Thoughts on port isolation

S

stormy1

[H]ard|Gawd
Joined
Apr 3, 2008
Messages
1,112
I am thinking that across the board for new installs and when someone needs a new switch to start recommend using port isolation aka hp protected ports for all networks. I already do so on the higher end network setups or in regulated industry networks.
I also use client isolation when available on wireless networks.

My thoughts are that it adds another layer of protection protecting the workstations from each other and their users and the added cost these days is not that great in the overall scheme of things.

What are your thoughts and do you use it routinely for business networks?
 
In my (limited) experience, the cost is in time, not $$$. If you have people dedicated to network operations, its not so bad. If you have to start sending techs across campus/town so that someone can plug a new printer in, it sucks.
 
I can see that being an issue if the client adds printers themselves all the time.

In general my clients don't add anything to the network without me setting it up and I have vpn access to most of them if I need to flip a port if they did.
I have done that a couple times on rented printer/copiers where the rental place set up the printer. It wasn't a big deal to setup the port ahead of time as long as the ports are numbered at the wall and an up to date list is kept.
While it is an issue I have been able to plan around it so far.
 
stormy1 said:
I can see that being an issue if the client adds printers themselves all the time.

In general my clients don't add anything to the network without me setting it up and I have vpn access to most of them if I need to flip a port if they did.
I have done that a couple times on rented printer/copiers where the rental place set up the printer. It wasn't a big deal to setup the port ahead of time as long as the ports are numbered at the wall and an up to date list is kept.
While it is an issue I have been able to plan around it so far.
Click to expand...

As long as you can plan everything ahead of time and everything is documented, its not bad. It can make troubleshooting a pain, since you can't just easily swap machines from one port to another.

Just yesterday, our office secretary lost access to her phone, because the telco that does our VOIP had the port used by her phone listed as "unused" in their documentation. They switched that port over to one for an analog port, and fried the phone.
 
wizdum said:
Just yesterday, our office secretary lost access to her phone, because the telco that does our VOIP had the port used by her phone listed as "unused" in their documentation. They switched that port over to one for an analog port, and fried the phone.
Click to expand...
ouch! haven't had that happen yet.. knock on wood!
 
You must log in or register to reply here.
Back
Top