Comware

Hi,

I've an HPE FlexNetwork 5140 Switch.

This equipment is located in an etablishment dedicated to coworking.

This switch connect to the internet via vlan 40 in the 192.168.40.0/24 network.

I Would like to isolate some computer from each other.

Would you have, please, a some solution to despite the network addressing being the same, thes compiters can't see each other ?

Thank you for your help.

Hi,

Check the 'Port Isolation' feature here - http://www.arubanetworks.com/techdocs/Switches/FlexNetwork/5140-EI/5200-7785.pdf

It looks like the one you are looking for.

------------------------------
Ivan Bondar
------------------------------

Original Message:
Sent: Dec 01, 2022 03:43 AM
From: Romain DELFORGE
Subject: Isolate port

Hi,

I've an HPE FlexNetwork 5140 Switch.

This equipment is located in an etablishment dedicated to coworking.

This switch connect to the internet via vlan 40 in the 192.168.40.0/24 network.

I Would like to isolate some computer from each other.

Would you have, please, a some solution to despite the network addressing being the same, thes compiters can't see each other ?

Thank you for your help.

Thank you for your answer

The port Isolation enable to isolate ports belonging to the same group.

However, I would like to do the opposite, isolate ports that aren't part of the same group.

In our coworking etablisment,  we need users belonging to the same company to be able access all thier hardware (computers, printers, scanners, NAS, etc...)

Is it possible to do this with a switch ?

Thank you for your help


.
Original Message:
Sent: Dec 01, 2022 03:55 AM
From: Ivan ivan.bondar@hpe.com
Subject: Isolate port

Hi,

Check the 'Port Isolation' feature here - http://www.arubanetworks.com/techdocs/Switches/FlexNetwork/5140-EI/5200-7785.pdf

It looks like the one you are looking for.

------------------------------
Ivan Bondar

Original Message:
Sent: Dec 01, 2022 03:43 AM
From: Romain DELFORGE
Subject: Isolate port

Hi,

I've an HPE FlexNetwork 5140 Switch.

This equipment is located in an etablishment dedicated to coworking.

This switch connect to the internet via vlan 40 in the 192.168.40.0/24 network.

I Would like to isolate some computer from each other.

Would you have, please, a some solution to despite the network addressing being the same, thes compiters can't see each other ?

Thank you for your help.

Practically since all your hosts share one subnet you have only two security features to control access between then - 'Port Isolation' that I already mentioned and 'Private VLAN' (details are in the same guide). 

Another option would be an ACL on the Vlan-interface that will filter intra-vlan traffic. On some Comware-based platform there is a command there is a vlan-interface context command 'packet-filter filter all' that makes ACL applied on the Vlan-interface working not only for the routed traffic (like the default 'packet-filter filter route') but to filter the traffic inside the Vlan (Layer 2). However I don't know if 5140 has such command, I couldn't find it in the guides, so it may be not supported.

------------------------------
Ivan Bondar
------------------------------

Original Message:
Sent: Dec 01, 2022 09:30 AM
From: Romain DELFORGE
Subject: Isolate port

Thank you for your answer

The port Isolation enable to isolate ports belonging to the same group.

However, I would like to do the opposite, isolate ports that aren't part of the same group.

In our coworking etablisment,  we need users belonging to the same company to be able access all thier hardware (computers, printers, scanners, NAS, etc...)

Is it possible to do this with a switch ?

Thank you for your help


.
Original Message:
Sent: Dec 01, 2022 03:55 AM
From: Ivan ivan.bondar@hpe.com
Subject: Isolate port

Hi,

Check the 'Port Isolation' feature here - http://www.arubanetworks.com/techdocs/Switches/FlexNetwork/5140-EI/5200-7785.pdf

It looks like the one you are looking for.

------------------------------
Ivan Bondar

Original Message:
Sent: Dec 01, 2022 03:43 AM
From: Romain DELFORGE
Subject: Isolate port

Hi,

I've an HPE FlexNetwork 5140 Switch.

This equipment is located in an etablishment dedicated to coworking.

This switch connect to the internet via vlan 40 in the 192.168.40.0/24 network.

I Would like to isolate some computer from each other.

Would you have, please, a some solution to despite the network addressing being the same, thes compiters can't see each other ?

Thank you for your help.