Greetings and salutations,
I have a VLAN question. I have a PFSense router with various VLAN tags. The wire holding the VLANS goes to an inexpensive Netgear managed switch.
I have each port assigned to a separate VLAN as Untagged as well as the Trunk port (1) as tagged. I think I got that part right. So no troubles there!
Let’s take a local VLAN with the id of 666. This VLAN has its base ip address of 666.666.666.1 (I know the 666 is not valid I just want to obfuscate the real numbers). I have two hosts as well on the VLAN of the Devil. 666.666.666.666 and 666.666.666.667. That’s it for the setup.
Now the question. I’ve been trying to block all local VLAN ips. I.e. block all 666.666.666.0/24 on VLAN 666. This is done via the firewall. Right? Hence this does not work on the switch. I can happily ping 666.666.666.666 from 666.666.666.667 and vise versa. This is because the switch is responding to my pings on the local VLAN of the Devil and the firewall is not involved in any way. But things coming in from another will be blocked because they have to traverse the firewall to get to the VLAN of the Devil?
Is my head on straight? Is it possible to block ips inside a VLAN at the switch/VLAN level? I bet it’s not an inexpensive managed switch.
Anyhow, thank you all for your help! I just am testing my understanding.
—FossilizedGamer