Instant On - Wired

I'm surprised to discover the Aruba 1930 switch series software does not support Private VLAN (PVLAN).  Which is interesting because Aruba InstantOn WAPs support "Client Isolation" which prevents wireless devices from communicating with each other in the same broadcast domain.  Without a wired equivalent feature such as PVLAN, it is not possible to isolate wired devices on a VLAN which should not talk to other devices.  Further making this worse is protected ports have implications for Trunk/Hybrid ports (i.e. a port with multiple tagged VLANs) that require turning the feature on for all ports that require a Hybrid tagged port, which then creates all new problems that negate its benefits:  all ports in those VLANs must also be protected, eliminating otherwise desired intra-device communication one would want to say, access a NAS.  

The use case is ultimately for IoT devices.  I want to throw wired IoT devices into one private VLAN and be done with it, improving security and preventing devices from snooping/compromising other devices (wired or wireless).  That said, it's weird InstantOn offers the wireless equivalent (client isolation) on their WAPs but not switches.  I can solve this by creating a new VLAN per device, but that makes firewalling incredibly tedious and introduces significant added complexity on the switch configuration side.  

Is PVLAN on the roadmap for a future feature release?  

For reference, I've got a Netgear mGig/10Gig 10-port switch in my core which cost the same as my 1930-48.  The Netgear includes PVLAN support, but I cannot extend the functionality beyond the Netgear core switch.  

For your use case, if you are using the Cloud management option, you can configure a wired network (vlan) and isolate traffic in the Network Access tab.

I'm surprised to discover the Aruba 1930 switch series software does not support Private VLAN (PVLAN).  Which is interesting because Aruba InstantOn WAPs support "Client Isolation" which prevents wireless devices from communicating with each other in the same broadcast domain.  Without a wired equivalent feature such as PVLAN, it is not possible to isolate wired devices on a VLAN which should not talk to other devices.  Further making this worse is protected ports have implications for Trunk/Hybrid ports (i.e. a port with multiple tagged VLANs) that require turning the feature on for all ports that require a Hybrid tagged port, which then creates all new problems that negate its benefits:  all ports in those VLANs must also be protected, eliminating otherwise desired intra-device communication one would want to say, access a NAS.  

The use case is ultimately for IoT devices.  I want to throw wired IoT devices into one private VLAN and be done with it, improving security and preventing devices from snooping/compromising other devices (wired or wireless).  That said, it's weird InstantOn offers the wireless equivalent (client isolation) on their WAPs but not switches.  I can solve this by creating a new VLAN per device, but that makes firewalling incredibly tedious and introduces significant added complexity on the switch configuration side.  

Is PVLAN on the roadmap for a future feature release?  

For reference, I've got a Netgear mGig/10Gig 10-port switch in my core which cost the same as my 1930-48.  The Netgear includes PVLAN support, but I cannot extend the functionality beyond the Netgear core switch.  

Unfortunately, there is no such feature in local management.  I'm curious if you're referring to Switches, WAPs, or both.  PVLAN would address all my concerns.  

For your use case, if you are using the Cloud management option, you can configure a wired network (vlan) and isolate traffic in the Network Access tab.

I'm surprised to discover the Aruba 1930 switch series software does not support Private VLAN (PVLAN).  Which is interesting because Aruba InstantOn WAPs support "Client Isolation" which prevents wireless devices from communicating with each other in the same broadcast domain.  Without a wired equivalent feature such as PVLAN, it is not possible to isolate wired devices on a VLAN which should not talk to other devices.  Further making this worse is protected ports have implications for Trunk/Hybrid ports (i.e. a port with multiple tagged VLANs) that require turning the feature on for all ports that require a Hybrid tagged port, which then creates all new problems that negate its benefits:  all ports in those VLANs must also be protected, eliminating otherwise desired intra-device communication one would want to say, access a NAS.  

The use case is ultimately for IoT devices.  I want to throw wired IoT devices into one private VLAN and be done with it, improving security and preventing devices from snooping/compromising other devices (wired or wireless).  That said, it's weird InstantOn offers the wireless equivalent (client isolation) on their WAPs but not switches.  I can solve this by creating a new VLAN per device, but that makes firewalling incredibly tedious and introduces significant added complexity on the switch configuration side.  

Is PVLAN on the roadmap for a future feature release?  

For reference, I've got a Netgear mGig/10Gig 10-port switch in my core which cost the same as my 1930-48.  The Netgear includes PVLAN support, but I cannot extend the functionality beyond the Netgear core switch.