Replying to Avatar Daniel Wigton

I forgot that I actually do have a small poe+ switch for the cameras. I need a router with more interfaces though. I vlan all the crap I don't want talking to other things. I wish I could define a lan where anything on it had 0 permission to talk to anyone at all, even peers. Don't speak unless spoken to.

Maybe some fancy switches can do that.
Avatar
ChipTuner 10mo ago

I think this can be done at l2, I have heard of something like that but anytime you have tagged traffic access you can hijack a connection. Which I assume is the case for your hypervisor hosts (it is for mine) I need to be able to put VMs on certain vlans and the host needs to be isolated. So at that point it doesn't really matter what you do if anything on l2 can access it if it wants to.

Reply to this note

Please Login to reply.

Discussion

Avatar
Daniel Wigton 10mo ago

Yes. I have a trunk to my hypervisor. Most ports are untagged though or default to an unused vlan id. So there are maybe 4 devices that could in theory jump vlans, but if any of those are compromised I am toast anyway.

Avatar
ChipTuner 10mo ago

Yup. I'd argue depends how they get compromised but yeah.