Please select To the mobile version | Continue to access the desktop computer version
 Forgot password?
 Register now


Wireless

View: 176|Reply: 1

How to configure user isolation on AC?

[Copy link]

36

Digests

681

Posts

863

Credits

administrator

Rank: 9Rank: 9Rank: 9

Credits
863
Post time 2021-8-23 14:15:06 | Show all posts |Read mode
How to configure user isolation on AC?
Reply

Use magic Report

36

Digests

681

Posts

863

Credits

administrator

Rank: 9Rank: 9Rank: 9

Credits
863
Post time 2021-8-23 14:15:21 | Show all posts

The  user isolation guide on AC is shown as below:

Overview

Enable the isolation function in the wireless device (the AP or the AC). When the device receives a certain user's report, it will judge if it's the same device according to the resource port and the destination port in the information it forwards. If the resource port and the destination port are on the same device, then discard the report; Otherwise, normally forward the report.  

The user can also add the permitted interflow user table entry through configuring isolation permit list. If the MAC address of two users on the same AP or AC is added into the user isolation permit list, then these two users can visit each other.

The process of enabling the user isolation function is showed in the picture below:

                                             

I. Requirements

To protect user data, network administrator usually isolate traffic between STA connected to the same AP/AC/SSID

II. Network Topology

III. Configuration Tips

1) Enable user isolation

2) Define isolation mode

3) Define permit-mac

IV. Configuration Steps

Fit AP configuration

     1. Isolation types: per-AC isolation, per-AP isolation, per AC-SSID isolation, per AP-SSID isolation:

1) Isolate user associated to the same AC

AC(config)#wids

AC(config-wids)#user-isolation ac enable

2) Isolate user associated to the same AP

AC(config)#wids

AC(config-wids)#user-isolation ap enable

3) isolate user associated to the same AC+SSID

AC(config)#wids

AC(config-wids)#user-isolation ssid-ac enable

4) isolate user associated to the same AP+SSID

AC(config)#wids

AC(config-wids)#user-isolation ssid-ap enable

2. Configure permit mac, user in permit-mac list, will be unrestricted.

AC(config)#wids

AC(config-wids)#user-isolation permit-mac  0811.9692.244c

      NoteUser Isolation feature is only for L2 user isolation

Fat AP configuration

      1. Isolation types: per-AP isolation, per AP-SSID isolation

            1) Isolate user associated to the same AP

Ruijie(config)#wids

Ruijie (config-wids)#user-isolation ap enable

            2) Isolate user associated to the same AP+SSID

Ruijie (config)#wids

Ruijie (config-wids)#user-isolation ssid-ap enable

2. Configure permit mac, user in permit-mac list, will be unrestricted.

AP(config)#wids

AP(config-wids)#user-isolation permit-mac  0811.9692.244c         

NoteUser Isolation feature is only for L2 user isolation

V. Verification

1. WIFI users are isolated from other local STA

2. User in permit-MAC list is allowed to communicate with others.


Reply Support Not support

Use magic Report

You have to log in before you can reply Login | Register now