Blocking client to client communication

Michael_D · ‎01-21-2010

I have an setup with several 2610 and 2626/2650 classroom switches connected to 2910al edge switches with a central 5412zl "core switch".

Lately we have seen a lot of client to client communiation - Mostly multiplayer games being played at classroom workstations.

Anyone with an soluation that blocks client to client communiation both at classroom switches and at the edge/core level?

Regards

Michael

abdullah shboull · ‎01-21-2010

Dear, you have to implement an ACL to inter-VLAN security routing. If you not familiar in the configuring ACL, you can send the IP scheme and Iâ ll help you.

Pieter 't Hart · ‎01-22-2010

I assume the workstations are domain-members?
You can create a policy that configures the firewall on the workstations, not to allow these protocols.

And set permissions so the user cannot change the firewall config offc ourse.

Paulen · ‎01-22-2010

What you would need here is something similar to private vlan, upstream forwarding or port protection. I think early HP switches had some kind of feature on this - but I can't find it in the later models. We had to exchange HP for another vendor because of this obvious lack of functionality.

Robert E Simpson · ‎01-26-2010

Use the Filter Source Ports fuctionality.
An example that I use in Hospitality settings is as follows for a 48 + port switch with the 49 and up ports as uplinks.

filter source-port 1 drop 2-48
filter source-port 2 drop 1,3-48
filter source-port 3 drop 1-2,4-48
filter source-port 4 drop 1-3,5-48
filter source-port 5 drop 1-4,6-48
filter source-port 6 drop 1-5,7-48
filter source-port 7 drop 1-6,8-48
filter source-port 8 drop 1-7,9-48
filter source-port 9 drop 1-8,10-48
filter source-port 10 drop 1-9,11-48
filter source-port 11 drop 1-10,12-48
filter source-port 12 drop 1-11,13-48
filter source-port 13 drop 1-12,14-48
filter source-port 14 drop 1-13,15-48
filter source-port 15 drop 1-14,16-48
filter source-port 16 drop 1-15,17-48
filter source-port 17 drop 1-16,18-48
filter source-port 18 drop 1-17,19-48
filter source-port 19 drop 1-18,20-48
filter source-port 20 drop 1-19,21-48
filter source-port 21 drop 1-20,22-48
filter source-port 22 drop 1-21,23-48
filter source-port 23 drop 1-22,24-48
filter source-port 24 drop 1-23,25-48
filter source-port 25 drop 1-24,26-48
filter source-port 26 drop 1-25,27-48
filter source-port 27 drop 1-26,28-48
filter source-port 28 drop 1-27,29-48
filter source-port 29 drop 1-28,30-48
filter source-port 30 drop 1-29,31-48
filter source-port 31 drop 1-30,32-48
filter source-port 32 drop 1-31,33-48
filter source-port 33 drop 1-32,34-48
filter source-port 34 drop 1-33,35-48
filter source-port 35 drop 1-34,36-48
filter source-port 36 drop 1-35,37-48
filter source-port 37 drop 1-36,38-48
filter source-port 38 drop 1-37,39-48
filter source-port 39 drop 1-38,40-48
filter source-port 40 drop 1-39,41-48
filter source-port 41 drop 1-40,42-48
filter source-port 42 drop 1-41,43-48
filter source-port 43 drop 1-42,44-48
filter source-port 44 drop 1-43,45-48
filter source-port 45 drop 1-44,46-48
filter source-port 46 drop 1-45,47-48
filter source-port 47 drop 1-46,48
filter source-port 48 drop 1-47

Michael_D · ‎01-27-2010

@Pieter:
Yes workstations are domain members so a local firewall could be a quick fix. Thanks.

@Abdullah:
I'm familiar with basic ACL's. The IP scheme is workstations on 10.101.0.0/24 VLAN 308 and servers on 10.1.1/16 VLAN 300.

@Robert:
I did look into filter source ports and it is an efficient way to block local switch port to port communication. I was hoping for a more simple way to configure this - Configurations tend to get relatively complex with this.

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Discussions

Forums

Discussions

Forums

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Blocking client to client communication

Blocking client to client communication

Re: Blocking client to client communication

Re: Blocking client to client communication

Re: Blocking client to client communication

Re: Blocking client to client communication

Re: Blocking client to client communication