forbid communication between station

[blaxxis]

Hi,
I do not know Nortel equipments, and I need some help.
I have to implement security on switchs to permit station from a common IP subnet to access to applications servers. However, communication between stations is prohibited. Is it possible ? How can I do ?
Nortel device : 450, 4526 and 4550.
Regards,

 

[anthonyanderberg]

I once did something similar in a situation with a dozen systems on a DMZ subnet and their common firewall interface.

It was on a 350 (essentially the same as your 450). What I did was to put each port in its own VLAN, then put the firewall (server) port in all of the VLANs - note that I didn't make the firewall port tagged. If you do something similar just keep an eye on your PVID settings.

Its not perfect but depending on your budget it might be perfect enough.

 

[blaxxis]

Hi Anthony,

It did think about that kind of solution. It is not "sexy" but I guess I have no choice if I implement on the switchs.
Do you think I can configure IP ACL on switch ports if change to 460/470 switchs ? Even if the ports stay in a level 2 mode ?
Thanks