First Homelab in the making and it’s been an wonderful process learning everything. I am using a Protectli 4 port device running pfSense, an 8 port UniFi managed switch and a Raspberry Pi Cluster for now. I have an IoT VLAN created for these devices on a singular port on top of my already configured LAN setup by default. If I decide to create more VLANs, which I’m sure I will, what interfaces should I assign them too. I am having a hard time finding literature on when to create a VLAN and if you do should you put multiple on one interface or create them on separate interfaces. Like igc0 has my IoT VLAN and LAN should my other VLANs go there or like igc2 for example. Sorry for the long message just curious about industry standards and best practices.

  • Fl1pp3d0ff@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    In the business world, and good practice, vlans should only exist on ports where that vlan’s traffic needs to pass.

    Example: say my cameras are on vlan 3, and my default vlan is 1. I’ve also got IoT on vlan 9. IoT does not need access to the internet. Neither do the cameras (they’re viewed from a vm running blueiris)… The port going to the modem only needs vlan 1 on it, all others excluded.

    IoT needs to talk to the cams sometimes, so the cams have both 3 and 9, and IoT has 3 and 9. (this could also be done with some l3-fu on the switches, but I configured the routes in opnsense so I could log peculiarities).

    I’ve only got two machines that are allowed access to the management vlan (13), which has all my IDRAC/ilo/bmc/nm configured on their ports, and no other vlans.

    Those two machines are firewalled on machine and the management access is only allowed when necessary (manually).

    Hope that’s clearer than mud.