Meraki

adb2020 · ‎Jun 12 2020

We have recently been tasked to increase network security for a subnet in our network. We were wondering if enabling port isolation on the switch would be a good option. Users in this group would still need access to the file server, print server, active directory, etc, but should not have access to each other. What would be a drawback?

PhilipDAth · ‎Jun 12 2020

It is an easy thing to do and has good merits. I say go for it!

View solution in original post

PhilipDAth · ‎Jun 12 2020

It is an easy thing to do and has good merits. I say go for it!

Beerfuzz · ‎Jan 27 2023

I'm not sure the question was answered.. I have this same question. I was going to do some testing on it but thought maybe someone had an answer.

: If 2 ports are right next to each other on a switch but they both are on different VLANs. Both Route through the MX. If both are in port isolation mode. Can they talk to each other if they are not restricted through the MX? In other words does port isolation only work on the connected VLAN, or across VLANs?

Use case.. I don't want clients on the same VLAN to talk to each other but if I put a printer on another vlan and allow access via routing through the MX to another vlan even if the ports are on the same switch will they be able to talk?

Jyrki_Halonen · ‎Jul 4 2023

"If 2 ports are right next to each other on a switch but they both are on different VLANs"
In this case isolation makes no role, since they are on different VLANs. Isolation is restricting L2 traffic within a VLAN.

So the use case you described it should be fine.

Meraki

Community

Questions about port isolation

Questions about port isolation