Hi all! 
I was wondering how good is SwOS “Forwarding” option for L2 client isolation in security terms.
Example use case can be when the clients must use the same L3 device, which is managed by ISP (e.g. Router with DHCP), and when there is a need to block groups of clients connected to different switch ports to talk to each other (in a secure manner).
- How secure is this “Forwarding” option in SwOS and what are possible attacks (like ARP poisoning etc.)?
- Are there better options in SwOS or RouterOS for L2 client isolation?
- I know there is a “Horizon” option in RouterOS, is it as good as “Forwarding” option in SwOS?
Thank you in advance and kind regards!
Markrobo