Hello,
I'm preparing to setup a CRS354 48 Port Switch to act as a router for a small network, and also to act as a switch for VLANs. My scenario is for a public computing center attached to a library, with a public computer lab and 2 library employee computers.
I plan to have 3 subnets attached to the switch:
1) A subnet connecting to the Internet from our ISP
2) A subnet for the public computers where the CRS354 switch acts as the gateway and DHCP server
3) a VLAN subnet where the library computers can connect to the rest of the library intranet
My question is in regards to keeping subnet 3 completely independent of traffic on the other two subnets. How do I prevent the swtich, running routeros, from routing traffic between the private VLAN subnet and the other two subnets?
I know I could do it if I used two devices, one acting as the router and one acting as the switch, where the switch only processed switching and VLANs. In this case I'd have 2 VLANs, one for the public computers and one for the library computers. This scenario separates everything in layer 2. By adding routing to the swtich, connections can be made at layer 3, and I'd like to avoid that.
Are firewalls the only way to prevent layer 3 connections? Is there a networking solution, while still only using a single CRS354 switch?
Thank you,