How does the vLan structure in a large network seperate users?

Watchwork · Jul 6, 2017

Background: My landlord is partnered with a local network provider to wire all their properties. I recently set up my own router and was getting a double NAT error. I was hesitant to turn my router to bridge mode as I was worried other houses would be on my same LAN and would be able to see my network traffic, but I called the network provider and was told this is not the case as we are all on our own vLan.

So, If my network provider is acting as an ISP, and everyone under them seems to have the same external IP, but different internal IP address, how do the different vLan connections create separate networks in which I can't see other people's traffic and vice versa?

ccampy · Jul 6, 2017

Random stab in the dark would be to put each apperment/house on its own subnet

boosted1g · Jul 6, 2017

CCampy is correct, you use different subnets for each appartment.

So you can say have apparment 12 have addresses 192.168.12.xxx and appartment 25 have 192.168.25.xxx and so on and so forth.

Then you create simple firewall rules to drop any traffic from 192.168.12.0/24 (way you write 192.168.12.0-192.168.12.255) going to any connection outside of its vlan except the one to the internet.

This is exactly how any "guest network" is setup.

Now with firewall rules you can set whatever you want for vlan communication, you can have a vlan be able to talk to any other device in any other vlan, you can have devices in a vlan unable to talk to devices even inside that vlan, or any single combination in-between.

Search

How does the vLan structure in a large network seperate users?

Watchwork

Prominent

boosted1g

ccampy

Honorable

boosted1g

Titan

TRENDING THREADS

Latest posts

Moderators online

Share this page