Managed Switch - Port Behaviour

Started by Spiky_Gladiator, February 03, 2023, 09:38:30 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
February 03, 2023, 09:38:30 AM
Hi,

I just want to check, what is the behaviour of a managed switch when it's not connected to OPNSense especially with VLANs setup or OPNSense is just turned off ?

I know you configure each port to a specific VLAN on a switch but once OPNSense is not present (turned off or disconnected), how does the switch manage currently connected devices on it ? Does the switch just turn into a standard hub where all the devices can talk with each other or does the connected devices can't still see each other with no DHCP Configuration and just sit there and wait for activity from OPNSense to provide the networking capabilities ?

I'm asking because of security and I don't want my devices to talk with each other at all and that's why I have setup VLANs in the first place.

Thanks
February 03, 2023, 09:45:13 AM #1
The switch does not change its behaviour. If you remove the router, no devices will be able to talk across VLANs. Devices in the same VLAN will be able to talk to each other just like they do with the router present.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
February 03, 2023, 03:31:48 PM #2
Also make sure you don't have inter VLAN routing set up on your switch as in that case, router or not, the devices may be able to talk to each other from different VLANs. This is a layer 3 switch feature - something to check.
February 05, 2023, 10:41:15 PM #3
Quote from: pmhausen on February 03, 2023, 09:45:13 AM
The switch does not change its behaviour. If you remove the router, no devices will be able to talk across VLANs. Devices in the same VLAN will be able to talk to each other just like they do with the router present.

Quote from: eponymous on February 03, 2023, 03:31:48 PM
Also make sure you don't have inter VLAN routing set up on your switch as in that case, router or not, the devices may be able to talk to each other from different VLANs. This is a layer 3 switch feature - something to check.

Isn't Inter VLAN routing handled by OPNSense firewall ? So, if I haven't setup any inter VLAN routing on the switch and when OPNSense is down or off for whatever reason, I should be fine then ?
February 17, 2023, 12:00:57 PM #4
I think the point here is that a number of devices can perform inter-VLAN routing, not just your OPNsense box. I was advising you double check your network devices.

If you don't have a layer 3 switch set up to do that and your only router is the OPNsense one then yes, OPNsense is the only device capable of doing the inter-VLAN routing. You'd need to specifically set up rules to allow devices in different VLANs to communicate with each other as the whole point of VLANs is segregation and hence this is the default behaviour.
Print
Go Up Pages1
User actions