Re: [m0n0wall] Isolating users with managed switch

From:	A dot L dot M dot Buxey at lboro dot ac dot uk
To:	Alex M <radiussupport at lrcommunications dot net>
Cc:	Monowall Support List <m0n0wall at lists dot m0n0 dot ch>
Subject:	Re: [m0n0wall] Isolating users with managed switch
Date:	Sun, 15 Jul 2007 18:59:46 +0100

Hi,

> I want to isolate users (Block NetBios so comps cant see each other, or use
> VLANs some how).
> 
> I know if I want  to do it with regular wired network I need to use managed
> switch, but I never used them so what function will I need to block net
> bios? How can I setup vlans to achieve same results? Any particular models
> for cheap prices?

if you use VLANs you can simply put each user on a different one and
not allow them to talk at the router. a simpler way is to just use
a decent switch that has private VLAN or port seperation function .eg.
Cisco 2950/2960 series which has 'switchport protected' so hosts
cant see each other directly through the switch...or at all if you
decide so as the VLAN termination/router.  dont be tempted to use
singular netmask (eg 255.255.255.255) that will isolate each system
via TCP/IP but they'll happily see each other still via netbios and
IPX is they have those protocols running.

alan