I'd argue handling it at the layer 3 level to be preferable than splitting every customer into their own vlan. If you split into vlans like that, if you have single-box customers, you'll have to have subnet boundaries for every /30... OTOH, vlan isolation for customers is pretty much the norm, as long as you've got the IP's to waste, why not.. Peter On Sat, Dec 19, 2009 at 8:42 AM, Les Mikesell <lesmikesell at gmail.com> wrote: > Peter Serwe wrote: > > So basically, you're saying you'd want to allow or disallow traffic > > based on mac address? Seems like you could put mac filters on a number > > switches, Cisco being the most easily documented by Mr. Google. > > > > Be a lot faster than any kernel, and a total waste of BSD. If you can > > do it on Linux via some other mechanism, go for it. > > > > Or perhaps use a VLAN trunk to the switch with the devices you want to > isolate > on different VLANs. This gives you a different interface/subnet per VLAN > for > more natural control. > > -- > Les Mikesell > lesmikesell at gmail.com > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos > -- Peter Serwe http://truthlightway.blogspot.com/ -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos/attachments/20091219/e05d99fd/attachment-0005.html>