Hi,
Right now I'm running 2 servers. One Proxmox and one FreeNAS and both of them got 3x Gbit NICs.
I've got 2 LANs. One "DMZ" subnet for untrusted devices and VMs connected to the internet and one "INTRANET" subnet for all my trusted devices and VMs I only use locally. Both subnets are using unmanaged switches and both servers are connected to those two switches. The third NICs are a direct connection between the proxmox host and the NAS for NFS shares so accessing a share won't slow down the connection to the DMZ and INTRANET.
Now I had installed a OPNsense-VM with a dedicated quadport Gbit NIC passed through and want to use that as my new router. I'm totally new to vlans and never used them because I never had a managed switch. But now I would like to buy a managed switch and setup my network to use vlans for better isolation and more flexibility. I looked at some routers with 24port Gbit + 4port 10Gbit SFP+ to be able to upgrade later to 10Gbit if I find some cheap Mellanox NICs.
I've read a bit about vlans but I'm not sure if it will work like I understand it.
If I would replace one of the Gbit NICs on each server with an single port 10Gbit NIC, it should be possible to connect my different VMs and LXCs to different subnets if I separete them by different vlan ids?
And if I do that I could create a trunk so all vlans can share the same single 10Gbit NIC to be connected to the switch and on the switch I map that vlans to physical Gbit or 10Gbit ports?
So I don't need that onboard Gbit NICs at all anymore (except for the IPMI ones)?
If I just buy the managed switch first and want to use my Gbit NICs meanwhile, but now with vlans, how hard is it to change the NICs later? For example if don't create a trunk and just connect the 3 NICs to the switch so the switch can tag the vlan based on the physical ports I use?
Would be great to know if that it possible at all before I buy a new switch or start to setup my OPNsense.
Right now I'm running 2 servers. One Proxmox and one FreeNAS and both of them got 3x Gbit NICs.
I've got 2 LANs. One "DMZ" subnet for untrusted devices and VMs connected to the internet and one "INTRANET" subnet for all my trusted devices and VMs I only use locally. Both subnets are using unmanaged switches and both servers are connected to those two switches. The third NICs are a direct connection between the proxmox host and the NAS for NFS shares so accessing a share won't slow down the connection to the DMZ and INTRANET.
Now I had installed a OPNsense-VM with a dedicated quadport Gbit NIC passed through and want to use that as my new router. I'm totally new to vlans and never used them because I never had a managed switch. But now I would like to buy a managed switch and setup my network to use vlans for better isolation and more flexibility. I looked at some routers with 24port Gbit + 4port 10Gbit SFP+ to be able to upgrade later to 10Gbit if I find some cheap Mellanox NICs.
I've read a bit about vlans but I'm not sure if it will work like I understand it.
If I would replace one of the Gbit NICs on each server with an single port 10Gbit NIC, it should be possible to connect my different VMs and LXCs to different subnets if I separete them by different vlan ids?
And if I do that I could create a trunk so all vlans can share the same single 10Gbit NIC to be connected to the switch and on the switch I map that vlans to physical Gbit or 10Gbit ports?
So I don't need that onboard Gbit NICs at all anymore (except for the IPMI ones)?
If I just buy the managed switch first and want to use my Gbit NICs meanwhile, but now with vlans, how hard is it to change the NICs later? For example if don't create a trunk and just connect the 3 NICs to the switch so the switch can tag the vlan based on the physical ports I use?
Would be great to know if that it possible at all before I buy a new switch or start to setup my OPNsense.
