< Home

Configuring User Isolation on a VAP

Context

In a traffic profile, user isolation prevents packets of users on a VAP from being forwarded to each other. That is, users on the same VAP cannot communicate with each other after user isolation is enabled. This improves user communication security and enables the gateway to centrally forward user traffic, facilitating user management.

  • In tunnel forwarding mode, user isolation in the traffic profile implements Layer 2 isolation for all users on a VAP.
  • In direct forwarding mode, when enabling user isolation in the traffic profile, it is recommended that port isolation be deployed on the access switch port connected to the AP.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run wlan

    The WLAN view is displayed.

  3. Run traffic-profile name profile-name

    A traffic profile is created, and the traffic profile view is displayed.

    By default, the system provides the traffic profile default.

  4. Run user-isolate l2

    The user isolation function is enabled.

    By default, user isolation is disabled in a traffic profile.

  5. Run quit

    Return to the WLAN view.

  6. Run vap-profile name profile-name

    The VAP profile view is displayed.

  7. Run traffic-profile profile-name

    The traffic profile is bound to the VAP profile.

    By default, the traffic profile default is bound to a VAP profile.

Verifying the Configuration

  • Run the display traffic-profile { all | name profile-name } command to check the user isolation configuration in a traffic profile.

Parent Topic: Configuring WLAN QoS
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >