User isolation, User isolation overview, Before user isolation is enabled – H3C Technologies H3C WX3000E Series Wireless Switches User Manual

Page 503

487

User isolation

User isolation overview

Without user isolation, all the devices in the same VLAN can access each other directly, which brings

forth security problems. User isolation can solve this problem. When an AC configured with user
isolation receives unicast packets (broadcast packets and multicast packets in a VLAN are not isolated)

from a wireless client to another wireless client or a wired PC in the same VLAN, or from a wired PC to

a wireless client in the same VLAN, the AC determines whether to isolate the two devices according to

the configured list of permitted MAC addresses.
To avoid user isolation from affecting communications between users and the gateway, you can add the

MAC address of the gateway to the list of permitted MAC addresses.
User isolation both provides network services for users and isolates users, disabling them from

communication at Layer-2 and thus ensuring service security.

Before user isolation is enabled

As shown in

Figure 526

, before user isolation is enabled in VLAN 2 on the AC, wireless terminals Client

A and Client B and wired terminal Host A in the VLAN can communicate with each other and access the
Internet.

Figure 526 User communication

This manual is related to the following products:

H3C WX6000 Series Access Controllers H3C WX5000 Series Access Controllers H3C LSWM1WCM10 Access Controller Module H3C LSWM1WCM20 Access Controller Module H3C LSQM1WCMB0 Access Controller Module H3C LSRM1WCM2A1 Access Controller Module H3C LSBM1WCM2A0 Access Controller Module