Login
- Table of Contents
-
- 07-Security Command Reference
- 00-Preface
- 01-AAA Commands
- 02-802.1X Commands
- 03-MAC Authentication Commands
- 04-Portal Commands
- 05-Port Security Commands
- 06-User Profile Commands
- 07-Password Control Commands
- 08-Public Key Commands
- 09-PKI Commands
- 10-SSH Commands
- 11-SSL Commands
- 12-SSL VPN Commands
- 13-TCP Attack Protection Commands
- 14-ARP Attack Protection Commands
- 15-IPsec Commands
- 16-ALG Commands
- 17-Firewall Commands
- 18-Session Management Commands
- 19-Web Filtering Commands
- 20-User Isolation Commands
- 21-Source IP Address Verification Commands
- 22-FIPS Commands
- 23-Protocol Packet Rate Limit Commands
- 24-Attack detection and protection commands
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 20-User Isolation Commands | 40.12 KB |
display user-isolation statistics
reset user-isolation statistics
user-isolation permit broadcast
user-isolation vlan permit-mac
User isolation commands
display user-isolation statistics
Use display user-isolation statistics to display user isolation statistics for the specified VLAN or all VLANs.
Syntax
display user-isolation statistics [ vlan vlan-id ] [ | { begin | exclude | include } regular-expression ]
Views
Any view
Default command level
1: Monitor level
Parameters
vlan-id: Specifies a VLAN ID in the range of 1 to 4094. If no VLAN ID is specified, this command displays user isolation statistics for all VLANs.
|: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide.
begin: Displays the first line that matches the specified regular expression and all lines that follow.
exclude: Displays all lines that do not match the specified regular expression.
include: Displays all lines that match the specified regular expression.
regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.
Examples
# Display user isolation statistics for all VLANs.
<Sysname> display user-isolation statistics
User-Isolation Table
------------------------------------------------------
VLAN Status Drops Permit-MAC
4 Enabled 0
6 Disabled 0 0023-89a2-3d4d
---- Number of enabled/disabled VLANs: 1/1 ----
Table 1 Command output
|
Field |
Description |
|
VLAN |
ID of the VLAN where user isolation is enabled. |
|
Status |
Status of user isolation, Enabled or Disabled. |
|
Drops |
Number of dropped packets in the VLAN. |
|
Permit-MAC |
Permitted MAC address list of the VLAN. |
reset user-isolation statistics
Use reset user-isolation statistics to clear user isolation statistics for the specified VLAN or all VLANs.
Syntax
reset user-isolation statistics [ vlan vlan-id ]
Views
User view
Default command level
1: Monitor level
Parameters
vlan vlan-id: Specifies a VLAN ID in the range of 1 to 4094. If no VLAN ID is specified, this command clears user isolation statistics for all VLANs.
Examples
# Clear user isolation statistics for VLAN 1.
<Sysname> reset user-isolation statistics vlan 1
user-isolation enable
Use user-isolation enable to enable SSID-based user isolation for the service template.
Use undo user-isolation enable to restore the default.
Syntax
user-isolation enable
undo user-isolation enable
Default
SSID-based user isolation is disabled.
Views
Service template view
Default command level
2: System level
Examples
# Enable SSID-based user isolation for service template 1.
<Sysname> system-view
[Sysname] wlan service-template 1 clear
[Sysname-wlan-st-1] user-isolation enable
user-isolation permit broadcast
Use user-isolation permit broadcast to permit broadcast and multicast packets sent by a wired user to access a wireless user in the same VLAN.
Use undo user-isolation permit broadcast to prevent broadcast and multicast packets sent by a wired user from accessing a wireless user in the same VLAN.
Syntax
user-isolation permit broadcast
undo user-isolation permit broadcast
Default
Broadcast and multicast packets sent by a wired user are permitted to access a wireless user in the same VLAN.
Views
System view
Default command level
2: System level
Examples
# Prevent broadcast and multicast packets sent by a wired user from accessing a wireless user in the same VLAN.
<Sysname> system-view
[Sysname] undo user-isolation permit broadcast
user-isolation permit unicast
Use user-isolation permit unicast to permit unicast packets among users in each user isolation-enabled VLAN.
Use undo user-isolation permit unicast to restore the default.
Syntax
user-isolation permit unicast
undo user-isolation permit unicast
Default
The AC determines whether to isolate unicast packets of users in a user isolation-enabled VLAN based on the permitted MAC address list.
Views
System view
Default command level
2: System level
Examples
# Permit unicast packets among users in each user isolation-enabled VLAN.
<Sysname> system-view
[Sysname] user-isolation permit unicast
user-isolation vlan enable
Use user-isolation vlan enable to enable user isolation for the specified VLANs.
Use undo user-isolation vlan enable to disable user isolation for the specified VLANs.
Syntax
user-isolation vlan vlan-list enable
undo user-isolation vlan vlan-list enable
Default
User isolation is disabled for a VLAN.
Views
System view
Default command level
2: System level
Parameters
vlan-list: Specifies a list of VLANs. This argument is in the format of vlan-list = { vlan-id [ to vlan-id ] }&<1-10>. The value range for the vlan-id argument is 1 to 4094. &<1-10> indicates that you can specify up to 10 VLAN IDs or VLAN ID ranges.
Examples
# Enable user isolation for VLAN 1.
<Sysname> system-view
[Sysname] user-isolation vlan 1 enable
user-isolation vlan permit-mac
Use user-isolation vlan permit-mac to add permitted MAC addresses for the specified VLANs.
Use undo user-isolation vlan permit-mac to delete the specified or all permitted MAC addresses for the specified VLANs.
Syntax
user-isolation vlan vlan-list permit-mac mac-list
undo user-isolation vlan vlan-list permit-mac { mac-list | all }
Default
No permitted MAC addresses are specified.
Views
System view
Default command level
2: System level
Parameters
vlan-list: Specifies a list of VLANs. This argument is in the format of vlan-list = { vlan-id [ to vlan-id ] }&<1-10>. The value range for the vlan-id argument is 1 to 4094. &<1-10> indicates that you can specify up to 10 VLAN IDs or VLAN ID ranges.
mac-list: Specifies a list of permitted MAC addresses, in the form of H-H-H. You can configure up to 16 permitted MAC addresses. Broadcast or multicast MAC addresses cannot be included.
all: Deletes all the permitted MAC addresses of the specified VLANs.
Examples
# Configure permitted MAC addresses 00bb-ccdd-eeff and 0022-3344-5566 for VLAN 1.
<Sysname> system-view
[Sysname] user-isolation vlan 1 permit-mac 00bb-ccdd-eeff 0022-3344-5566
