I've lost track of your devices...
I think you're saying your FW has three interfaces: two LAN ports, one for inside and one for dmz (so each is a separate physical LAN), and WAN attached to the ISP box (which is in bridge mode).
Yes, that's correct. It's a
4-port Vault from Protectli. I don't have anything planned for the 4th port, yet.
If so, are you making additional VLANs on inside and/or dmz or are you just working with the one LAN on each?[quote]
I was planning on making each non-WAN port on the FW have its own VLAN. But your question makes me think I'm misunderstanding VLANs (and networking) a little. I've been operating on the assumption that all of the ports on a single device are part of the same datalink layer, where truth is, each port is part of a single data link layer, and the device encompassing those ports that knows how to shuffle data from port1 to port2 is part of the network layer. It's been a long time since my networking class in university.
[quote]Is the "(new) wifi/8-port ethernet router" routing or just acting as a switch for your inside LAN, attached to the FW/port1?
Hmm. No. I need it to provide ethernet points, and wifi. So I think access point mode is sufficient, and I don't need it to provide routing. But what I was reading about DMZs earlier, is that it's better to have a dual-router/FW configuration. So I hadn't ruled that out.
Or am I completely confused?
I'm sure if you're confused, it's only a result of my own confusion...
Regardless, I'd personally prefer to keep all the DHCP on one device for simplicity. I hate having to keep track of the subtleties of two different user interfaces.
That is a very good point.
Previous Topic
Index
