Prevent clients communicating with each other 1

[gmail2]

We have a few "vendor owned" machines which are provided to us by vendors (eg UPS etc) for running their services. As the machines are out of our scope of control, they are updated very infrequently etc and therefore more prone to attach.

We want to put these on a separate dirty "vendor" subnet so that they can access the internet (a requirement for all of these machines) to run their own services, and still be isolated from our corporate network. The issue I have is that these machines are from different vendors, and therefore don't need to talk to each other. But obviously I can't build a VLAN for each one, so instead I'd like to prevent "internal" communication on the switch.

I know that with HP's implementation of 802.1x, Guest VLAN's are supported, and I think I read somewhere that it's possible to prevent clients in these guest VLAN's from communicating with each other (apart from their default gateway). However, I'd like to do this witout any 802.1x or any RADIUS, UAC etc.

The switch I'm using is a proCurve 2524 - does anybody have any ideas if this is possible at all ?

Irish Poetry - Karen O'Connor
Irish Poetry and Short Stories - Doghouse Books
Garten und Landschaftsbau

 

[unclerico]

Isolated Port Groups are about the only thing you can work with aside from separate VLAN's and/or ACL's:

http://docs.hp.com/en/5990-3102/5990-3102.pdf?jumpid=reg_R1002_USEN

You'll need a valid ProCurve login (free) to access the PDF. Just note that Isolated Port Groups are confined to a single switch so if you have uplinks to other switches the devices will be able to communicate over the uplinks.

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)