Reply
Emerging Member
Posts: 55
Registered: ‎11-16-2017
Kudos: 7
Solutions: 1

Network design question with ER-6P

On an ER6 there is no switch if i'm not mistaken so being a true router the connected interfaces would normally route traffic between them right?  

 

A business that's subbing space to another (same family so trusted but different business) are currently on one big shared network.  If better separation was wanted they could each be on their own network on different ports on the 6P, 10.10.10.x for one and 10.10.20.x for the other.

 

So is it true that no broadcast traffic would pass between the networks?  Would PC's, shared printers still show up by default with no routes defined as the interfaces are both on the same router?

 

If computers were showing up and the 2 networks were still 'tied together' too much, what is the best way to implement a rule that does not allow traffic at all to pass between them? 

 

TIA

 

Highlighted
Regular Member
Posts: 602
Registered: ‎06-17-2015
Kudos: 131
Solutions: 43

Re: Network design question with ER-6P

 

The ER6P does not support any switching, it only has routed ports. The best set up would be to use physically seperate router ports on the ER6, conifguring VLAN's for each business. A VLAN aware switch would be installed for each business, where the switch would terminate on it's dedicated router port. If I were to set this up, I would use a sperate printer per business - less headaches.  VLAN / subnet isolation your could configure firewall rules on the router as shown in this video: https://www.youtube.com/watch?v=baj3747yfos

SuperUser
Posts: 20,320
Registered: ‎09-17-2013
Kudos: 5085
Solutions: 1448

Re: Network design question with ER-6P


@cpro48609 wrote:

On an ER6 there is no switch if i'm not mistaken so being a true router the connected interfaces would normally route traffic between them right?  


 Correct, the ports represent individual physical networks (i.e. they are not switched at all).


@cpro48609 wrote:

A business that's subbing space to another (same family so trusted but different business) are currently on one big shared network.  If better separation was wanted they could each be on their own network on different ports on the 6P, 10.10.10.x for one and 10.10.20.x for the other.


 Yep, or whatever two different subnets you want to use.


@cpro48609 wrote:

So is it true that no broadcast traffic would pass between the networks?  Would PC's, shared printers still show up by default with no routes defined as the interfaces are both on the same router?


 Yes, broadcast traffic will not (by default) cross L3 boundaries.

The routes will be defined by virtue of the two separate subnets being set up on the router.

Devices on either subnet WILL NOT "auto-populate" on the other (as that relies on broadcast traffic).  That being said, with decent enough network printers, you can add them by hand and they will work (although you may need to install the printer's "PCL" driver available from the manufacturer).  Windows shares are similarly straightforward to setup by hand (although that may require you to setup windows firewall to allow traffic from other subnets), other devices may or may not be that easy.  


@cpro48609 wrote:

If computers were showing up and the 2 networks were still 'tied together' too much, what is the best way to implement a rule that does not allow traffic at all to pass between them? 

 

TIA

 


 Firewall that blocks traffic between the two networks.

Emerging Member
Posts: 55
Registered: ‎11-16-2017
Kudos: 7
Solutions: 1

Re: Network design question with ER-6P

Thanks for the reply.  Would a vlan things complicate things a bit since the ports are routed ports anyway separating networks?

A benefit I could see is reducing two switches to one vlan aware switch but other than that it would seem easier to get two regular layer 2 swtiches and have one for one interface say eth1 and one for eth2 which would be on a different network anyway.

Just not sure the benefit of implementing a vlan unless it was on a switched device like an ER-X or something.  I'm newer to this product though so maybe im just not seeing it.

Emerging Member
Posts: 55
Registered: ‎11-16-2017
Kudos: 7
Solutions: 1

Re: Network design question with ER-6P

@dpurgert Thanks! So leaving default it will separate and stop broadcast traffice but devices would still be reachable for administation if hitting them direct right?  Would \\server or justclicking on 'network' in file manager scan thru the default firewall and reveal machines since they are on two different networks?

Thanks again!

Emerging Member
Posts: 43
Registered: ‎02-09-2018
Kudos: 1

Re: Network design question with ER-6P

VLANs would help if you have say, IOT devices (printers, thermostats, VoIP phones, etc) you'd like to cordon off from the rest of your assets to limit damage if they are hacked.  They make it easy to apply specific firewall rules to unique groups. 

 

I also have an ER-6P and ran into the same questions about how traffic should flow across interfaces.  Also keep in mind, if you want broadcast to work across interfaces or VLANs, you have options such as the mdns reflector service.  This allows me to print to a printer, as well as stream to a newer gen Apple TV that were both fenced-off in an IOT VLAN.

SuperUser
Posts: 20,320
Registered: ‎09-17-2013
Kudos: 5085
Solutions: 1448

Re: Network design question with ER-6P

"Network" wouldn't likely show anything off the local subnet.

 

Gotta type it yourself (\\server) or use like AD to help the winboxes know about things.

Member
Posts: 246
Registered: ‎02-03-2014
Kudos: 19
Solutions: 9

Re: Network design question with ER-6P

Does the 6P support virtual switching? Couldn't I bind two interfaces to the same VLAN, for example?

SuperUser
Posts: 20,320
Registered: ‎09-17-2013
Kudos: 5085
Solutions: 1448

Re: Network design question with ER-6P


@CiscoKid85 wrote:

Does the 6P support virtual switching? Couldn't I bind two interfaces to the same VLAN, for example?


Sure, at the cost of disabling routing offload, which is generally not desired.

Reply