What are the differences between port isolation and ACL on a WLAN device

39

For WLAN devices:

The port isolation function isolates interfaces in a VLAN, providing secure and flexible networking solutions.

To implement Layer 2 isolation between interfaces, you can add these interfaces to different VLANs. However, this approach wastes VLAN resources. Port isolation can isolate interfaces in the same VLAN, and a port isolation group can effectively implement Layer 2 isolation between these interfaces. Port isolation offers secure and flexible networking solutions.

An ACL is a packet filter that filters packets based on rules. A device with an ACL configured matches packets based on the rules to obtain the packets of a certain type, and then decides to forward or discard these packets according to the policies used by the service module to which the ACL is applied.

Uncontrolled mutual access between different network segments brings security risks. After an ACL is applied to a QoS traffic policy or simplified traffic policy, the access rights between the users on different network segments are restricted.

Other related questions:
Difference between port isolation and ACLs on S series switches
For S series switches (except S1700 switches): The port isolation function isolates interfaces in a VLAN, providing secure and flexible networking solutions. To implement Layer 2 isolation between interfaces, you can add each interface to a different VLAN. This method, however, wastes VLAN resources. Port isolation can isolate interfaces in the same VLAN, and a port isolation group can effectively implement Layer 2 isolation between these interfaces. It provides secure and flexible networking solutions. An ACL is a packet filter that filters packets based on rules. A switch with an ACL configured matches packets based on the rules to obtain the packets of a certain type, and then decides to forward or discard these packets according to the policies used by the service module to which the ACL is applied. For example, after an ACL is applied to a traffic policy or simplified traffic policy, access rights of the users on different network segments are restricted, preventing security risks caused by uncontrolled mutual access between different network segments.

Differences between an NNI optical port and an isolated node
Question: What is an NNI optical port and an isolated node? Can a non-transmission device be regarded as an isolated node? Answer: The NNI optical port is used for communication with external networks. For example, if a Huawei device is interconnected with a device of another company, or a service traverses multiple subnets but the T2000 can manage only a part of the subnets, the T2000 only identifies that a service is transmitted out from a certain slot of an NE. In this case, you need to create an NNI optical port as an identifier. A TM without protection or an isolated node without optical fiber connections can be created as an NNI optical port. An NNI optical port is a logical system that does not belong to any protection subnet and has no protection TM. An isolated node is configured on the NE side but cannot form or has not yet formed a protection subnet with other nodes.

What is the matching order of an ACL on a WLAN device
If ACL rules repeat or conflict, the matching order decides the packet matching result. WLAN devices support two ACL matching orders: the configuration order (config) and the automatic order (auto). Configuration order The system matches packets against ACL rules in ascending order of rule IDs. That is, the rule with the smallest ID is processed first. If a smaller rule ID is manually specified for a rule, the rule is inserted in one of the front lines of an ACL and processed earlier. If no ID is manually specified for a rule, the system allocates an ID to the rule. The rule ID is greater than the largest rule ID in the ACL and is the minimum multiple of the step; therefore, this rule is processed last. Automatic order The system arranges rules according to precision degree of the rules (depth priority), and matches packets against the rules in descending order of precision. A rule with the highest precision defines strictest conditions, and has the highest priority. The system matches packets against this rule first.

What are the relationship and difference between WLAN and Wi-Fi
Wi-Fi is a trademark of the Wireless Local Area Networks Alliance (WLANA). It is actually not a standard and only ensures that products using this trademark can interoperate with each other. As most Wi-Fi products use the IEEE 802.11b standard, Wi-Fi usually refers to 802.11b. Wi-Fi is a new technology that uses the WLAN protocol. Wi-Fi can provide wireless coverage in an area with a radius of up to 90 m (300 inches), while the WLAN can provide wireless coverage in an area with a radius 5 km (with antennas used). The biggest advantage of Wi-Fi is its high transmission speed (up to 11 Mbit/s). Wi-Fi is a short-distance wireless transmission technology applicable to offices and households.

Methods of configuring the ACL for a WLAN device
ACL is essentially a packet filter whose rules act as the filter core. The device matches packets based on these rules to filter specific packets, and allows the filtered packets to pass or prevent them from passing according to the processing policies of the service module on which the ACL is applied. Currently, the ACLs on WLAN devices are classified into basic ACL (2000-2999), advanced ACL (3000-3999), Layer 2 ACL (4000-4999), user ACL (6000-9999), basic ACL 6 (2000-2999), and advanced ACL 6 (3000-3999). Fat APs do not support basic ACL 6 and advanced ACL 6. For more information about the ACL of Huawei WLAN devices, see: V200R005: ACL Configuration in AC6605&AC6005&ACU2(AC&FITAP) Product Documentation . V200R006: ACL Configuration in AC6605&AC6005&ACU2(AC&FITAP)Product Documentation.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top