Hmm, Private VLANs? The above sounds allot like Port Isolation to me... That's something different...The VLAN solution that savage outlined will work just fine, although nowadays there are more elegant solutions available. You might want to get a switch that does support the private VLAN feature. Private VLANs are VLANs that block direct communication between all connected devices but allow all of them to communicate through a designated uplink port that can be assigned to the private VLAN. This saves you from having to define a whole bunch of VLANs (one per port/device) and allows you to still keep all devices together in one IP network (with the gateway being reachable via the uplink port, of course).