nottelling

@nottelling@lemmy.world

This is a remote user, information on this page may be incomplete. View at Source ↗

⁨Comment⁩ on ⁨Basic networking/subnetting question.⁩ ⁨⁨1⁩ ⁨day⁩ ago⁩:
no. Arp bridges layer 1 and 2. It’s switch local. With a VLAN, it becomes VLAN local, in the sense that 802.1q creates a “virtual” switch.
⁨Comment⁩ on ⁨Basic networking/subnetting question.⁩ ⁨⁨1⁩ ⁨day⁩ ago⁩:
Broadcast traffic (such as DHCP) doesn’t cross subnets without a router configured to forward it. It’s one of the reasons subnets exist.
⁨Comment⁩ on ⁨Basic networking/subnetting question.⁩ ⁨⁨1⁩ ⁨day⁩ ago⁩:
What in the world is “a proprietary OS I cannot trust”. What’s your actual threat model? Have you actually run any risk analyses or code audits against these OSes vs. (i assume) Linux to know for sure that you can trust any give FOSS OS? You do realize there’s still an OS on your dumb switch, right?

This is a silly reason to not learn to manage your networking hardware.
⁨Comment⁩ on ⁨Basic networking/subnetting question.⁩ ⁨⁨1⁩ ⁨day⁩ ago⁩:
A VLAN is (theoretically) equivalent to a physically separated switch. The only way for machines to communicate between vlans is via a gateway interface.

If you don’t trust the operating system, then you don’t trust that it won’t change it’s IP/subnet to just hop onto the other network. Or even send packets with the other network’s header and spoof packets onto the other subnets.

It’s trivially easy to malform broadcast traffic and hop subnets, or to use various arp table attacks to trick the switching device. If you need to segregate traffic, you need a VLAN.
⁨Comment⁩ on ⁨Basic networking/subnetting question.⁩ ⁨⁨1⁩ ⁨day⁩ ago⁩:
What you are asking will work. That’s the whole point of subnets. No you don’t need a VLAN to segregate traffic. It can be helpful for things like broadcast control.

However, you used the word “trust” which means that this is a security concern. If you are subnetting because of trust, then yes you absolutely do need to use VLANs.