Introduction to ssid-based user isolation, Configuring ssid-based user isolation – H3C Technologies H3C WX3000E Series Wireless Switches User Manual
Page 41
29
Step Command
Remarks
3.
Specify permitted MAC
addresses for the specified
VLANs.
user-isolation vlan vlan-list
permit-mac mac-list
Optional.
Up to 16 permitted MAC
addresses can be configured for a
VLAN.
NOTE:
•
To avoid network disruption caused by user isolation, H3C recommends that you add the MAC address
of the gateway to the permitted MAC address list and then enable user isolation.
•
If you configure user isolation for a super VLAN, the configuration does not take effect on the
sub-VLANs in the super VLAN, and you must configure user isolation on the sub-VLANs if needed.
Support for super VLAN depends on the device model. For more information, see "About the WX Series
Access Controllers Configuration Guides."
Introduction to SSID-based user isolation
SSID-based user isolation disables wireless users that use the same SSID from accessing each other at
Layer-2 to ensure the security of services and accounting accuracy.
Configuring SSID-based user isolation
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Configure a service template.
wlan service-template
service-template-number { clear |
crypto }
N/A
3.
Enable SSID-based user
isolation.
user-isolation enable
Optional.
By default, SSID-based user
isolation is disabled.
Isolating broadcasts and multicasts from wired users to wireless
users
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Isolate broadcasts and
multicasts from wired users to
wireless users.
undo user-isolation permit
broadcast
Optional.
By default, broadcasts and
multicasts from wired users to
wireless user are not isolated, and
broadcasts and multicasts from
wireless users to wireless users are
isolated.