Didier Stevens posted on this forum, how to activate within your routers configuration to isolate each computer, if your router supports it - but I can't find it?
Use a front router for general purpose, feed a second router off one LAN port and have it be more specific. Each router on WiFi would have it's on channel, SSID, and preferably a bit of distance from each other. Both routers use their own DHCP range of IP addresses, no overlap.
Another method is a cheap 2 port router to split it between two better routers behind it, so each of the back routers are completely separated from each other.Software Firewall
Isolating PC1 on the same local network is what software firewalls are good for! If you run software firewalls on each PC2, PC3, etc to block access to PC1Isolating a computer its own subnet
Richard Carpenter. May 15, 2012 at 8:23 pm. http://www.makeuseof.com/answers/subnet-isolate-computers-parts-network-prevent-virus-transmission/
To add to my comment earlier... a subnet is a logical separation using the subnet mask to isolate or control the number of computers on a network. Basically a computer on the IP address 18.104.22.168 with the mask of 255.255.0.0 will not chat with a computer 22.214.171.124 with a mask of 255.255.255.0. This works because the subnet mask determines the broadcast ip address.
This is not the same as completely changing to a different IP Class (Ex. A - 0-127 B- 128-191 C-192-223), which is probably the better option.
Laga Mahesa, May 15, 2012 at 9:54 am
My lab's 20 workstations are on 10.0.0.x while the rest of the school is on 192.168.x.x.
The lab computers are all connected to a switch whose sole access to the internet is *MY* computer, which has two LAN cards.
IT has no say in what happens in my lab.
Edited by Crazy Cat, 16 May 2017 - 11:11 PM.