I am using Ubiquiti USG-Pro-4 and Ubiquiti 24 Port POE switch. I have 6 etch stations for client machines, each station is on its own VLAN (VLAN10,20,30, etc… ), with IP address, 192.168.10.1/24. 192.168.20.1/24, etc… and DHCP.
My goal is in case a client’s machine has a bad virus, I don’t want it to communicate with the rest of the network. I thought about turing on port isolation, but I really don’t have a good understanding of how that works, or, would the VLAN obtain the goal.
I know I can reach my main network from the VLAN, by typing in the IP address (main network, 10.6.4.x), which there is no need to from the tech bench.
Thoughts on the best way and most secure way to achieve the goal.