我们有两个SSID,一个为A,一个为B,想要实现连接A ssid的客户端,无法访问192.168.0.4和192.168.0.10,连接B ssid的客户端不做任何限制
现在做了一个ACL,请问如何实现这个功能?文档里只看到在service template上应用ACL,但需要通过map-configuration方式将ACL规则配置文件下发到AP上,否则本功能不生效。可可将ACL配置文件下发到AP上的话,不会影响B吗?因为A和B使用的AP是完全一样的
(0)
可以的,基于服务模版配置acl
(0)
我是这么操作的,但好像没有生效啊 <H3C>system-view System View: return to User View with Ctrl+Z. [H3C]wlan service-template guest [H3C-wlan-st-guest]undo service-template enable [H3C-wlan-st-guest]packet-filter 3001 inbound [H3C-wlan-st-guest]service-template enable Please wait...Done. [H3C-wlan-st-guest]save The current configuration will be written to the device. Are you sure? [Y/N]:y Please input the file name(*.cfg)[flash:/startup.cfg] (To leave the existing filename unchanged, press the enter key): flash:/startup.cfg exists, overwrite? [Y/N]:y Validating file. Please wait... Configuration is saved to device successfully. [H3C-wlan-st-guest]
<H3C>system-view System View: return to User View with Ctrl+Z. [H3C]wlan service-template guest [H3C-wlan-st-guest]undo service-template enable [H3C-wlan-st-guest]packet-filter 3001 inbound [H3C-wlan-st-guest]service-template enable Please wait...Done. [H3C-wlan-st-guest]save f
两个SSID对应的用户VLAN是不是不一样,不一样的话可以ACL可以应用在VLAN上。
(0)
一样的
一样的
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作
举报
×
侵犯我的权益
×
侵犯了我企业的权益
×
抄袭了我的内容
×
原文链接或出处
诽谤我
×
对根叔社区有害的内容
×
不规范转载
×
举报说明
<H3C>system-view System View: return to User View with Ctrl+Z. [H3C]wlan service-template guest [H3C-wlan-st-guest]undo service-template enable [H3C-wlan-st-guest]packet-filter 3001 inbound [H3C-wlan-st-guest]service-template enable Please wait...Done. [H3C-wlan-st-guest]save f