Client Isolation by Default
-
We v done it here a kind of complex way for a workbench
8 port vlan switch
Used 7 ports 7 vlans 7 dhcps and on and on all on pfS workingPS
Firewall rules included :) -
Yeah that is hard way to do it ;) hehehe Doesn't scale very well.. What if you have say 500 devices...
-
Doesn't your switch do that? My Cisco switch certainly does and, IIRC, even my crappy TP-Link switch does too.
-
Yeah my switches do it - not sure about the 40$ ones though.. Your saying the $40 tplink that don't really do vlans correctly and don't allow you remove vlan 1 in old versions support private vlans?
-
Hang on a minute while I check.
.
.
.
Sorry, I didn't remember correctly. I must have been thinking of my crappy TP-Link AP, which does have that. It also doesn't do VLANs correctly. -
Yeah many a AP can do client isolation keeping wireless devices from talking to each other.. Even the crappiest of 20$ wifi router support this feature quite often ;)
But wired switches, I think they need to be more of a full managed switch.. Doesn't it mean it has to be $1k enterprise.. My 200$ small business sg300's can do it for example.
The work around for when you have a handful of devices sure is viable even on a $40 smart switch... That works if you have only a handful of devices.. But what if you had 100 ;) hehehehe
-
Vlan hoppin and tp link
And yes the hard way when you do not trust your cheap switch -
I don't use that TP-Link switch for VLANs. I've configured it to use as a data tap, so I can monitor Ethernet connections with Wireshark. It works fine there.
-
any suggestions for a cheap switch that can do client isolation out of the box ?
;) brNP -
@noplan said in Client Isolation by Default:
any suggestions for a cheap switch that can do client isolation out of the box ?
;) brNPD-Link has a cheap ($35 USD) managed switch, the DGS-1100-05. I quickly looked at the overview, but, like @johnpoz says, a manufacturer could call it something completely different. I didn't see the words "client isolation" specifically. You might have to chat or call them to ask.
You could, and I'm not saying it's a good idea, but you could, with that switch, setup VLANs to do some basic isolation.
Jeff
-
Yeah I feel ya
That's exactly why we used the hard not well scalable approach for a 8 port switch ;)
-
@noplan
So dlink calls it Asymmetric VLANsIts the same thing - so yeah your good with a switch like that..
-
Hey thanks for the hint
We got here some dgs-1100-08 hanging around in their dusty boxes :)Let's go testin!!!
