Login
- Table of Contents
-
- 06-Internet Access Behavior Management
- 01-Denying Users Internet Access Configuration Examples (Web)
- 02-ER G3 Routers MAC Filter Configuration Examples
- 03-MSR Routers URL-Based Access Control Configuration Examples
- 04-MSR Routers Bandwidth Guarantee Configuration Examples (CLI)
- 05-MSR Routers Rate Limiting Configuration Examples (CLI)
- 06-MSR Routers Rate Limiting Configuration Examples (Web)
- 07-MSR Routers Application Control Configuration Examples
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 07-MSR Routers Application Control Configuration Examples | 356.17 KB |
|
MSR Routers |
|
Application Control Configuration Examples |
|
|
|
|
Copyright © 2024 New H3C Technologies Co., Ltd. All rights reserved.
No part of this manual may be reproduced or transmitted in any form or by any means without prior written consent of New H3C Technologies Co., Ltd.
Except for the trademarks of New H3C Technologies Co., Ltd., any trademarks that may be mentioned in this document are the property of their respective owners.
The information in this document is subject to change without notice.
Introduction
This document provides an example of configuring access control upon a shopping website.
Prerequisites
This document is not restricted to specific software or hardware versions. Procedures and information in the examples might be slightly different depending on the software or hardware version of the device.
The configuration examples were created and verified in a lab environment, and all the devices were started with the factory default configuration. When you are working on a live network, make sure you understand the potential impact of every command on your network.
The following information is provided based on the assumption that you have basic knowledge of network behavior management.
Example: Configuring application control
Network configuration
As shown in Figure 1, the device acts as the egress router of the enterprise network with the single-WAN scenario for the WAN interface, and connects to Internet in fixed IP connection mode. Configure the device to perform application control for users within an internal IP range during access to Taobao as follows:
· Perform application for users with IP addresses in the range of 192.168.30.2 to 192.168.30.254.
· Control user access to Taobao.
Software version used
This example is applicable to MSR series routers of the H3C Comware 7 platform. This document takes version R6749P14 of the H3C MSR3610-X1 product as an example. The operations might differ by product model and software version.
Procedures
Configuring interface WAN1 to connect Internet
# Select the single-WAN scenario for the WAN interface, and set the connection mode of the WAN interface connection mode to Fixed IP.
1. On the Web interface of the device, select Network > WAN Settings from the navigation pane.
2. On the Scene tab, select Single-WAN scenario, WAN1(GE1) for Line1, and click Apply.
3. Click the WAN Settings tab to access the WAN configuration page.
4. Click the Edit icon in the Actions column for WAN1 to enter the WAN configuration editing page.
5. Select Fixed IP as the connection mode.
6. In the IP address field, enter 2.2.2.1.
7. In the Mask subnet field, enter 255.255.255.0.
8. In the Gateway field, enter 2.2.2.254.
9. Use default settings for other parameters. Then, click Apply.
Figure 2 Configuring the WAN scene
Figure 3 Editing WAN settings
Configuring IP address for interface
# Assign IP address 192.168.30.1/24 to interface GE2 on the router.
1. On the Web interface of the device, select Network > LAN Settings from the navigation pane.
2. Click Add to access the LAN adding page.
3. In the LAN interface type field, select GE interface.
4. In the Please choose GE interface field, select GE2.
5. In the Interface IP address field, enter 192.168.30.1.
6. In the Subnet mask field, enter 255.255.255.0.
7. Select Enable DHCP to enable the DHCP service.
8. Use default settings for other parameters. Then, click Apply.
Figure 4 Configuring interface GE2
Configuring a user group
# Configure network segment 192.168.30.1/24 as user group neiwang.
1. On the Web interface of the device, select Network Behaviors > User Group from the navigation pane.
2. Click Add.
3. On the page that opens, enter neiwang in the User group name field.
4. In the IP address range field, enter 192.168.30.2 for Start and 192.168.30.254 for End.
5. Click àà to submit the user group settings.
6. Click Apply.
Figure 5 Configuring user group neiwang
Enabling network behaviors
1. On the Web interface of the device, select Network Behaviors > Bandwidth Management from the navigation pane.
2. On the Global Control tab, select Enable Network Behaviors.
3. Click Apply.
Figure 6 Global control
Configuring a network behavior management policy
1. On the Web interface of the device, select Network Behaviors > Bandwidth Management from the navigation pane.
2. On the Network behavior management policy tab, Click Add, and configure the following parameters:
¡ In the Policy name field, enter policy name test.
¡ In the User range area, select user group neiwang.
¡ In the Limit period area, select Always.
¡ In the URL control area, configure the following settings:
- Select a URL type. By default all websites are selected.
- Select a protocol. By default, HTTP is selected.
- Select a URL control action. This example selects Permit only the selected URL types.
¡ In the Application control area, click the Details icon to the right of Select network applications to select Life_Service. Then, click Details, select the Taobao option, and then click Apply. Then, configure the device to block the selected application.
3. Click Apply.
Figure 7 Creating a network behavior management policy
Verifying the configuration
Verify that the device can control access to Taobao from internal users.
