Ok so I am not the brightest in here by far but I have a question about VLANs here is my current setup. I realize that this is now a network nightmare and I desperately need some insight on this problem. Does any one have a good idea of how to vlan off my interfaces on the Power Router but keep each interface all on the same /24 network, to where they all can get out onto the Internet but not see any of the other interfaces? Well they may need access to Ether5 where the DNS server resides and the email services.
VLAN needs to be introduced but how?
i understand how VLANs work for Ip seperation but I need interface seperation but all with the common out. This should clean up my broadcasts.
Any ways here is my generic picture. Please help if you could. Thank you.
If you need everything to stay on the same network VLANs won’t do you any good. VLANs are separate networks. If you place all those ports on different VLANs, the ports will be on different networks - unless you bridge all the VLAN interfaces, at which point you’re right back where you started.
If you really need to stop traffic between the bridged interfaces you can use the bridge firewall to drop packets, I guess. It’d be far cleaner to create VLANs and go away from everyone sharing a network, though.
Perhaps I am incorrect but I think you are still referring to an network/IP separation which is correct but I want to tag out the ports not the IP network. This should make a virtual port separation so that the broadcast do not go bouncing from one side of the network to the next.
Do you think there is a away to vlan tag out the ports not the network?
Now lets say that on this network I have my /24 network still out there but I also have mingled with everything a private network of 192.168.123.0/24 and a 192.168.124.0/24 … I should be able to separate those two logical networks with VLANs correct? The only problem is that the 192.168.123.0/24 network exist on ethernet port 2 and ethernet port 3 but 192.168.124.0 exist on only ethernet port 2.
How do you separate and yet still allow them all to flow out? The 192.168.123.1/24 and 192.168.124.1/24 address is on the power router with a masquerade NAT.
I guess I would need to make 2 bridges:
bridge123
bridge124
Then do I place the interfaces and the VLAN in the bridge via its ports? And do I then change 192.168.123.1 to interface vlan123 and 192.168.124.1 to vlan124? but how do I keep the two vlans out of each others bridge and out of each others broadcast?
Do all ips further down the line communicate on the VLAN if the switches are layer2/3?
I am sorry I feel like my knowledge has a few holes in it and I just need my insanity gaps filled. Thanks
Chupaka’s response the second post says it all, but this post I see is all referring to the 750Gs that have the switch chip enabling possibilities. So with a x86 RB and ROS3.x this is not possible. Which makes me sad, but I guess I will need to get a 750G now and go with the newer ROS4.x version to do what I want to do.
