Comware

Does anyone know how to setup an ACL that would block clients on the same vlan from talking to one another (or similar feature).

We have a number of public lab computers that I would like to isolate with the exception of communication with some specific servers and the internet.

Hi,
i would do this with a source port filter and not an acl.
hth
alex

Would that only work on the local switch? We have roughly 80 switches on campus with multiple lab locations. I would think what I need would have to be IP based if I wanted it to be effective in this situation. Then again I may not be understanding how port filtering works.

yes it is possible

block client on the same vlan with IDM and port base dynamic acl

5400 series switch able vlan base access list
but 2610 is edge switch able port base acl and support dynamic acl in this way you can asign each port separate acl command


IDM**********
http://www.hp.com/rnd/products/management/idm/overview.htm

User-based access control lists (ACLs): Users can be allowed or denied access to network resources (e.g., servers, printers) based on the destination IP address or a range of IP addresses, and/or to network services (e.g., Web pages, instant messaging, or FTP) based on well-known or user-defined TCP/UDP ports.



2610 switch *******
http://www.hp.com/rnd/products/switches/HP_ProCurve_Switch_2610_Series/overview.htm

Identity-driven ACL: enables implementation of a highly granular and flexible access security policy and VLAN assignment specific to each authenticated network user