Re: VLAN or aliases or? best way to isolate untrustable hosts in a small network

Brian, I'm going to set vnetid 100 to tag VLAN and connect physical em0 to L3 switch "uplink" port (port 10 in my case) with "Tagged" mark. # /etc/hostname.vlan100 description 'Untrusted' inet 192.168.155.1 255.255.255.240 192.168.155.15 lladdr 32:f6:02:c4:1A:88 vlandev em0 vnetid 100 Ports 1-3

Re: VLAN or aliases or? best way to isolate untrustable hosts in a small network

Thank you for all the replies. Christian right, I didn't familiar with VLANs before my conceptual question about IoT isolation, so I have no knowledge how do VLANs work before his answer. Thanks to documentation, articles, and vlan(4), in OpenBSD for any of physical Ethernet device can be

Re: VLAN or aliases or? best way to isolate untrustable hosts in a small network

The OP’s hostname.vlan* files never specify a vnetid. I get an error trying to configure and bring up the second vlan interface the same way without vnetid specified. Regardless of my error, the ifconfig(8) man page says without vnetid specified, vlan tag 0 will be used. You need to specify

Re: VLAN or aliases or? best way to isolate untrustable hosts in a small network

On 2020-02-05, Janne Johansson wrote: >> # /etc/hostname.vlan101 >> description 'WLAN attached untrusted hosts' >> inet 192.168.156.0/24 255.255.255.0 vlandev run0 > > VLANs and wifi sounds like a non-starter. Yep, if you're building your access point with OpenBSD. More generally, though, any

Re: VLAN or aliases or? best way to isolate untrustable hosts in a small network

Den ons 5 feb. 2020 kl 13:07 skrev Denis : > I've made two VLANs to automatically assign random IPs from a pool by > dhcpd: > [...] > # /etc/hostname.vlan101 > description 'WLAN attached untrusted hosts' > inet 192.168.156.0/24 255.255.255.0 vlandev run0 > VLANs and wifi sounds like a

Re: VLAN or aliases or? best way to isolate untrustable hosts in a small network

Denis, I suspect the fundamental problem is that you don't understand what VLANs are. There should be a lot of articles about this topic on the net; maybe somebody here can recommend a good one. -- Christian "naddy" Weisgerber na...@mips.inka.de

Re: VLAN or aliases or? best way to isolate untrustable hosts in a small network

Hi Christian, I've made two VLANs to automatically assign random IPs from a pool by dhcpd: # /etc/hostname.vlan100 description 'LAN attached untrusted hosts' inet 192.168.155.0/24 255.255.255.0 vlandev em0 # /etc/hostname.vlan101 description 'WLAN attached untrusted hosts' inet 192.168.156.0/24

Re: VLAN or aliases or? best way to isolate untrustable hosts in a small network

On 2020-02-03, Denis wrote: > Some hosts should be limited in internet access and/or local access or > simply be restricted in some way because they are untrusted. > > I'm looking for a possibility to isolate untrusted inside LAN using any > approach applicable. How do people isolate undesirable

VLAN or aliases or? best way to isolate untrustable hosts in a small network

Some hosts should be limited in internet access and/or local access or simply be restricted in some way because they are untrusted. I'm looking for a possibility to isolate untrusted inside LAN using any approach applicable. How do people isolate undesirable hosts in their networks? Cheers!