|
How to configure user isolation on AC? |
|
The user isolation guide on AC is shown as below: Overview Enable the isolation function in the wireless device (the AP or the AC). When the device receives a certain user's report, it will judge if it's the same device according to the resource port and the destination port in the information it forwards. If the resource port and the destination port are on the same device, then discard the report; Otherwise, normally forward the report. The user can also add the permitted interflow user table entry through configuring isolation permit list. If the MAC address of two users on the same AP or AC is added into the user isolation permit list, then these two users can visit each other. The process of enabling the user isolation function is showed in the picture below: I. Requirements To protect user data, network administrator usually isolate traffic between STA connected to the same AP/AC/SSID II. Network Topology
III. Configuration Tips 1) Enable user isolation 2) Define isolation mode 3) Define permit-mac IV. Configuration Steps Fit AP configuration 1. Isolation types: per-AC isolation, per-AP isolation, per AC-SSID isolation, per AP-SSID, Per WLAN ID isolation: 1) Isolate user associated to the same AC AC(config)#wids AC(config-wids)#user-isolation ac enable 2) Isolate user associated to the same AP AC(config)#wids AC(config-wids)#user-isolation ap enable 3) isolate user associated to the same AC+SSID AC(config)#wids AC(config-wids)#user-isolation ssid-ac enable 4) isolate user associated to the same AP+SSID AC(config)#wids AC(config-wids)#user-isolation ssid-ap enable 5) Layer 2 user isolation based on wlan-id num intercommunication, that is to enable user isolation under a specific wlan, users in this wlan cannot access each other after it is enabled AC(config)#wids AC(config-wids)#user-isolation wlan-id num enable (num is wlan-id, such as 1, 2) AC(config-wids)#exit 2. Configure permit mac, user in permit-mac list, will be unrestricted. AC(config)#wids AC(config-wids)#user-isolation permit-mac 0811.9692.244c Note:User Isolation feature is only for L2 user isolation Fat AP configuration 1. Isolation types: per-AP isolation, per AP-SSID isolation 1) Isolate user associated to the same AP Ruijie(config)#wids Ruijie (config-wids)#user-isolation ap enable 2) Isolate user associated to the same AP+SSID Ruijie (config)#wids Ruijie (config-wids)#user-isolation ssid-ap enable 2. Configure permit mac, user in permit-mac list, will be unrestricted. AP(config)#wids AP(config-wids)#user-isolation permit-mac 0811.9692.244c Note:User Isolation feature is only for L2 user isolation V. Verification 1. WIFI users are isolated from other local STA 2. User in permit-MAC list is allowed to communicate with others. |
|
User isolation in a traffic profile stops packets from users on a VAP from being sent to one another. That is, after user isolation is implemented, users on a VAP are unable to communicate with one another. This enhances the security of user communication while allowing the gateway to send user traffic centrally, simplifying user management. |
This site contains user submitted content, comments and opinions and is for informational purposes only. Ruijie may provide or recommend responses as a possible solution based on the information provided; every potential issue may involve several factors not detailed in the conversations captured in an electronic forum and Ruijie can therefore provide no guarantee as to the efficacy of any proposed solutions on the community forums. Ruijie disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Ruijie Community Terms of Use.
More ways to get help: Visit Support Videos, call us via Service Hotline, Facebook or Live Chat.
©2000-2023 Ruijie Networks Co,Ltd
Level 1
