[ previous ] [ next ] [ threads ]
 From:  Mark DeGroot <mdegroot at bettenimports dot com>
 To:  Monowall Support List <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] Isolating users with managed switch
 Date:  Wed, 18 Jul 2007 10:37:33 -0400
Chris Buechler wrote:
> Yeah that's also what I would recommend, PVLAN if you have Cisco
> switches or others that support the same.
> Alternatively, you could create a unique VLAN for every single port,
> but that'd be a real pain to setup.
> http://www.cisco.com/warp/public/473/63.html
> "The PVLAN edge (protected port) is a feature that has only local
> significance to the switch, and there is no isolation provided between
> two protected ports located on different switches. A protected port
> does not forward any traffic (unicast, multicast, or broadcast) to any
> other port that is also a protected port in the same switch.
> Therefore, it provides isolation. Traffic cannot be forwarded between
> protected ports at Layer 2. All traffic passing between protected
> ports must be forwarded through a Layer 3 device."

This may be a little off of this topic, but has anyone implemented
something like this on a wireless network?  I have been in coffee shops
that have wireless access but are setup so you cant see any of the other
wireless clients.  Anyone have ideas on how this can be accomplished
without subnetting?


Mark De Groot