Switches, Hubs, and Modems
Stop inter-port traffic


Stop inter-port traffic

Hi Everyone,

I have an HP Procurve 1800-24G. Lots of hosts plus a single internet gateway are connected to it.

Is it possible to disallow inter-port traffic, and only allow traffic from a host to the gateway port?

Olaf Borowski
Respected Contributor

Re: Stop inter-port traffic

If everyone is on the same VLAN, you need a VLAN ACL (VACL) to do this. I pretty sure the 1800 doesn't support that.

Re: Stop inter-port traffic

Right ok.

What is the cheapest HP switch that does?

Would I be able to botch it by placing all ports on individual VLANs?

The reason I want this is because I wish for my "filtering bridge" gateway to restrict access between hosts on the same subnet

Re: Stop inter-port traffic

Would it work by simply placing every port on the switch in a different VLAN, then put the port that the gateway is connected to on all the VLANs? Would that work?


Re: Stop inter-port traffic

After further thinking, I don't think my ideal of putting every port on a separate VLAN would work, simply because each "host" is actually a XEN server which has a bridge with multiple MAC addresses using it.

So my question is, can someone please suggest the cheapest switch which is capable of doing what I want to do?

Just to sum up, I want any data that is coming in any of the "hosts" ports, to go out via the port which is connected to my firewall/gateway.

The switch can be 10/100, as long as it has 1 gigabit port (which would be used to connect to the firewall).

Gerhard Roets
Esteemed Contributor

Re: Stop inter-port traffic

Hi Jonathan

You are looking fro

Protected ports:: prevents designated ports from communicating with each other while allowing access to unprotected ports

This sound like the right one ...

Now yo just have to go and pick a switch that can do this ... from you picking an 1800 ... so no routing and no poe and 24 ports. You might want to look at a 2510/2810 ...

Hope this helps in you choice.