What I want to do:
It's small business network setup. I need two separate LANs (LAN1 for developers, LAN2 for marketing and managers). A wifi access is also needed. All network should have access internet. The security policies are as follow: 1- LAN1 host cannot see or communicate with LAN2 hosts. 2- LAN2 can communicate with LAN1 hosts and read or write on their disks. 3- WLAN has only internet access and no access no any LANs.
AS the first solution: I though of using a L2 manageable switch (like D-Link DGS-1210-28 (L2) or D-Link DGS-3620-28SC (L3)) and create two VLANs on it by port-based VLANs. Then use a simple ADSL wifi modem-router (like asus rt-n66u or cisco RV series routers) to share internet and create WLAN.
But I have few questions:
- Doest this work? IF yes, the routing between two VLANs is performed by L2 switch itself? can I set those security rules on VLANs using the switch configuration?
- Or I should go for buying a more advanced router and create the two real LANs?
I have also budget problem. So a less expensive solution which works is best for me.
Many thanks
Regards
PS: I don not if I should mention that there will be a HP server and NAS storage probably on LAN1.
Best Answer
An L2 device can not route, so no, inter-vlan routing can not occur on it directly, and aggregating the VLANs on the modem would require that the modem device can trunk and route VLANs.
I'd recommend getting a used cheap Cisco L3 (or equivalent) switch, enable inter-vlan routing, and create VLAN Access Control Lists to define who can see what from where. You'd have three VLANs... marketing, dev and WAN.
You'd allow both VLANs access to WAN (stateful), marketing/management stateful access to dev, and block all inbound from dev to marketing (and likewise block WAN to either internal).