Let's imagine this scenario - simplified from our desired set-up
VLAN 1 - server vlan 192.168.1.0/24
VLAN 2 - client vlan 192.168.2.0/24
VLAN 50 - guest wifi vlan 192.168.50.0/24
We want to route freely between VLAN 1 and VLAN 2 but prevent any traffic routing to/from VLAN50
I have read and understand this Dell VLAN routing guide but this only covers the scenario when you are happy for everything to flow between all VLANs.
I have a few questions which it would be great to have some help with
1) Global routing - we think that if we just do
ip routing
this will route between all VLANs which is not what we want - correct?
2) However, if there is no IP address set on the VLAN 50 interface, it won't route, correct? So as long as no VLAN which we want to isolate has an IP address assigned in that VLAN, no routing?
So we could then issue an "ip routing" command, and we would get what we want, providing we never configure an IP address on VLAN 50 interface. Let's call this "Solution A" - does it work?
3) Static routing - if we issue static routes to particular subnets this will allow all VLANs with IP addresses set on the interface to route to them
e.g. if I do
ip route 192.168.1.0 255.255.255.0 192.168.1.1
then VLAN 2 can get to VLAN 1, but so can VLAN 50
Is that right?
4) However, if I never create a route back to VLAN 50, then although traffic could route from VLAN 50 to VLAN 1, replies could never come back again - right?
Let's call this solution B - does it work?
5) If we wanted to issue static routes which only applied in certain VLANs it looks as though DNOS has an vlan parameter to the ip route command - but I can't find any explanations of exactly what that means or how it works?
Let's call this solution C - would that work?
6) Lastly, assuming all these solutions work, which is the best solution?
Thanks.