Login
- Table of Contents
-
- 06-Internet Access Behavior Management
- 01-Denying Users Internet Access Configuration Examples (Web)
- 02-ER G3 Routers MAC Filter Configuration Examples
- 03-MSR Routers URL-Based Access Control Configuration Examples
- 04-MSR Routers Bandwidth Guarantee Configuration Examples (CLI)
- 05-MSR Routers Rate Limiting Configuration Examples (CLI)
- 06-MSR Routers Rate Limiting Configuration Examples (Web)
- 07-MSR Routers Application Control Configuration Examples
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 01-Denying Users Internet Access Configuration Examples (Web) | 371.50 KB |
Denying Users Internet Access Configuration Examples
|
Copyright © 2024 New H3C Technologies Co., Ltd. All rights reserved. No part of this manual may be reproduced or transmitted in any form or by any means without prior written consent of New H3C Technologies Co., Ltd. Except for the trademarks of New H3C Technologies Co., Ltd., any trademarks that may be mentioned in this document are the property of their respective owners. The information in this document is subject to change without notice. |
Contents
Introduction
The following information provides a configuration example for denying users Internet access.
Prerequisites
This document is not restricted to specific software or hardware versions. Procedures and information in the examples might be slightly different depending on the software or hardware version of the device.
The configuration examples were created and verified in a lab environment, and all the devices were started with the factory default configuration. When you are working on a live network, make sure you understand the potential impact of every command on your network.
The following information is based on the assumption that you have basic knowledge of ACL and QoS.
Configuration example
Network configuration
As shown in Figure 1, the device acts as the egress router of an enterprise. The external interface is in single-WAN mode and accesses to the Internet by using a fixed IP address.
Configure the router to deny all users except the user with MAC address 1020-3040-5060 from accessing the Internet.
Software versions used
This configuration example was created and verified on H3C MSR3610-X1 R6749P14.
Procedure
Connecting interface WAN1 to the Internet
1. On the Web interface of the device, select Network > WAN Settings from the navigation pane.
2. On the Scene tab, select Single-WAN scenario, select WAN1(GE1) from the Line1 list, and click Apply.
3. Click the WAN Settings tab.
4. Click the Edit icon in the Actions column for interface WAN1.
5. Select Fixed IP from the Connection mode list.
6. In the IP address field, enter 2.2. 2.1.
7. In the Subnet mask field, enter 255.255.255.0.
8. In the Gateway field, enter 2.2.2.254.
9. Use the default settings for the other parameters, and click Apply.
Figure 2 Selecting a WAN scenario
Figure 3 Editing WAN settings
Assigning an IP address to the GE2 interface
1. On the Web interface of the device, select Network > LAN Settings from the navigation pane.
2. Click Add to add a LAN.
3. In the LAN interface type field, select GE interface.
4. In the Please select GE interface field, select GE2.
5. In the Interface IP address field, enter 192.168.30.1.
6. In the Subnet mask field, enter 255.255.255.0.
7. Select Enable DHCP.
8. Use the default settings for the other parameters. Click Apply.
Figure 4 Configuring the GE2 interface.
Configuring MAC address filtering
# To add a MAC address to the whitelist:
1. On the Web interface of the device, select Network Security > MAC Address Filter from the navigation pane.
2. Click the MAC Black and White List Management > White list tab.
3. Click Add to add a source MAC address.
4. In the MAC address field, enter 10-20-30-40-50-60.
5. Click Apply.
Figure 5 Adding a source MAC address
# To enable MAC address filtering on GE2:
1. On the Web interface of the device, select Network Security > MAC Address Filter from the navigation pane.
2. Select White list in the Filter Method column for GE2, and select Enable.
3. Click Apply to complete the configuration.
Figure 6 MAC address filter
Verifying the configuration
# Verify that the user with MAC address 1020-3040-5060 can access the Internet.
C:\Users\usera>ping –S 192.168.30.3 114.114.114.114
Reply from 114.114.114.114: bytes=32 time=73ms TTL=85
Reply from 114.114.114.114: bytes=32 time=91ms TTL=79
Reply from 114.114.114.114: bytes=32 time=82ms TTL=65
Reply from 114.114.114.114: bytes=32 time=103ms TTL=77
Ping statistics for 114.114.114.114:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip time in milli-seconds:
Minimum = 73ms, Maximum = 103ms, Average = 87ms
# Verify that none of the other users cannot access the Internet.
C:\Users\userb>ping –S 192.168.30.4 114.114.114.114
Request timed out.
Request timed out.
Request timed out.
Request timed out.
