Forums

meazz1
meazz1
Offline
Resolved
0 votes
I need to create a VLAN and move my home users to that VLAN.
Right now, I have a LAN where I have the home users and a HOTLAN for IoT devices.

I have the following devices with static IP:
Router: 192.168.4.1
Unifi 60W managed switch:192.168.4.2
Unifi AP-AC lite: 192.168.4.3
PiHole: 192.168.4.4
Unifi controller: 192.168.4.6
Printer 192.168.4.7

I want to create a new VLAN 10 for users, but keep the network gears in LAN 192.168.4.0/24 network.
I also want to isolate VLAN10 from LAN and I know the HOTLAN is already separated from everything.

For the VLAN to access PiHole and the printer, what firewall rules I need to do? Is there an example some one point me to? or what would be the best path forward?
Tuesday, July 27 2021, 05:39 PM
Share this post:
Responses (4)
  • Accepted Answer

    Tuesday, July 27 2021, 08:36 PM - #Permalink
    Resolved
    0 votes
    Unfortunately the way the HotLAN rules have been written is restrictive. You can still have multiple HotLANs but some crosstalk is allowed from one HotLAN to another but I can't remember the details. I believe I know how to fix the rules to allow as many HotLANs as you want. The problem is that I don't have a full test suite for the changes and risk breaking something. If you want to do a small script, have a look at the IP Settings docs.

    I'm afraid I don't understand your comment about "network gears".
    The reply is currently minimized Show
  • Accepted Answer

    meazz1
    meazz1
    Offline
    Wednesday, July 28 2021, 11:58 PM - #Permalink
    Resolved
    0 votes
    @Nick Thanks

    So, after crating a HotLan I put script file in /etc/clearos/firewall.d/04-hotlans folder.
    This will keep all my HotLans and Lan isolated?
    Why not I create a a VLAN, already I have a Lan and HotLan? Is this not a good idea?

    For the 1st option of 2 Hotlans and a Lan, do I need any firewall to allow my Pihole and Printer accessible to the Hotlans from Lan?
    The reply is currently minimized Show
  • Accepted Answer

    meazz1
    meazz1
    Offline
    Thursday, July 29 2021, 12:02 AM - #Permalink
    Resolved
    0 votes
    Gear in my case is
    Pihole
    Unifi Ap-AC lite
    Unifi controller
    Printer

    I don't mind some crosstalk.
    The reply is currently minimized Show
  • Accepted Answer

    Thursday, July 29 2021, 07:23 AM - #Permalink
    Resolved
    0 votes
    From reading your post I understood you wanted isolation of two of the LANs. which *may* suite the HotLAN model. In this model LAN's can access HotLANs but not vice versa. But I am not really clear on what you are trying to achieve.

    Multiple HotLANs with that script also work with VLANs. it is up to you if you want VLAN's. The one thing you need to take into account, possibly is that HotLAN's can't access the server either (except for DHCP and DNS).

    If you create a VLAN of the LAN type, it can access the other LAN. There is no isolation between LANs, but you can add isolation rules to the firewall if you want.
    The reply is currently minimized Show
Your Reply