< Home

user-isolate (traffic profile view)

Function

The user-isolate command enables user isolation.

The undo user-isolate command disables user isolation.

By default, user isolation is disabled in a traffic profile.

Format

user-isolate l2

undo user-isolate

Parameters

Parameter

Description

Value

l2

Indicates user isolation at Layer 2 and communication at Layer 3.

-

Views

Traffic profile view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

In a traffic profile, user isolation prevents packets of users on a VAP from being forwarded to each other. That is, users on the same VAP cannot communicate with each other after user isolation is enabled. This improves user communication security and enables the gateway to centrally forward user traffic, facilitating user management.

  • In tunnel forwarding mode, user isolation in the traffic profile implements Layer 2 isolation for all users on a VAP.
  • In direct forwarding mode, when enabling user isolation in the traffic profile, it is recommended that port isolation be deployed on the access switch port connected to the AP.

Example

# Configure Layer 2 isolation and Layer 3 communication in the traffic profile p1.

<HUAWEI> system-view
[HUAWEI] wlan
[HUAWEI-wlan-view] traffic-profile name p1
[HUAWEI-wlan-traffic-prof-p1] user-isolate l2
Warning: Enabling user isolation may interrupt services. Are you sure you want to continue? [Y/N]:y
Parent Topic: WLAN QoS Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >