What is the difference between Layer 2 isolation under the wireless service template and Layer 2 isolation under the global setting?
- 0 Followed
- 0Collected ,749Browsed
Problem Description
What is the difference between Layer 2 isolation under the wireless service template and Layer 2 isolation under the global setting?
Solution
1. # Enable user isolation based on SSID.
[Sysname] wlan service-template 1
[Sysname-wlan-st-1] user-isolation enable
Under the service template, isolation is less efficient and can consume CPU resources. Additionally, after configuration, it only allows for Layer 2 isolation between wireless clients within the same service, and even with ARP proxy configured, client-to-client communication is still not possible.
In a local forwarding scenario, isolation only occurs between wireless clients on the same AP.
2. # Enable user isolation on VLAN X.
[Sysname] user-isolation vlan X enable
[Sysname] user-isolation vlan X permit-mac 00bb-ccdd-eeff 0022-3344-5566
Enabling isolation within a VLAN can allow for Layer 2 isolation of wireless clients within the VLAN, controlled by the AC, allowing wireless clients to only access the gateway device but not communicate with each other. If there is a need for client-to-client communication, it can be accomplished by configuring local ARP proxy on the gateway device. It is recommended to use this method for configuring Layer 2 isolation.
[Sysname] interface vlan-interface X
[Sysname-Vlan-interfaceX] local-proxy-arp enable
In a local forwarding scenario, it is necessary to configure Layer 2 isolation within the VLAN in the map file. This can isolate communication between wired clients, between wired and wireless clients, and among wireless clients (regardless of whether they use the same SSID for WLAN access) within the VLAN..