Hello All,
Have been reading extensively the Beginner's basics forum, and while I do understand most of what I am reading about VLAN and DMZs, I am not fully sure what path to take for my setup.
I have a CRS328-24P-4S+ serving the complete house, SFP01 is connected via Fiber to my Intrnet Provider router
Ethernet ports 1 to 24 are connected to various equipment within the house (Sonos speakers, TV, NAS, computers, ....)
All is working out of the box pretty much as default and I am trying to isolate traffic between what I trust and what I don' trust and I would like some advice on wich path to take, so i can read more in depth about this.
Devices that I trust should be able to reach each-other's + the internet, while the devices I do not trust, should NOT be able to reach each-other's (or any other device on other VLANs), but reaching the internet should be possible.
I understand that I can take the VLAN route (with VLAN filtering) but going this way will fill all my requirements other than the fact the untrusted devices will be able to communicate between each other's if I understand this correctly.
How could I address this ? I think the way to achieve this, would be to create a DMZ where I would put all my trusted devices, and to create a single DMZ per port that I want to fully isolate; then I would create appropriate firewall rules; is this correct or is there a 'simpler' way of implementing this ?
Thanks very much all for your time
Cheers