Hello
For my home lab, I tried to implement VLAN for securing and reducing broadcasts, but found so many issues (multicast discovery etc) that I went back as flat scheme. So here is the list I have at home -
I am using flat 192.168.1.0/24 as of now.
1x Firewall - Sophos XG. It running in esxi, and I have dedicated one NIC for WAN. For LAN, it goes to vswitch.
6x Mikrotiks, all being controlled by Capsman.
5x Linkplay Audio (I have yet to find the UDP multicast to see how it does it)
4x Apple TVs
10x Sonoff Tasmota, rnning KNX. My KNX router accepts multicast from 224.0.0.1 on all addresses.
10x Hikvision camera
Intercom is run by 3CX
They are interconnected by 2x Cisco SG300 swtches.
What i wanted was -
VLAN10 = All IOT (Tasmotas, Mikrotik talking to each other on L2 for Caps), Server
VLAN20 = Audio (Linkplay) and TV (Apple)
VLAN30 = All Cameras
VLAN40 = All of us (family members)
VLAN50= Staff
VLAN60= Guest.
The interlinks required were -
VLAN10 can only be accessed by VLAN50, VLAN40.
VLAN20 can be accessed by Guests (VLAN60), that means multicasts?
VLAN30 only by VLAN10 (hikvisions storing data) and by VLAN 40.
VLAN50,60 can get internet.
What I tried -
Tried making VLANS on Cisco SG300, also on XG firewall. All VLAN routing was to be done by XG. Created all the interfaces in LAN zone and also enabled firewall rule to interconnect.
Nothing worked. What did I do wrong.
I am ready to restart fresh (fresh plan, fresh assignments etc)
Thank you
Nitin
No comments:
Post a Comment