Have a question or two regarding VLAN's, using the Chateau LTE18, extra eyeballs for feedback would be appreciated
So, to give an idea, this is the overview of the network, due to WFH, strict requirements around work laptop access and security hence usage of VLAN's to tighten down the network
- VLAN 10 is the home network - 192.168.10.0/24
- VLAN 30 is the internet of things network - 192.168.30.0/24
- VLAN 50 is the work - 192.168.50.0/24
Without Ether5 plugged in, the CIDR is 192.168.1.0/24
- Pihole is on 192.168.1.2 and directly attached to ether2 port of the Chateau
- Other devices are attached to the switch, this is directly attached to ether1 port of the Chateau
- Firewall is as is, part of default configuration
It works in isolation - different networks in their own VLAN's, with a pihole blocking network wide - that works, DHCP works, leasing addresses and general internet access across different VLAN's
However, because the bridges are setup individually to tie in with the address block as part of the /ip address configuration in the attached.
My questions:
- Why is it that have had to set up a separate bridge for each Address CIDR, in conjunction with the dhcp server's interface as part of the /ip dhcp-server
- With what is configured - is this the right approach to take in using multiple bridges in this manner for different VLAN's with security in mind?
This has left a feeling of wee bit confused with VLAN's and not quite sure, maybe its a different device that is referenced in the VLAN tutorial.
Navigating on the winbox GUI, it was, confusing with determining which interface to tag and untag.
That the right terminology that have seen floating around the forum /interface bridge port is known as ingress, and /interface bridge vlan as egress?
Could be wrong in my assumption that the terminology used on the winbox GUI is not consistent, for example pvid versus vlan-ids which make matters worse in understanding and adapt the tutorial referenced
Here's the attached sanitized configuration Thanks for reading and for any valuable feedback.