Introduction to ssid-based user isolation, Configuring ssid-based user isolation – H3C Technologies H3C WX3000E Series Wireless Switches User Manual

29

Step Command

Remarks

3.

Specify permitted MAC
addresses for the specified

VLANs.

user-isolation vlan vlan-list
permit-mac mac-list

Optional.
Up to 16 permitted MAC

addresses can be configured for a
VLAN.

NOTE:
•

To avoid network disruption caused by user isolation, H3C recommends that you add the MAC address
of the gateway to the permitted MAC address list and then enable user isolation.

•

If you configure user isolation for a super VLAN, the configuration does not take effect on the
sub-VLANs in the super VLAN, and you must configure user isolation on the sub-VLANs if needed.
Support for super VLAN depends on the device model. For more information, see "About the WX Series

Access Controllers Configuration Guides."

Introduction to SSID-based user isolation

SSID-based user isolation disables wireless users that use the same SSID from accessing each other at
Layer-2 to ensure the security of services and accounting accuracy.

Configuring SSID-based user isolation

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Configure a service template.

wlan service-template
service-template-number { clear |

crypto }

N/A

3.

Enable SSID-based user
isolation.

user-isolation enable

Optional.
By default, SSID-based user

isolation is disabled.

Isolating broadcasts and multicasts from wired users to wireless

users

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Isolate broadcasts and
multicasts from wired users to

wireless users.

undo user-isolation permit
broadcast

Optional.
By default, broadcasts and
multicasts from wired users to

wireless user are not isolated, and

broadcasts and multicasts from
wireless users to wireless users are

isolated.