How to configure user isolation on AC?
How to configure user isolation on AC?Theuser isolation guide on AC is shown as below:OverviewEnable the isolation function in the wireless device (the AP or the AC). When the device receives a certain user's report, it will judge if it's the same device according to the resource port and the destination port in the information it forwards. If the resource port and the destination port are on the same device, then discard the report; Otherwise, normally forward the report.The user can also add the permitted interflow user table entry through configuring isolation permit list. If the MAC address of two users on the same AP or AC is added into the user isolation permit list, then these two users can visit each other.The process of enabling the user isolation function is showed in the picture below: https://img2.sobot.com/console/eee7ec2e351e4569a4791536fb5f0973/kb/image/08a8443a6ab740d5a6227ab312f56d6e.png
I. RequirementsTo protect user data, network administrator usually isolate traffic between STA connected to the same AP/AC/SSID
II. Network Topologyhttps://img2.sobot.com/console/eee7ec2e351e4569a4791536fb5f0973/kb/image/69b08bd9cab748839145be13d714502f.png
III. Configuration Tips1) Enable user isolation 2) Define isolation mode3) Define permit-mac
IV. Configuration StepsFit AP configuration 1. Isolation types: per-AC isolation, per-AP isolation, per AC-SSID isolation, per AP-SSID, Per WLAN ID isolation:1) Isolate user associated to the same ACAC(config)#widsAC(config-wids)#user-isolation ac enable
2) Isolate user associated to the same APAC(config)#widsAC(config-wids)#user-isolation ap enable
3) isolate user associated to the same AC+SSIDAC(config)#widsAC(config-wids)#user-isolation ssid-ac enable
4) isolate user associated to the same AP+SSIDAC(config)#widsAC(config-wids)#user-isolation ssid-ap enable
5)Layer 2 user isolation based on wlan-id num intercommunication, that is to enable user isolation under a specific wlan, users in this wlan cannot access each other after it is enabledAC(config)#widsAC(config-wids)#user-isolation wlan-id num enable(num is wlan-id, such as 1, 2)AC(config-wids)#exit
2. Configure permit mac, user in permit-mac list, will be unrestricted.AC(config)#widsAC(config-wids)#user-isolation permit-mac0811.9692.244c
Note:User Isolation feature is only for L2 user isolation
Fat AP configuration 1. Isolation types: per-AP isolation, per AP-SSID isolation 1) Isolate user associated to the same APRuijie(config)#widsRuijie (config-wids)#user-isolation ap enable
2) Isolate user associated to the same AP+SSIDRuijie (config)#widsRuijie (config-wids)#user-isolation ssid-ap enable
2. Configure permit mac, user in permit-mac list, will be unrestricted.AP(config)#widsAP(config-wids)#user-isolation permit-mac0811.9692.244c
Note:User Isolation feature is only for L2 user isolation
V. Verification1. WIFI users are isolated from other local STA2. User in permit-MAC list is allowed to communicate with others.
User isolation in a traffic profile stops packets from users on a VAP from being sent to one another. That is, after user isolation is implemented, users on a VAP are unable to communicate with one another. This enhances the security of user communication while allowing the gateway to send user traffic centrally, simplifying user management.
Pages:
[1]