The user-isolate command enables user isolation on an AP's wired interface.
The undo user-isolate command disables user isolation on an AP's wired interface.
By default, user isolation is disabled on an AP's wired interface.
Parameter |
Description |
Value |
|---|---|---|
all |
Enables Layer 2 and Layer 3 user isolation. |
- |
l2 |
Enables Layer 2 user isolation. |
- |
Usage Scenario
The user isolation function prevents users on the same wired interface from communicating with each other. All user traffic on the wired interface is forwarded by the gateway. Therefore, this function ensures communication security on wired interfaces and allows uniform charging for users.
Precautions
Eth-Trunk member interfaces do not support the user isolation function.
The AP's wired interface has been configured to work in endpoint or middle mode.
# Set the working mode of the AP's wired interface GE0 to endpoint and enable Layer 2 user isolation on GE0.
<HUAWEI> system-view [HUAWEI] wlan [HUAWEI-wlan-view] ap-group name ap-group1 [HUAWEI-wlan-ap-group-ap-group1] quit [HUAWEI-wlan-view] wired-port-profile name wired [HUAWEI-wlan-wired-port-wired] mode endpoint Warning: If the AP goes online through a wired port, the incorrect port mode configuration will cause the AP to go out of management . This fault can be recovered only by modifying the configuration on the AP. Continue? [Y/N]:y[HUAWEI-wlan-wired-port-wired] user-isolate l2 [HUAWEI-wlan-wired-port-wired] quit [HUAWEI-wlan-view] ap-group name ap-group1 [HUAWEI-wlan-ap-group-ap-group1] wired-port-profile wired gigabitethernet 0