A technique is provided for dividing a plurality of switch ports into trusted ports and untrusted ports. The trusted ports are those ports that are coupled either directly or via one or more additional switches to a trusted computing device. Filters are applied on each untrusted port to allow the untrusted ports to communicate with any trusted port, but disallow the untrusted ports to communicate with any other untrusted port.