Login
- Table of Contents
-
- 06-Internet Access Behavior Management
- 01-Denying Users Internet Access Configuration Examples (Web)
- 02-ER G3 Routers MAC Filter Configuration Examples
- 03-MSR Routers URL-Based Access Control Configuration Examples
- 04-MSR Routers Bandwidth Guarantee Configuration Examples (CLI)
- 05-MSR Routers Rate Limiting Configuration Examples (CLI)
- 06-MSR Routers Rate Limiting Configuration Examples (Web)
- 07-MSR Routers Application Control Configuration Examples
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 03-MSR Routers URL-Based Access Control Configuration Examples | 456.94 KB |
URL-Based Access Control Configuration Examples
|
Copyright © 2024 New H3C Technologies Co., Ltd. All rights reserved. No part of this manual may be reproduced or transmitted in any form or by any means without prior written consent of New H3C Technologies Co., Ltd. Except for the trademarks of New H3C Technologies Co., Ltd., any trademarks that may be mentioned in this document are the property of their respective owners. The information in this document is subject to change without notice. |
Introduction
This document provides an example of configuring HTTPS URL-based access control.
Prerequisites
This document is not restricted to specific software or hardware versions. Procedures and information in the examples might be slightly different depending on the software or hardware version of the device.
The configuration examples were created and verified in a lab environment, and all the devices were started with the factory default configuration. When you are working on a live network, make sure you understand the potential impact of every command on your network.
The following information is provided based on the assumption that you have basic knowledge of network behavior management.
Example: Configuring HTTPS URL-based access control
Network configuration
As shown in Figure 1, the router acts as the egress router on the enterprise network and uses a single WAN interface with a fixed public address to connect to the Internet. The following information describes the configuration requirements in detail:
· Exercise URL-based access control over internal users in the IP address range of 192.168.30.2 to 192.168.30.254.
· Forbid the internal users above from accessing Baidu services.
Software version used
This example is applicable to the MSR router series of the H3C Comware 7 platform. This document takes version R6749P14 of the H3C MSR3610-X1 router as an example. The specific operations might differ by product model and software version.
Procedures
Connecting interface WAN1 to the Internet
# Select the single-WAN scenario for the device, and set the connection mode of interface WAN1 to Fixed IP as follows:
1. From the navigation pane, select Network > WAN Settings.
2. On the Scene tab, select Single-WAN scenario, select WAN1(GE1) from the Line1 list, and then click Apply.
3. Click the WAN Settings tab.
4. Click the Edit icon in the Actions column for interface WAN1.
5. In the Connection mode field, select Fixed IP.
6. In the IP address field, enter 2.2.2.1.
7. In the Subnet mask field, enter 255.255.255.0.
8. In the Gateway field, enter 2.2.2.254.
9. Retain the default settings for the other parameters. Click Apply.
Figure 2 Configuring the WAN scenario
Figure 3 Editing WAN interface settings
Assigning an IP address to interface GE2
# On the router, assign IP address 192.168.30.1/24 to interface GE2 as follows:
1. From the left navigation pane, select Network > LAN Settings.
2. Click Add.
3. In the LAN interface type field, select the GE interface.
4. Select GE2 from the Please choose GE interface list.
5. In the Interface IP address field, enter 192.168.30.1.
6. In the Subnet mask field, enter 255.255.255.0.
7. Select Enable DHCP.
8. Retain the default settings for the other parameters. Click Apply.
Figure 4 Configuring interface GE2
Configuring user groups
# Configure 192.168.30.1/24 as a user group named neiwang as follows:
1. On the Web interface of the device, select Network Behaviors > User Group from the navigation pane.
2. Click Add.
3. In the User group name field, enter neiwang.
4. In the IP address range area, enter 192.168.30.2 in the Start field and 192.168.30.254 in the End field.
5. Click the àà icon to submit the user group configuration.
6. Click Apply.
Figure 5 Creating a user group
Configuring a time range group
1. On the Web interface of the device, select Network Behaviors > Time Range Groups from the navigation pane.
2. Click Add.
3. In Time range group name field, enter a name as needed.
4. Select Periodic time range from the Time ranges list, specify the time range as 8:00 AM-11:00 PM on Saturday and Sunday, and click the + button.
5. Click Apply.
Figure 6 Configuring a time range group
Enabling network behavior management
1. On the Web interface of the device, select Network Behaviors > Bandwidth Management from the navigation pane.
2. On the Global control tab, select Enable Network Behaviors.
3. Click Apply.
Figure 7 Configuring global control
Configuring self-defined URLs
1. On the Web interface of the device, select Network Behaviors > Self-Define URLs from the navigation pane.
2. On the Self-Define URLs tab, create a URL category.
3. In the input box below the Default URL type entry, enter baidu, and then click the + icon. Click the Edit icon for the baidu entry, and then add URLs.
4. In the URL keyword field, enter www.baidu.*, and then click the + icon.
5. Click Apply.
Figure 8 Setting a URL keyword
Configuring a network access behavior management policy
1. On the Web interface of the device, select Network Behaviors > Bandwidth Management from the navigation pane.
2. On the Network behavior management policy tab, click Add.
¡ In the Policy name field, enter test.
¡ In the User range area, select user group neiwang.
¡ In the Limit period area, select the time range group created above.
¡ In the URL control area, configure the following fields:
- Select URL type: Select self-define URL www.baidu.*.
- Protocol: Select HTTPS.
- URL control action: Select Block only the selected URL types.
¡ In the Application control area, unfold the Select network applications list, select the Search Engines application type, select BaiduSearch, and then click Apply. Block accessing the Baidu search engine.
3. Click Apply.
Figure 9 Creating a network access behavior management policy
Verifying the configuration
Verify that internal users cannot access the Baidu search engine.
