Forgot password?
 Register now

Welcome to use this form to feedback your problems with Ruijie Community

The category of your feedback

Your Feedback

Your Email address (optional):

How to configure user isolation on AC? Reply

GTAC-Daisy

Level 1

How to configure user isolation on AC?
4681 2 2021-8-23 14:15:06
Original
How to configure user isolation on AC?

0 2021-8-23 14:15:21 View all replies

The  user isolation guide on AC is shown as below:

Overview

Enable the isolation function in the wireless device (the AP or the AC). When the device receives a certain user's report, it will judge if it's the same device according to the resource port and the destination port in the information it forwards. If the resource port and the destination port are on the same device, then discard the report; Otherwise, normally forward the report.  

The user can also add the permitted interflow user table entry through configuring isolation permit list. If the MAC address of two users on the same AP or AC is added into the user isolation permit list, then these two users can visit each other.

The process of enabling the user isolation function is showed in the picture below:

                                             


I. Requirements

To protect user data, network administrator usually isolate traffic between STA connected to the same AP/AC/SSID



II. Network Topology


III. Configuration Tips

1) Enable user isolation

2) Define isolation mode

3) Define permit-mac


IV. Configuration Steps

Fit AP configuration

     1. Isolation types: per-AC isolation, per-AP isolation, per AC-SSID isolation, per AP-SSID, Per WLAN ID isolation:

1) Isolate user associated to the same AC

AC(config)#wids

AC(config-wids)#user-isolation ac enable



2) Isolate user associated to the same AP

AC(config)#wids

AC(config-wids)#user-isolation ap enable



3) isolate user associated to the same AC+SSID

AC(config)#wids

AC(config-wids)#user-isolation ssid-ac enable



4) isolate user associated to the same AP+SSID

AC(config)#wids

AC(config-wids)#user-isolation ssid-ap enable


5)  Layer 2 user isolation based on wlan-id num intercommunication, that is to enable user isolation under a specific wlan, users in this wlan cannot access each other after it is enabled

AC(config)#wids  

AC(config-wids)#user-isolation wlan-id num enable  (num is wlan-id, such as 1, 2)

AC(config-wids)#exit



2. Configure permit mac, user in permit-mac list, will be unrestricted.

AC(config)#wids

AC(config-wids)#user-isolation permit-mac  0811.9692.244c



      NoteUser Isolation feature is only for L2 user isolation


Fat AP configuration

      1. Isolation types: per-AP isolation, per AP-SSID isolation

            1) Isolate user associated to the same AP

Ruijie(config)#wids

Ruijie (config-wids)#user-isolation ap enable


            2) Isolate user associated to the same AP+SSID

Ruijie (config)#wids

Ruijie (config-wids)#user-isolation ssid-ap enable


2. Configure permit mac, user in permit-mac list, will be unrestricted.

AP(config)#wids

AP(config-wids)#user-isolation permit-mac  0811.9692.244c         


NoteUser Isolation feature is only for L2 user isolation


V. Verification

1. WIFI users are isolated from other local STA

2. User in permit-MAC list is allowed to communicate with others.


0 2023-2-25 14:58:45 View all replies
User isolation in a traffic profile stops packets from users on a VAP from being sent to one another. That is, after user isolation is implemented, users on a VAP are unable to communicate with one another. This enhances the security of user communication while allowing the gateway to send user traffic centrally, simplifying user management.

Related Posts
Product Model

Share this topic to

Cancel

This site contains user submitted content, comments and opinions and is for informational purposes only. Ruijie may provide or recommend responses as a possible solution based on the information provided; every potential issue may involve several factors not detailed in the conversations captured in an electronic forum and Ruijie can therefore provide no guarantee as to the efficacy of any proposed solutions on the community forums. Ruijie disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Ruijie Community Terms of Use.

More ways to get help: Visit Support Videos, call us via Service Hotline, Facebook or Live Chat.

©2000-2023 Ruijie Networks Co,Ltd