diff --git a/src/PVE/Network/SDN/VnetPlugin.pm b/src/PVE/Network/SDN/VnetPlugin.pm
index 062904c..f44380a 100644
--- a/src/PVE/Network/SDN/VnetPlugin.pm
+++ b/src/PVE/Network/SDN/VnetPlugin.pm
@@ -72,6 +72,10 @@ sub properties {
             maxLength => 256,
 	    optional => 1,
         },
+	'isolate-ports' => {
+	    type => 'boolean',
+	    description => "If true, sets the isolated property for all members of this VNet",
+	}
     };
 }
 
@@ -81,6 +85,7 @@ sub options {
         tag => { optional => 1},
         alias => { optional => 1 },
         vlanaware => { optional => 1 },
+	'isolate-ports' => { optional => 1 },
     };
 }
 
diff --git a/src/PVE/Network/SDN/Zones/Plugin.pm b/src/PVE/Network/SDN/Zones/Plugin.pm
index 26cc0da..a860168 100644
--- a/src/PVE/Network/SDN/Zones/Plugin.pm
+++ b/src/PVE/Network/SDN/Zones/Plugin.pm
@@ -236,6 +236,7 @@ sub tap_plug {
 
     my $opts = {};
     $opts->{learning} = 0 if $plugin_config->{'bridge-disable-mac-learning'};
+    $opts->{isolation} = 1 if $vnet->{'isolate-ports'};
     PVE::Network::tap_plug($iface, $vnetid, $tag, $firewall, $trunks, $rate, $opts);
 }