User isolation, User isolation overview, Before user isolation is enabled – H3C Technologies H3C WX3000E Series Wireless Switches User Manual
Page 503
487
User isolation
User isolation overview
Without user isolation, all the devices in the same VLAN can access each other directly, which brings
forth security problems. User isolation can solve this problem. When an AC configured with user
isolation receives unicast packets (broadcast packets and multicast packets in a VLAN are not isolated)
from a wireless client to another wireless client or a wired PC in the same VLAN, or from a wired PC to
a wireless client in the same VLAN, the AC determines whether to isolate the two devices according to
the configured list of permitted MAC addresses.
To avoid user isolation from affecting communications between users and the gateway, you can add the
MAC address of the gateway to the list of permitted MAC addresses.
User isolation both provides network services for users and isolates users, disabling them from
communication at Layer-2 and thus ensuring service security.
Before user isolation is enabled
As shown in
, before user isolation is enabled in VLAN 2 on the AC, wireless terminals Client
A and Client B and wired terminal Host A in the VLAN can communicate with each other and access the
Internet.
Figure 526 User communication