Hi Guys i have 2 networks 192.168.23.x and one 192.168.11.x that run on separate lan’s but come together at one switch that links them. What are the options to have these incorporated into one lan while still being able to control traffic between the 2 different networks. Should Vlan work or Different subnets?
Thanks.
Hi
Few options I see:
What i actually want is to run the 2 networks over on physical media whilst access can be controlled as to what traffic can communicate to each other?
(in other words i want to remove the 2nd physical network because now it runs a dual one admin and one production, i would like for both the networks to run only one one physical network )
Sorry i am quite new to this .
Well, “back to basics”:
You can easily have 2 subnets inside the same layer 2 domain (or physical media, or VLAN, whatever you are calling a single layer 2 network). You just put the gateway addresses on the same interface, for example:
/ip address add interface=ether2 address=192.168.1.1/24
/ip address add interface=ether2 address=192.168.1.2/24
Even though those 2 subnets are inside of the same layer 2 network, they can’t “talk” to each other without the packets being routed by the router. So just put firewall rules on the router.
Of course, anyone with even a little bit of network experience can then dump the traffic, see the 2nd subnet, then put an IP from that subnet on their local interface and speak directly with the other subnet. You can’t really prevent this in any way that I’m aware of. Or not simply, anyway.
If you really want to keep that traffic separate and you’re worried about what I just said above, you have to segregate the layer 2 domains.
If you need to control traffic in diff nets on L2 you need Vlans. If you need to control them on L3 and do some filtering, you need router which will terminate these Vlans.