What makes sense in the changeup of my network?
I do have a problem in the way that things are partitioned:
1. vlans are just that, they are setup to not have connection to each other. This is by design, and I went out of my way when I setup my Edgerouter-12 to force vlan isolation even though by default vlans can talk to each other.
2. I actually setup some vlans so that the elements in those vlans would only be able to talk outside the router to the internet and not to each other. This was a security design.
3. I made sure that vlans that were isolated to other vlans were not able to modify any of the settings on my Edgerouter-12 except for the admin vlan. This was a security design.
4. I have a couple of specific computers that are allowed to contact other vlans. This was by design and allows me to monitor equipment as necessary without having to give all my equipment the same level of access. This was a security design.
5. The above way of partitioning has resulted in some problems with being able to get to certain servers. I actually need the following:
- I need to be able to get to port 8123 of my HA-IOT server, on the IOT vlan, from the LAN3 vlan which contains my iPhones, iPads, and laptops.
- My HA-IOT server needs to get to the data servers in the Server vlan
- My Plex server resides in the Server vlan and both the Media and the LAN3 vlan need to get to it
- My Media equipment needs to get to the data servers in the Server vlan
- For testing purposes I need to have some Docker containers in the Development vlan be able to get to the MQTT server on the HA-IOT server in the LAN3 vlan
- My iPhones, iPads, and laptops on the LAN3 vlan need to be able to get to Media equipment on the Media vlan
- Some of these alternate connections are going to require the device to be on the same subnet
So, this means that there needs to be overlap between the different vlans, but at the same time it needs to be controlled. I do have an additional Edgerouter-X which I can use for that purpose. This will be an exploration of what I can accomplish. This Edgerouter-X will not be used as a normal router, but will in fact be the way that I can provide a controlled interface between vlans. If the router is removed, then everything will go back to the way it was before. This will also give me a chance to try out zone based routing on the Edgerouter-X.
