Home VLAN Segregation - How can I reach the devices in each VLAN from my PC ?
My goal is a standard home network segregation (VLANS) for different services
- CCTV
- Intercom
- NAS and Internet
- System Vlan (Default)
I have created the VLANS for CCTV and Intercom but the problem is that when I set the ports for CCTV devices as Untagged I cannot reach them from my PC. I can only reach them when I add the ports back in the default system VLAN.
Question: How can I reach the devices in each VLAN from my PC ?
Switch Model: TL-SG2428P Ver 5
Firmware: 5.0.5 Build 20230602 Rel.73473
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Hi @AADuw
Thanks for posting in our business forum.
No. This is not VLAN interfaces which you can access each VLAN from your PC. This is 802.1Q VLAN and you cannot access them because of the isolation.
So, buy a router or your current router supports VLAN interfaces, then you can do what you want.
- Copy Link
- Report Inappropriate Content
To sum it up, you would need a layer 3 switch ( one that also can do routing ) to function like you are asking. Like Clive says, a standalone router would work with sub interfaces set for your vlans - your basic router on a stick setup.
Layer 3 switches are pretty sweet, but also can be pretty spendy depending on your needs in general.
- Copy Link
- Report Inappropriate Content
Hi @AADuw
Thanks for posting in our business forum.
No. This is not VLAN interfaces which you can access each VLAN from your PC. This is 802.1Q VLAN and you cannot access them because of the isolation.
So, buy a router or your current router supports VLAN interfaces, then you can do what you want.
- Copy Link
- Report Inappropriate Content
To sum it up, you would need a layer 3 switch ( one that also can do routing ) to function like you are asking. Like Clive says, a standalone router would work with sub interfaces set for your vlans - your basic router on a stick setup.
Layer 3 switches are pretty sweet, but also can be pretty spendy depending on your needs in general.
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
I Understand now the requirements to reach this goal.
To wrap up this post How would 802.1Q (Isolation) be benificial in this case when setting up this home network ?
Thanks
- Copy Link
- Report Inappropriate Content
Hi @AADuw
Thanks for posting in our business forum.
AADuw wrote
I Understand now the requirements to reach this goal.
To wrap up this post How would 802.1Q (Isolation) be benificial in this case when setting up this home network ?
Thanks
Beneficial, how? You should be more specific.
It is beneficial for the business environment where they need to separate and isolate the departments and be clear about their access path. It would be great for the network management.
I don't know if this is "beneficial" for your home network. Anyway it is contradictory to what you need.
- Copy Link
- Report Inappropriate Content
Simply having your devices in different vlans will help keep traffic "clean" where you want it clean. This is especially true in regards for IOT devices and your CCTV network by both decreasing congestion on your main user vlan and giving you better control and visibility of traffic within all of them. For instance, you can have a much more strict dns policy with Pihole or AdGuard in the IOT vlan, and that would cover a significant problem area since they like to collect data on you and your network. Using ACLs to segregate it further wouldn't be the worst idea, but those devices likely don't have a decent way to even know about your other networks. Some might be that sneaky somehow. If you want to lock down your cctv network access to, say, just one host with ACLs, that would need doable too im sure.
You would have to assess your own benefits really. If you want something anecdotal, I do not use ACLs to lock down a whole lot at home. Putting devices in appropriate broadcast domains will almost always be sufficient and blocking/blackholing things with DNS is even more effective. At least that's how I operate.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 502
Replies: 7
Voters 0
No one has voted for it yet.