Configuring user isolation, Introduction to vlan-based user isolation – H3C Technologies H3C WX3000E Series Wireless Switches User Manual
Page 39
27
Task Command
Remarks
Display service template statistics.
display wlan statistics
service-template
service-template-number [ | { begin
| exclude | include }
regular-expression ]
Available in any view
Display the connection history for
all APs bound to a service
template.
display wlan statistics
service-template
service-template-number
connect-history [ | { begin |
exclude | include }
regular-expression ]
Available in any view
Display WLAN statistics.
display wlan statistics { client { all |
mac-address mac-address } |
radio [ ap-name ] } [ | { begin |
exclude | include }
regular-expression ]
Available in any view.
Display WLAN client information.
display wlan client { ap ap-name
[ radio radio-number ] |
mac-address mac-address |
service-template
service-template-number }
[ verbose ] [ | { begin | exclude |
include } regular-expression ]
Available in any view
Reset AP connections.
reset wlan ap { all | name
ap-name }
Available in user view
Clear AP reboot logs.
reset wlan ap reboot-log { all |
name ap-name }
Available in user view
Clear AP or client statistics.
reset wlan statistics { client { all |
mac-address mac-address } |
radio [ ap-name ] }
Available in user view
Cut off WLAN clients.
reset wlan client { all |
mac-address mac-address }
Available in user view
RFPing a wireless client.
wlan link-test mac-address
Available in user view
Configuring user isolation
Introduction to VLAN-based user isolation
Without VLAN-based user isolation, devices in the same VLAN can access each other at Layer-2, which
could result in security problems. VLAN-based user isolation is designed to solve this problem. When an
AC configured with user isolation receives unicast packets (broadcast packets and multicast packets in a
VLAN are not isolated) from a wireless client to another wireless client or wired PC in the same VLAN, or
from a wired PC to a wireless client in the same VLAN, the AC determines whether to isolate the two
devices according to the configured list of permitted MAC addresses.
To avoid user isolation from affecting communications between hosts and the gateway, you can add the
MAC address of the gateway to the list of permitted MAC addresses.
- H3C WX5500E Series Access Controllers H3C WX3500E Series Access Controllers H3C WX2500E Series Access Controllers H3C WX6000 Series Access Controllers H3C WX5000 Series Access Controllers H3C WX3000 Series Unified Switches H3C LSWM1WCM10 Access Controller Module H3C LSUM3WCMD0 Access Controller Module H3C LSUM1WCME0 Access Controller Module H3C LSWM1WCM20 Access Controller Module H3C LSQM1WCMB0 Access Controller Module H3C LSRM1WCM2A1 Access Controller Module H3C LSBM1WCM2A0 Access Controller Module H3C WA3600 Series Access Points H3C WA2600 Series WLAN Access Points