No relevant resource is found in the selected language.
Enterprise
Worldwide
Search
Support Documentation
WLAN Troubleshooting Guide
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
How Do I Configure Wireless User Isolation?

How Do I Configure Wireless User Isolation?

The user isolation function prevents wireless users associated with the same VAP from forwarding packets to each other. In this way, these users cannot directly communicate with each other, ensuring security for user communication data and facilitating user management (such as accounting).

V200R005

Perform the following operations:

  1. Configure user isolation in a service set to enable Layer 2 isolation of users associated with the same VAP on the same AP.
  2. If two users connect to a WLAN through different APs, configure user isolation based on the data forwarding mode.
    • In direct forwarding mode, configure port isolation on all devices located between the two APs and aggregation point to isolate the users.
    • In tunnel forwarding mode, configure user isolation on the WLAN-ESS interface.

V200R006 and Later Versions

From V200R006, the wireless user isolation function (configured using the user-isolate { l2 | all } command in the traffic profile view) can be implemented at Layer 2 or at both Layer 2 and Layer 3. The following table describes the configuration methods based on the forwarding mode.

Table 6-4 Wireless user isolation configuration

Forwarding Mode

AC as the User Gateway

AC Not as the User Gateway

Direct forwarding

Run the user-isolate l2 or user-isolate all command.

  • When connecting to a WLAN through the same AP, users in the same service VLAN are isolated at Layer 2, and those in different service VLANs can communicate with each other at Layer 3.
  • When connecting to a WLAN through different APs, users are not isolated at either Layer 2 or Layer 3 regardless of whether they are in the same VLAN. In this case, to enable Layer 2 user isolation, configure port isolation on all devices located between the APs and aggregation point.

Run the user-isolate l2 or user-isolate all command.

  • When connecting to a WLAN through the same AP, users in the same service VLAN are isolated at Layer 2, and those in different service VLANs can communicate with each other at Layer 3.
  • When connecting to a WLAN through different APs, users are not isolated at either Layer 2 or Layer 3 regardless of whether they are in the same VLAN. In this case, to enable Layer 2 user isolation, configure port isolation on all devices located between the APs and aggregation point.

Tunnel forwarding
  • Run the user-isolate l2 command. Users in the same service VLAN are isolated at Layer 2, and those in different service VLANs can communicate with each other at Layer 3 regardless of whether they connect to a WLAN through the same AP.
  • Run the user-isolate all command. Users are isolated at both Layer 2 and Layer 3 regardless of whether they connect to a WLAN through the same AP or are in the same service VLAN.

Run the user-isolate l2 or user-isolate all command. Users in the same service VLAN are isolated at Layer 2, and those in different service VLANs can communicate with each other at Layer 3 regardless of whether they connect to a WLAN through the same AP.
Translation
简体中文
Download
Updated: 2023-06-02

Document ID: EDOC1000060368

Views: 1839525

Downloads: 5824

Average rating:
This Document Applies to these Products

Related Version

Related Documents

Digital Signature File

Digital Signature Authentication Mode
Share
Previous Next

Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.

You are going to visit :