devices via ACLs on the firewall/L3 switch(es), for example, not allowing any guest wifi clients to see any of the private network, or allowing shared network resources (printers) only for specific public workstations but nothing else, etc.

All of this is fairly well Google-able/YouTube-able, so you should be able to learn up on how to configure it all without too much trial and error. Just take it slow, perhaps lab on it first, then issue config changes into production one at a time, testing as an end-user between each change.

Hope that helps!
 
Last edited:
You must log in or register to reply here.

Similar threads

davekstl
I am trying to understand vlans
Replies
4
Views
1K
davekstl
davekstl
Phantomski
Questions about VLAN support in 3006
Replies
5
Views
548
Tech9
Tech9
J
The '802.1Q' setting under 'WAN - Internet Connection' (Editing PVC) [Enabled] effect on network performance?
Replies
6
Views
1K
Michael Levi Hillel
M
N
ET12 All Guest/IoT Devices go to main router
Replies
1
Views
571
nonnot
N
F
VLANs on AIMesh nodes, is this feasible today?
Replies
4
Views
872
fulvion75
F
Similar threads
Thread starter Title Forum Replies Date
davekstl I am trying to understand vlans Other LAN and WAN 4

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 844 (members: 20, guests: 824)
Top