In reference to a RB40 (bunch of stuff). I know 0.01% about networking, but better than your grandma (Maybe). Im just trying to learn…
I think I understand the concepts of vlans but not sure if they are required instead of just subnetting.
I know what a dhcp server is.
I think I comprehend a bridge (in reference to interfaces aswell as tagged vlan trunks)
My BHAG would be, on my one router eth1 and eth2 as WANs from two separate providers eth1 as main and eth2 as failover (no load balancing)...
I think I found some information on this, but below problems are stopping me. eth3 fed into a layer2 switch servicing multiple [10ish] hosts. eth4 fed into a layer 3 switch, with no vlans and only QoS implemented.
eth3 are all my machines, eth4 are another departments [that for QoS reasons has 6 of my machines on it, do they need to be?], I would like to be able to run a DHCP on eth3 that wont get broadcast requests from eth4, but be able to connect to and from my machines on eth4 (static IP given by guy who 'owns' that network).
I would like all of my machines (eth3 and eth4) to be able to acces the internet via the wans on eth 1 and 2 but deny internet access to the other machines on eth4. I would also like to not let any other devices on the eth4 network initiate communication with my devices on the eth3 network (except my devices on eth4), and vice versa my machines on eth3 can only initiate communication with my devices on eth4. I assume I have to give eth4 an ip that my machines (on the eth4 network) would use as a gateway to contact my machines on the eth3 network. I thought I would need to create vlans and then use routing between them to limit traffic to only allowed devices… this seems to be incorrect.
In my head this seems simple for a competent engineer, I am not. I don't expect you to solve my problems for me, but maybe point me in a direction of learning? Everything ive found online seems either elementary or PHD level or in another language, im looking for middle school…. any help is appreciated, THANKS! PS this is not a mission critical application or corporate infrastructure, if it was id hire some one, this is just a learning opportunity for me.