一、组网图
WX5002的IP地址为192.168.1.9。
WA2110属于VLAN1,无线客户端属于VLAN2,WX5002与交换机之间为Trunk,通过VLAN1、2。
交换机VLAN1、VLAN2的接口地址分别是192.168.1.254、192.168.2.254。
无线客户端的网关在交换机上,为192.168.2.254,在WX5002上启用二层隔离功能,隔离VLAN2,使得各个无线客户端之间无法相互访问,但都可访问网关192.168.2.254,网关MAC地址为00e0-fc78-c8ac。
SSID的名称为“H3C-user-isolaton”,WA2110序列号为210235A22W0079000212。
二、WX的配置命令
version 5.20, Release 1106P01 # sysname H3C # domain default enable system # user-isolation vlan 2 enable user-isolation vlan 2 permit-mac 00E0-FC78-C8AC # vlan 1 # vlan 2 # domain system access-limit disable state active idle-cut disable self-service-url disable # dhcp server ip-pool 1 network 192.168.1.0 mask 255.255.255.0 gateway-list 192.168.1.254 expired day 3 # dhcp server ip-pool 2 network 192.168.2.0 mask 255.255.255.0 gateway-list 192.168.2.254 expired day 3 # wlan rrm dot11a mandatory-rate 6 12 24 dot11a supported-rate 9 18 36 48 54 dot11b mandatory-rate 1 2 dot11b supported-rate 5.5 11 dot11g mandatory-rate 1 2 5.5 11 dot11g supported-rate 6 9 12 18 24 36 48 54 # wlan service-template 2 clear ssid H3C-user-isolation bind WLAN-ESS 2 authentication-method open-system service-template enable # interface NULL0 # interface Vlan-interface1 ip address 192.168.1.9 255.255.255.0 # interface Vlan-interface2 ip address 192.168.2.9 255.255.255.0 # interface GigabitEthernet1/0/1 port link-type trunk port trunk permit vlan all # interface GigabitEthernet1/0/2 port link-type trunk port trunk permit vlan all # interface M-Ethernet1/0/1 # interface WLAN-ESS2 port access vlan 2 # wlan ap ap1 model WA2100 serial-id 210235A22W0079000212 radio 1 service-template 2 radio enable # ip route-static 0.0.0.0 0.0.0.0 192.168.1.254 # dhcp enable # user-interface aux 0 user-interface vty 0 4 # return
四、验证结果
1、两台无线客户端都连接SSID“H3C-user-isolation”,分别获取地址192.168.2.1、192.168.2.2,都相互之间ping不通。
2、两台无线客户端都可ping通网关192.168.2.254
