Hi, everybody~~
I have a problem. I need help.
I want to protection .
Ex:
(1) User don’t use ping to others user in LAN.
(2) User don’t use tool about IP scan …etc.(include simler software)
So , can I tell me how to do . Thanks your help.
Hi
That’s solved on l2 level and not l3 levels. For example extreme has a concept that’s called super-vlan and I think cisco calls it pvlan. So you have to solve it on your switches, not your firewall.
or u can use /30 netmask for each user so they can see each other directly to subnetmask .. they must go thru router .. and there u can limit what u want in ip firewall
example :
client 1 — 10.0.0.2/255.255.255.252 GW 10.0.0.1
router config on ip address 10.0.0.1 netmask 255.255.255.252 network 10.0.0.0 broadcast 10.0.0.3
clinet 2 — 10.0.0.6/255.255.255.252 GW 10.0.0.3
router config on ip address 10.0.0.5 netmask 255.255.255.252 network 10.0.0.4 broadcast 10.0.0.7
clinet 3 — 10.0.0.10/255.255.255.252 GW 10.0.0.9
router config on ip address 10.0.0.9 netmask 255.255.255.252 network 10.0.0.8 broadcast 10.0.0.11
…
Or if your switching is mady Mikrotik
WirelessAP, and/or bridged interfaces, you can use bridge firewall
write more details about your network so maybe we will be able to help
Thank you very much.
But, I have a problem, I will use " DHCP Server" to catch IP address~~
so, can I use your method??
I don’t have switching by Mikrotik. But, anyway~ thank you very much.