VLAN, Port Isolation

I am using Ubiquiti USG-Pro-4 and Ubiquiti 24 Port POE switch. I have 6 etch stations for client machines, each station is on its own VLAN (VLAN10,20,30, etc… ), with IP address,, etc… and DHCP.

My goal is in case a client’s machine has a bad virus, I don’t want it to communicate with the rest of the network. I thought about turing on port isolation, but I really don’t have a good understanding of how that works, or, would the VLAN obtain the goal.

I know I can reach my main network from the VLAN, by typing in the IP address (main network, 10.6.4.x), which there is no need to from the tech bench.

Thoughts on the best way and most secure way to achieve the goal.

That should be fairly straight-forward. Just create an alias with your vlan subnets, add a rule for the vlan to reject access to subnet alias. Then do the same for your ports.

That’s what I have setup in PfSense, you could probably do something similar with Ubiquiti.