Sorry for being such a noob. My networking is not very strong, thought I’d ask the fine folks here.
Let’s say I have a Linux box working as a router and a dumb switch (I.e. L2 only). I have 2 PCs that I would like to keep separated and not let them talk to each other.
Can I plug these two PCs into the switch, configure their interfaces with IPs from different subnets, and configure the relevant sub-interfaces and ACLs (to prevent inter-subnet communication through the router) on the Linux router?
What I’m asking is; do I really need VLANs? I do need to segregate networks but I do not trust the operating systems running on these switches which can do L3 routing.
If you have a better solution than what I described which can scale with the number of computers, please let me know. Unfortunately, networking below L3 is still fuzzy in my head.
Thanks!
Subnets are on layer 3 not layer 2. You can easy access other devices on layer 3 by finding the right subnet on layer 2. ARP is used to resolve IP addresses into MAC addresses and vis versa.
Thanks, but isn’t ARP contained inside a subnet? I guess you could find everything if you inspected the MAC table of the main switch
ARP is in the broadcast domain (otherwise known as a lan)
Vlans create multiple lans
Ah, I see. Thanks
no. Arp bridges layer 1 and 2. It’s switch local. With a VLAN, it becomes VLAN local, in the sense that 802.1q creates a “virtual” switch.
Sorry, I’m not sure what you mean by “ARP bridges L1 and L2”. I’ll have to read more about this. Other than that, I understand what you said.
ARP is in a single broadcast domain which can span multiple switches.