c4Iona Posted August 11, 2019 Share Posted August 11, 2019 Question regarding allowed networks. On the tab it says: You can expand the list of allowed networks by adding one, or more, CIDR network specifications to the following list. For example: 192.168.2.0/24 I have multiple vlans on my network and would like to have devices on both 10.0.30.0/24 and 10.0.60.0/24 be able to communicate with control4. Can I not do that? I added 10.0.60.0/24 on the line below and hit set but when I go to another tab and then come back, the second network is gone. I even tried 10.0.0.0/8 (not that I want that) but it just reverts back. Am I really confined to a single /24 network with control4? Quote Link to comment Share on other sites More sharing options...
Thepritch88 Posted August 12, 2019 Share Posted August 12, 2019 This function definitely works, I use it communicate with devices on other vlans. What control4 version are you on? have you set up inter vlan routing on your router? Quote Link to comment Share on other sites More sharing options...
LollerAgent Posted August 12, 2019 Share Posted August 12, 2019 14 hours ago, c4Iona said: Am I really confined to a single /24 network with control4? No. I have several VLAN's. Ensure your router is routing across VLANs properly. Quote Link to comment Share on other sites More sharing options...
ekohn00 Posted August 12, 2019 Share Posted August 12, 2019 6 hours ago, Thepritch88 said: This function definitely works, I use it communicate with devices on other vlans. What control4 version are you on? have you set up inter vlan routing on your router? how does that work? Your routers/switches prevent/enable VLAN cross over. If an app would allow the crossing of VLANs then all security of a VLAN would be useless. Quote Link to comment Share on other sites More sharing options...
LollerAgent Posted August 12, 2019 Share Posted August 12, 2019 7 minutes ago, ekohn00 said: how does that work? Your routers/switches prevent/enable VLAN cross over. If an app would allow the crossing of VLANs then all security of a VLAN would be useless. A router routes traffic between networks. You use other methods (like a firewall) to prevent un-necessary traffic between VLANs. Quote Link to comment Share on other sites More sharing options...
c4Iona Posted August 12, 2019 Author Share Posted August 12, 2019 Let me clarify my question. in OS3, is the ability to define additional vlans broken? I have tried to add a second vlan to this and it will not stick. As for my network, traffic between the 4 vlans I have defined works just fine. I am just asking about the config in control4. Quote Link to comment Share on other sites More sharing options...
LollerAgent Posted August 12, 2019 Share Posted August 12, 2019 24 minutes ago, c4Iona said: Let me clarify my question. in OS3, is the ability to define additional vlans broken? I have tried to add a second vlan to this and it will not stick. As for my network, traffic between the 4 vlans I have defined works just fine. I am just asking about the config in control4. Yeah - I'm also seeing the same problem (tried one CIDR per line, multiple per line, etc). Not a huge problem for me since I have all of my "automation" devices in a single VLAN at the moment. Wonder if they are aware of this bug? Quote Link to comment Share on other sites More sharing options...
ekohn00 Posted August 13, 2019 Share Posted August 13, 2019 21 hours ago, LollerAgent said: A router routes traffic between networks. You use other methods (like a firewall) to prevent un-necessary traffic between VLANs. go back and re-read my questioning of a statement. I was pointing out that an app can not select VLAN routing (in theory, unless it's acting as a router, in which case it doesn't work throughout the network infrastructure). Basically what I'm stating is in a working infrastructure with VLANs separating "users", there's no way composer can select which VLANS it wants will use unless specifically given access to the VLAN. And your remarks are half right. you don't need a firewall to to prevent un-necessary traffic between VLANs. Firewalls are VLAN agnostic. (yes I know there are home FWs like a Unifi USG that have VLAN settings....this is router/switch functionality). Quote Link to comment Share on other sites More sharing options...
Thepritch88 Posted August 13, 2019 Share Posted August 13, 2019 22 hours ago, ekohn00 said: how does that work? Your routers/switches prevent/enable VLAN cross over. If an app would allow the crossing of VLANs then all security of a VLAN would be useless. I don't understand your question, I didn't mention an app allowing the crossing of VLANS Quote Link to comment Share on other sites More sharing options...
ekohn00 Posted August 13, 2019 Share Posted August 13, 2019 5 minutes ago, Thepritch88 said: I don't understand your question, I didn't mention an app allowing the crossing of VLANS I might have read your original post in haste. I thought you said the function is what allows crossing VLANs. Let's take VLANs out of the discussion. The Allowed Networks function basically allows the composer to communicate with devices on different subnets, nothing more. Your network infrastructure (whither using VLANS or not) still needs to provide the routing. Quote Link to comment Share on other sites More sharing options...
Thepritch88 Posted August 13, 2019 Share Posted August 13, 2019 Yea I think we are all saying the same thing. It definitely worked in 2.10.x but I haven't tested it on os3 Quote Link to comment Share on other sites More sharing options...
LollerAgent Posted August 13, 2019 Share Posted August 13, 2019 1 hour ago, ekohn00 said: go back and re-read my questioning of a statement. I was pointing out that an app can not select VLAN routing (in theory, unless it's acting as a router, in which case it doesn't work throughout the network infrastructure). Basically what I'm stating is in a working infrastructure with VLANs separating "users", there's no way composer can select which VLANS it wants will use unless specifically given access to the VLAN. And your remarks are half right. you don't need a firewall to to prevent un-necessary traffic between VLANs. Firewalls are VLAN agnostic. (yes I know there are home FWs like a Unifi USG that have VLAN settings....this is router/switch functionality). I guess I mis-understood your statement then, sorry. Right - you do not need a firewall to prevent traffic from between VLANs *unless* you have a router handling L3 between each VLAN; which is very common. "Firewalls are VLAN agnostic" doesn't really make sense to me. If you have a firewall, it most likely has sub-interfaces on each VLAN for which it is patrolling. Quote Link to comment Share on other sites More sharing options...
ekohn00 Posted August 13, 2019 Share Posted August 13, 2019 2 hours ago, LollerAgent said: I guess I mis-understood your statement then, sorry. Right - you do not need a firewall to prevent traffic from between VLANs *unless* you have a router handling L3 between each VLAN; which is very common. "Firewalls are VLAN agnostic" doesn't really make sense to me. If you have a firewall, it most likely has sub-interfaces on each VLAN for which it is patrolling. what I am saying is it's not the job of a firewall to block or allow traffic between VLANs. Or at least that is what I meant to say. Need coffee.... Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.