beautypg.com

Introduction to ssid-based user isolation, Configuring ssid-based user isolation – H3C Technologies H3C WX3000E Series Wireless Switches User Manual

Page 41

background image

29

Step Command

Remarks

3.

Specify permitted MAC
addresses for the specified

VLANs.

user-isolation vlan vlan-list
permit-mac mac-list

Optional.
Up to 16 permitted MAC

addresses can be configured for a
VLAN.

NOTE:

To avoid network disruption caused by user isolation, H3C recommends that you add the MAC address
of the gateway to the permitted MAC address list and then enable user isolation.

If you configure user isolation for a super VLAN, the configuration does not take effect on the
sub-VLANs in the super VLAN, and you must configure user isolation on the sub-VLANs if needed.
Support for super VLAN depends on the device model. For more information, see "About the WX Series

Access Controllers Configuration Guides."

Introduction to SSID-based user isolation

SSID-based user isolation disables wireless users that use the same SSID from accessing each other at
Layer-2 to ensure the security of services and accounting accuracy.

Configuring SSID-based user isolation

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Configure a service template.

wlan service-template
service-template-number { clear |

crypto }

N/A

3.

Enable SSID-based user
isolation.

user-isolation enable

Optional.
By default, SSID-based user

isolation is disabled.

Isolating broadcasts and multicasts from wired users to wireless

users

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Isolate broadcasts and
multicasts from wired users to

wireless users.

undo user-isolation permit
broadcast

Optional.
By default, broadcasts and
multicasts from wired users to

wireless user are not isolated, and

broadcasts and multicasts from
wireless users to wireless users are

isolated.