Is it feasible to put user workstations in a private VLAN?* They shouldn't really need to talk to each other, and it would be more secure in the event that one of them gets malware or compromised in any way. Have any of you tried this or considered it? Is there a better way to achieve client isolation on a wired network?
[Edit] * I'm referring to the "Private VLAN" feature on Cisco switches where hosts are only allowed to send packets to one port (e.g. the default gateway), and traffic between hosts is forbidden.
No comments:
Post a Comment