Microsegmenting and inter-VqLAN communications (not routing)
@Firewalla:
- What does the 'q' stand for in VqLAN?....disregard, found it in your documentation...Quarantine
- Will inter-VqLAN routing be supported?
Use case: I currently have groups created for PCs, Phones, Cameras, NAS', Printers, Alexas,....along with other Groups (my Groups are currently created based on the type of device, not for security purposes).
- PCs need to be able to communicate with Printers
- Phones need to be able to communicate with Printers
- Phones and PCs should not be able to communicate with each other
- No other Groups should be able to communicate with Printers
Will microsegmentation and VqLANs be able to support this, while keeping printers, phones, and PCs in their own groups?
-
1. VqLAN operate on the same network, so there is no routing involved. In the coming 1.64 app, we will add "allow" feature, which will allow devices to communicate to a VqLAN enabled group, or a isolated device.
2. Yes, the reason for the "allow" rule is exactly what you wanted. You can group devices together and allow them to access some common resources.
You will see this feature in the next 1.64 update (7 to 14 days)
-
NO. VqLAN has nothing to do with 6ghz or 5ghz or 2.4ghz. It will work regardless of the channel.
What doesn't work is dynamically assigning groups using Personal Key (PPSK) with the same SSID. That part only works with WPA2 (so 6ghz won't work). If you are using static mapping, say, giving kids their own SSID, have that SSID map to a VqLAN enabled group, you don't have the issue.
If you want to use the same SSID and give each kid their own personal key (password) then dynamically update the VqLAN enabled group, then you are limited to WPA2.
Please sign in to leave a comment.
Comments
5 comments